Invalid length for a Base-64 char array while decryption issue

5.2k views Asked by At

I'm having a very strange issue and have no idea what can be causing it.

A customer this morning emailed me about some customers getting an error when trying to view the his website, he also got the error but then when he tried again it worked.

Looking at the logs, the error is with Chrome 65 and 67, I use 67 and do not get the error.

The querystring which is encrypted is below, this never worked for a customer but worked for me:

AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAA0PyFDdX%2brkGTpXZG7C49nAQAAAACAAAAAAAQZgAAAAEAACAAAACI39m3OhUEFw3GBxXP%2bsVpw6zLJOqRkcJx1%2bFPcozLZgAAAAAOgAAAAAIAACAAAAAJpDYiaxnPjDprOQEA9u02%2bU0%2fDQDCIF7sXsjxaU3onYAAAACWWCv%2bKNSRbQjLTNeJjgE37yHviV1UmfJyoUn%2fcUg%2f0MTr23%2b16qZs9F%2fDNm4wU%2bJITVn3xXuarzcNB6ClJ2ZpwtEsMdUNBRUW0B7XA9%2bQjC69V1O2XqTp%2fgXQazHOITEBpgokD1tSbnv4pRMUfkVlogYoo0H9Lnf24FEDEnSp30AAAACwtnrmVACY71%2bcAAMANRoCuihUumid0i8P75KV0ZlUIRBXyOzASHwq9I7icvXWDbI2nNOa0mQDOgNdvZEti%2bYz

Below is my code, I'm hoping the issue is with this, but as some customers are having the issue and some not, I'm not holding my breath.

var encrtptUserId = EncryptionDecryption.WindowsEncrypted(encryptQueryParameters);

string urlToValidateUser = $"{baseUrl}?id={HttpUtility.UrlEncode(encrtptUserId)}";

public static string WindowsEncrypted(string text)
{
    return Convert.ToBase64String(ProtectedData.Protect(Encoding.Unicode.GetBytes(text), null, DataProtectionScope.LocalMachine));
}

public static string WindowsDecrypted(string text)
{
    return Encoding.Unicode.GetString(ProtectedData.Unprotect(Convert.FromBase64String(text), null, DataProtectionScope.LocalMachine));            
}

Its the decryption that is causing the issue, but not all the time

Any help would be appreciated.

1

There are 1 answers

0
Jon Skeet On BEST ANSWER

The query string includes encoded values, e.g. "%2b". That's at least inconvenient.

You could decode those values to end up with the original base64 value that you could then convert back to a byte array. but it would be better to use a web-safe base64 encoding to start with.

Convert.ToBase64String doesn't provide a URL-safe approach, but you can easily just use Replace on the result:

public static string WindowsEncrypted(string text)
{
    byte[] plainBinary= Encoding.Unicode.GetBytes(text);
    byte[] encrypted = ProtectedData.Protect(plainBinary, null, DataProtectionScope.LocalMachine);
    string base64 = Convert.ToBase64String(encrypted);
    // Return a url-safe string
    return base64.Replace("+", "-").Replace("/", "_").Replace("=", ".");
}

public static string WindowsDecrypted(string text)
{
    string base64 = text.Replace("-", "+").Replace("_", "/").Replace(".", "=");
    byte[] encrypted = Convert.FromBase64String(base64);
    byte[] plainBinary = ProtectedData.Unprotect(encrypted, null, DataProtectionScope.LocalMachine);
    return Encoding.Unicode.GetString(plainBinary);
}