C#: AES error: Padding is invalid and cannot be removed. Same key and everything, help?

Based on your edit: EDIT: It seems that the size of the encrypted data is 48 bytes (12 bytes more than the original). Why is that so? I thought that it only adds bytes if they are not a multiple of the block size (16 bytes, my data is 32 bytes).

Is data always larger, and with constant increase (I need to know that in order to properly read and decrypt) If the encrypted data is 48 bytes, thats 16 bytes larger than your original array. This makes sense because the algorithm with pad the data because the default is PKCS7 (even if the size matches the block size, because it pads to the next multiple of the block-size). If you wish to keep it exactly 32 bytes, just change the Padding to None aes.

Padding = PaddingMode.None.

Based on your edit: EDIT: It seems that the size of the encrypted data is 48 bytes (12 bytes more than the original). Why is that so? I thought that it only adds bytes if they are not a multiple of the block size (16 bytes, my data is 32 bytes).

Is data always larger, and with constant increase (I need to know that in order to properly read and decrypt). If the encrypted data is 48 bytes, thats 16 bytes larger than your original array. This makes sense because the algorithm with pad the data because the default is PKCS7 (even if the size matches the block size, because it pads to the next multiple of the block-size).

If you wish to keep it exactly 32 bytes, just change the Padding to None aes. Padding = PaddingMode.None.

Thanks a lot, this solved my problem. So it always pads just till the next multiple of block-size? Because 'KeithS' posted : If your message isn't an even multiple of 16 bytes... Does it have to be even?

Btw it is just aes. Padding = ... – Ben Feb 22 at 16:40 @Ben - It will pad to the next block size, so its always going to pad if its set. I updated the code, thanks.

Glad this helped. – SwDevMan81 Feb 22 at 16:51 Well it seems I forgot to run this method and it seemed as thought it is working, but in fact it is not, still the same problem. I also again debugged and the data is still expanded to 48 bytes.

– Ben Feb 22 at 17:03 @Ben - Seems ok to me, when I copy what you have and set the Padding to None it generates a 32 byte output. Make sure you set the padding before you create the encryptor. – SwDevMan81 Feb 22 at 17:51 Thanks, that's what I was missing.

Really thanks a lot. – Ben Feb 22 at 20:43.

You seem to be treating the length of the plaintext as the length of the ciphertext. That's not a safe assumption. Why are you copying between FileStream and MemoryStream, you can pass a FileStream directly to the encryptor/decryptor.In PKCS7, there is a minimum of one padding byte (to store the number of padding bytes).

So the output size will be Ceil16(input. Length + 1), or (input. Length & ~15) + 1.

Well, in his algorithm he's rolling his own byte array of exactly 32 bytes, which is an even multiple of the block size, so the ciphertext will in fact exactly match the input byte array. The problem is that to do so, he's done his own "padding", which is confusing the decryption step. – KeithS Feb 22 at 16:00 @Keith: And you're absolutely sure that the encryptor doesn't generate an extra header block or anything like that?

– Ben Voigt Feb 22 at 16:04 So if I would create a 31 bytes array I could pass with 32 bytes after decryption? – Ben Feb 22 at 16:33 other @Ben: I predict that yes you can. – Ben Voigt Feb 22 at 19:05.

The short of it is that AES encrypts messages in blocks of 16 bytes. If your message isn't an even multiple of 16 bytes, the algorithm needs to be a little different for the last block; specifically, the last block must be "padded" with a value known to the algorithm as a padding value (usually zero, sometimes something else like a space character value). You're doing that yourself, by putting the data into a fixed-length byte array.

You padded the data yourself, but the decrypter is now attempting to de-pad the last block and getting byte values it doesn't recognize as the padding that its encrypter counterpart would have added. The key is not to pad the message. You can use the BitConverter class to cast byte arrays to and from IConvertible types (value types and strings), and then use that instead of rolling your own byte array.

Then, when you decrypt, you can read from the decryption stream up to the ciphertext length, but don't expect there to be that many actual bytes in the decrypted result.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.