ASP.NET AES 填充无效,无法删除

ASP.NET AES Padding is invalid and cannot be removed

这是一个常见问题,但建议的解决方案 here and here 对我不起作用,而且它们不涉及数据库。

我希望代码示例 'Failing code (WITH database)' 能够正常工作。

这是我的 encrypt/decrypt 代码(从这里复制:https://msdn.microsoft.com/en-us/library/system.security.cryptography.aes.aspx?cs-save-lang=1&cs-lang=vb&f=255&MSPPError=-2147217396#code-snippet-2):

Shared Function EncryptStringToBytes_Aes(ByVal plainText As String, ByVal Key() As Byte, ByVal IV() As Byte) As Byte()
    ' Check arguments.
    If plainText Is Nothing OrElse plainText.Length <= 0 Then
        Throw New ArgumentNullException("plainText")
    End If
    If Key Is Nothing OrElse Key.Length <= 0 Then
        Throw New ArgumentNullException("Key")
    End If
    If IV Is Nothing OrElse IV.Length <= 0 Then
        Throw New ArgumentNullException("Key")
    End If
    Dim encrypted() As Byte
    ' Create an Aes object
    ' with the specified key and IV.
    Using aesAlg As Aes = Aes.Create()

        aesAlg.Key = Key
        aesAlg.IV = IV

        ' Create a decrytor to perform the stream transform.
        Dim encryptor As ICryptoTransform = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV)
        ' Create the streams used for encryption.
        Using msEncrypt As New MemoryStream()
            Using csEncrypt As New CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)
                Using swEncrypt As New StreamWriter(csEncrypt)

                    'Write all data to the stream.
                    swEncrypt.Write(plainText)
                End Using
                encrypted = msEncrypt.ToArray()
            End Using
        End Using
    End Using

    ' Return the encrypted bytes from the memory stream.
    Return encrypted

End Function 'EncryptStringToBytes_Aes


Shared Function DecryptStringFromBytes_Aes(ByVal cipherText() As Byte, ByVal Key() As Byte, ByVal IV() As Byte) As String
    ' Check arguments.
    If cipherText Is Nothing OrElse cipherText.Length <= 0 Then
        Throw New ArgumentNullException("cipherText")
    End If
    If Key Is Nothing OrElse Key.Length <= 0 Then
        Throw New ArgumentNullException("Key")
    End If
    If IV Is Nothing OrElse IV.Length <= 0 Then
        Throw New ArgumentNullException("Key")
    End If
    ' Declare the string used to hold
    ' the decrypted text.
    Dim plaintext As String = Nothing

    ' Create an Aes object
    ' with the specified key and IV.
    Using aesAlg As Aes = Aes.Create()
        aesAlg.Key = Key
        aesAlg.IV = IV

        ' Create a decrytor to perform the stream transform.
        Dim decryptor As ICryptoTransform = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV)

        ' Create the streams used for decryption.
        Using msDecrypt As New MemoryStream(cipherText)

            Using csDecrypt As New CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)

                Using srDecrypt As New StreamReader(csDecrypt)
                    ' Read the decrypted bytes from the decrypting stream
                    ' and place them in a string.
                    plaintext = srDecrypt.ReadToEnd()
                End Using   <= PADDING ERROR THROWN HERE
            End Using

            'cipherText = msDecrypt.ToArray() 'added by me

        End Using
    End Using

    Return plaintext

End Function 'DecryptStringFromBytes_Aes 

工作样本(没有数据库)

    Dim original As String = "Here is some data to encrypt!"

    Dim key As Rfc2898DeriveBytes = New Rfc2898DeriveBytes(_sharedSecret, _salt)

    Try

        ' Create a new instance of the Aes
        ' class.  This generates a new key and initialization 
        ' vector (IV).
        Using myAes As Aes = Aes.Create()

            myAes.Key = key.GetBytes(myAes.KeySize / 8)
            myAes.IV = key.GetBytes(myAes.BlockSize / 8)

            ' Encrypt the string to an array of bytes.
            Dim encrypted As Byte() = EncryptStringToBytes_Aes(original, myAes.Key, myAes.IV)

            ' Decrypt the bytes to a string.
            Dim roundtrip As String = DecryptStringFromBytes_Aes(encrypted, myAes.Key, myAes.IV)

            'Display the original data and the decrypted data.
            ltStatus.Text = String.Format("Original:   {0}", original)
            ltStatus.Text += String.Format("Round Trip: {0}", roundtrip)
        End Using
    Catch ex As Exception
        Console.WriteLine("Error: {0}", ex.Message)
    End Try



    

失败代码(带数据库)

    Dim _salt As Byte() = Encoding.ASCII.GetBytes("o6806642kbM7c5")
    Dim _sharedSecret As String = "abcd"
    Dim original As String = "Here is some data to encrypt!"
    Dim key As Rfc2898DeriveBytes = New Rfc2898DeriveBytes(_sharedSecret, _salt)
    Dim encrypted As Byte()
    Try
        Using myAes As Aes = Aes.Create()
            myAes.Key = key.GetBytes(myAes.KeySize / 8)
            myAes.IV = key.GetBytes(myAes.BlockSize / 8)
            myAes.Padding = PaddingMode.PKCS7
            encrypted = EncryptStringToBytes_Aes(original, myAes.Key, myAes.IV)
        End Using
    Catch ex As Exception
        Console.WriteLine("Error: {0}", ex.Message)
    End Try
    'save to DB
    Dim myConnection As SqlConnection = GetConnection()
    Dim cmd As New SqlCommand("UPDATE banks set bank_name=@bankname WHERE id=1", myConnection)
    cmd.Parameters.Add(New SqlParameter("@bankname", encrypted))
    Try
        myConnection.Open()
        cmd.ExecuteScalar()
    Catch ex As Exception
        GlobalFunctions.LogError("banks:INSERT encrypted", ex.Message, LogLevel.Normal)
    Finally
        myConnection.Close()
    End Try

    'retreive from db
    Dim decrypted As String = ""
    myConnection = GetConnection()
    cmd = New SqlCommand("SELECT bank_name FROM banks where id=1", myConnection)
    Dim reader As SqlDataReader
    Try
        myConnection.Open()
        reader = cmd.ExecuteReader
        If reader.Read Then
            Using myAes As Aes = Aes.Create()
                myAes.Key = key.GetBytes(myAes.KeySize / 8)
                myAes.IV = key.GetBytes(myAes.BlockSize / 8)
                myAes.Padding = PaddingMode.PKCS7
                decrypted = DecryptStringFromBytes_Aes(reader("bank_name"), myAes.Key, myAes.IV)
            End Using
        Else
            GlobalFunctions.LogError("banks:nothing to be read?!?", LogLevel.Normal)
        End If

    Catch ex As Exception
        GlobalFunctions.LogError("banks:SELECT encrypted.", ex.Message, LogLevel.Normal)
    Finally
        myConnection.Close()
    End Try



    

但是这里出了点问题:

一个二进制值已成功添加到我的 MSSQL 数据库中类型 varbinary(MAX) 的字段 bank_name 中。 (我也尝试了较小的字段,例如 varbinary(50)

但是当我在从数据库中检索后尝试解密这个字段时,我得到了错误 Padding is invalid and cannot be removed. 请参阅上面代码中带有注释 '<= PADDING ERROR THROWN HERE' 的代码行 'Failing code (WITH database)' .

我检查了here and here。而且我没有传递空字符串 我也尝试添加 cipherText = msDecrypt.ToArray(),但在命中此行之前错误已经发生。

更新 2

我转储的值是:

ReportError 将值存储在数据库的文本字段中,报告的值为:

myAes.Key 在
00000000 95 0C 95 EA 1D 40 0C FB 1D 3F B7 FB 73 FB 3F EA 00000010 40 62 51 62 51 EA 62 73 B7 2E 1D C8 1D 51 51 95 ����������������

myAes.IV 在
00000000 51 A6 84 73 95 C8 2E 62 84 C8 0C 62 C8 2E 1D 84 ����������������

加密在
00000000 FB FB B7 73 D9 51 A6 2E 95 73 62 73 3F 84 A6 40 ���������������� 00000010 B7 62 84 2E 51 95 EA 1D 51 A6 EA 2E 51 A6 51 95 ����������������

myAes.Key出
00000000 51 1D 73 40 EA A6 73 EA FB 73 73 A6 0C A6 D9 1D 00000010 2E 3F FB 2E 73 A6 A6 0C A6 C8 95 0C D9 1D B7 73 ����������������

myAes.IV出
00000000 B7 95 51 73 B7 D9 95 EA 0C C8 95 95 0C 84 40 62 ����������������

加密出来
00000000 FB FB B7 73 D9 51 A6 2E 95 73 62 73 3F 84 A6 40 ���������������� 00000010 B7 62 84 2E 51 95 EA 1D 51 A6 EA 2E 51 A6 51 95 ����������������

银行:SELECT 已加密。填充无效,无法删除。

这是我现在使用的完整代码:

Imports System.Security.Cryptography
Imports System.Data.SqlClient
Imports System.Text

Namespace HexDump
    Class Utils
        Public Shared Function HexDump(bytes As Byte(), Optional bytesPerLine As Integer = 16) As String
            If bytes Is Nothing Then
                Return "<null>"
            End If
            Dim bytesLength As Integer = bytes.Length

            Dim HexChars As Char() = "0123456789ABCDEF".ToCharArray()

            ' 8 characters for the address
            Dim firstHexColumn As Integer = 8 + 3
            ' 3 spaces
            ' - 2 digit for the hexadecimal value and 1 space
            ' - 1 extra space every 8 characters from the 9th
            Dim firstCharColumn As Integer = firstHexColumn + bytesPerLine * 3 + (bytesPerLine - 1) / 8 + 2
            ' 2 spaces 
            ' - characters to show the ascii value
            Dim lineLength As Integer = firstCharColumn + bytesPerLine + Environment.NewLine.Length
            ' Carriage return and line feed (should normally be 2)
            Dim line As Char() = (New [String](" "c, lineLength - Environment.NewLine.Length) + Environment.NewLine).ToCharArray()
            Dim expectedLines As Integer = (bytesLength + bytesPerLine - 1) / bytesPerLine
            Dim result As New StringBuilder(expectedLines * lineLength)

            Dim i As Integer = 0
            While i < bytesLength
                line(0) = HexChars((i >> 28) And &HF)
                line(1) = HexChars((i >> 24) And &HF)
                line(2) = HexChars((i >> 20) And &HF)
                line(3) = HexChars((i >> 16) And &HF)
                line(4) = HexChars((i >> 12) And &HF)
                line(5) = HexChars((i >> 8) And &HF)
                line(6) = HexChars((i >> 4) And &HF)
                line(7) = HexChars((i >> 0) And &HF)

                Dim hexColumn As Integer = firstHexColumn
                Dim charColumn As Integer = firstCharColumn

                For j As Integer = 0 To bytesPerLine - 1
                    If j > 0 AndAlso (j And 7) = 0 Then
                        hexColumn += 1
                    End If
                    If i + j >= bytesLength Then
                        line(hexColumn) = " "c
                        line(hexColumn + 1) = " "c
                        line(charColumn) = " "c
                    Else
                        'Dim b As Byte = bytes(i + j)
                        'line(hexColumn) = HexChars((b >> 4) And &HF)
                        'line(hexColumn + 1) = HexChars(b And &HF)
                        'line(charColumn) = (If(b < 32, "·"c, CChar(b)))
                        Dim b As Byte = bytes((i + j))
                        line(hexColumn) = HexChars(((b + 4) _
             And 15))
                        line((hexColumn + 1)) = HexChars((b And 15))
                        line(charColumn) = Microsoft.VisualBasic.ChrW(65533)

                    End If
                    hexColumn += 3
                    charColumn += 1
                Next
                result.Append(line)
                i += bytesPerLine
            End While
            Return result.ToString()
        End Function
    End Class
End Namespace




Public Class banks_financial
    Inherits System.Web.UI.Page

    Private _lang As String
    Private _registryId As Integer

    Private _salt As Byte() = Encoding.ASCII.GetBytes("o6806642kbM7c5")
    Private _sharedSecret As String = "abcd"

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
        Dim original As String = "Here is some data to encrypt!"
        Dim key As Rfc2898DeriveBytes = New Rfc2898DeriveBytes(_sharedSecret, _salt)
        Dim encrypted As Byte()
        Try
            Using myAes As Aes = Aes.Create()
                myAes.Key = key.GetBytes(myAes.KeySize / 8)
                myAes.IV = key.GetBytes(myAes.BlockSize / 8)
                myAes.Padding = PaddingMode.PKCS7
                encrypted = EncryptStringToBytes_Aes(original, myAes.Key, myAes.IV)

                ReportError("myAes.Key in", HexDump.Utils.HexDump(myAes.Key))
                ReportError("myAes.IV in", HexDump.Utils.HexDump(myAes.IV))
                ReportError("encrypted in", HexDump.Utils.HexDump(encrypted))

            End Using
        Catch ex As Exception
            Console.WriteLine("Error: {0}", ex.Message)
        End Try
        'save to DB
        Dim myConnection As SqlConnection = GetConnection()
        Dim cmd As New SqlCommand("UPDATE banks set bank_name=@bankname WHERE id=1", myConnection)
        cmd.Parameters.Add(New SqlParameter("@bankname", encrypted))
        Try
            myConnection.Open()
            cmd.ExecuteScalar()
        Catch ex As Exception
            GlobalFunctions.ReportError("banks:INSERT encrypted", ex.Message, LogLevel.Normal)
        Finally
            myConnection.Close()
        End Try

        'retreive from db
        Dim decrypted As String = ""
        myConnection = GetConnection()
        cmd = New SqlCommand("SELECT bank_name FROM banks where id=1", myConnection)
        Dim reader As SqlDataReader
        Try
            myConnection.Open()
            reader = cmd.ExecuteReader
            If reader.Read Then
                Using myAes As Aes = Aes.Create()
                    myAes.Key = key.GetBytes(myAes.KeySize / 8)
                    myAes.IV = key.GetBytes(myAes.BlockSize / 8)
                    myAes.Padding = PaddingMode.PKCS7

                    ReportError("myAes.Key out", HexDump.Utils.HexDump(myAes.Key))
                    ReportError("myAes.IV out", HexDump.Utils.HexDump(myAes.IV))
                    ReportError("encrypted out", HexDump.Utils.HexDump(reader("bank_name")))
                    decrypted = DecryptStringFromBytes_Aes(reader("bank_name"), myAes.Key, myAes.IV)
                    ReportError("decrypted", decrypted)
                End Using
            Else
                GlobalFunctions.ReportError("banks:nothing to be read?!?", LogLevel.Normal)
            End If

        Catch ex As Exception
            GlobalFunctions.ReportError("banks:SELECT encrypted.", ex.Message, LogLevel.Normal)
        Finally
            myConnection.Close()
        End Try

        ltStatus.Text = GetMessageStatus(decrypted, MsgType.ok)

   



End Class

一般来说,填充错误实际上意味着密钥、加密数据或选项不正确,而不是填充本身。

确保密钥的长度完全正确,否则执行将使用未指定的字节。使密钥完全正确的密钥大小:128、192 或 256 位(16、24 或 32 字节)。

确保密钥、数据和 IV 没有错误的编码,加密基于 8 位字节,没有编码。一些库会接受并生成其他编码,例如 Base64 和十六进制,请仔细查看文档。

十六进制转储密钥、IV、加密数据和解密数据并将这些样本添加到问题中。

加密函数调用实际上很简单,如果您提供正确(且完整)的输入,输出将是正确的。如果结果仔细检查输入。

更新:
加密和解密的IV和key不同,必须相同

确保 IV 相同的一种方法是在加密时将其附加到加密数据,在解密时从加密数据中恢复它,并在解密加密数据时跳过它。

解密前必须以某种方式在加密和解密代码之间预先共享密钥。

眼前的问题是您的测试代码误用了 Rfc2898DeriveBytes/PBKDF。它与数据库无关。每次您在给定实例上调用 GetBytes() 时,它都会 returns 一组不同的字节(设计使然!)。像这样的一些代码很明显:

    Dim salt = CryptoTools.GetRandomBytes(16)
    Dim PBKDF = New Rfc2898DeriveBytes("secret", salt, 10000)

    Dim a = PBKDF.GetBytes(32)
    Dim b = PBKDF.GetBytes(32)
    Dim c = PBKDF.GetBytes(32)

    If a.SequenceEqual(b) = False Then
        Console.WriteLine("A != B")
    End If
    ...

智能感知非常清楚:

数组完全不同。来自 MSDN for GetBytes 的备注部分:

The Rfc2898DeriveBytes class takes a password, a salt, and an iteration count, and then generates keys through calls to the GetBytes method. Repeated calls to this method will not generate the same key; ...

重点是我的,但旨在指出它是一个密钥生成器,而不仅仅是一个散列器。所以,在你的 "Fails with Database" 代码中你有这个块:

Dim key As Rfc2898DeriveBytes = New Rfc2898DeriveBytes(_sharedSecret, _salt)
...
Using myAes As Aes = Aes.Create()
    ...
    myAes.Key = key.GetBytes(myAes.KeySize / 8)
    myAes.IV = key.GetBytes(myAes.BlockSize / 8)
    ...
End Using

生成的Key和IV不会相同。这很好,但可能不是您想要的。稍后使用相同的块来解密从数据库中读回的内容。用于解密的Key和IV也会互不相同,但更重要的是它们不会与用于加密的Key和IV相同!

这是一个致命缺陷,会导致错误。看起来像是一个误导性的错误信息,但是很简单reproduce/fix。你需要一个新的 PBKDF 来 'start over' 在解密部分,或者 Reset 现有的:

' after this line...
Dim decrypted As String = ""
' ...add this:
key As Rfc2898DeriveBytes = New Rfc2898DeriveBytes(_sharedSecret, _salt)
' or
'key.Reset()

更有可能的是真实代码不会以相同的方法进行往返,而是会创建一个新的Rfc2898DeriveBytes

最后,请注意 IV 和 Salt 应该 是唯一且随机的以进行有效加密。除了安全的幻觉之外,使用相同的密码、密钥、salt 和 IV 对每一行进行加密确实没有多大意义。有人只需要破解一行的密码就可以得到所有行的数据。

因为Rfc2898DeriveBytes是确定性的,它可以在生成IV和Salt(用于要加密的数据)中发挥作用,而不必保存它们或使用静态的。