0

So we use the MySQL built in command to encrypt passwords called AES_ENCRYPT. Optionally there you can use an init vector. However, it is optional, so we didn't use one. When we decrypt in SQL, works just fine. However, if we would like to decrypt that byte array in C#, we cannot because the C# decryptor requires an IV. I tried null, but it just blows up.

In MySQL I can do this: "SELECT CAST(AES_DECRYPT((SELECT Password FROM table WHERE RecordID = 1 }), 'KEY') AS CHAR(100));")

The data is stored in a blob data type. If I grab that data out in C# with an ORM or whatever, I need to decrypt that byte array. However, can't decrypt with the correct key because we never used a initialization vector.

C#

using (Aes aesFactory = Aes.Create())
{
    aesFactory.Key = key;

    // Create a decryptor to perform the stream transform.
    ICryptoTransform decryptor = aesFactory.CreateDecryptor(aesFactory.Key, aesFactory.IV);

    // Create the streams used for decryption.
    using (MemoryStream stream = new MemoryStream())
    {
        using (CryptoStream decryptStream = new CryptoStream(stream, decryptor, CryptoStreamMode.Write))
        {
            decryptStream.Write(encryptedText, 0, encryptedText.Length);
            decryptedText = Encoding.ASCII.GetString(stream.ToArray());
        }
    }
}

return decryptedText;

The C# code might not be 100% accurate, I tried many different variations with streams, but the real problem is really with the CreateDecryptor function and the IV.

Lenard Bartha
  • 106
  • 6
  • At a guess - all zeroes? – DiplomacyNotWar Feb 12 '20 at 01:09
  • Wouldn't it be better to use https://www.nuget.org/packages/CryptSharpOfficial/ (CryptSharp) – Momoro Feb 12 '20 at 01:09
  • @Momoro why wlould it be better? – DiplomacyNotWar Feb 12 '20 at 01:09
  • @John - A whole lot easier to encode / decode text than going to all the trouble with streams and such :) – Momoro Feb 12 '20 at 01:10
  • Fair enough! I'll take a look next time I need to do crypto :-) – DiplomacyNotWar Feb 12 '20 at 01:11
  • OP, is [this question](https://stackoverflow.com/questions/7712372/aes-encryption-in-mysql-decryption-in-c-net) essentially the same as yours? – DiplomacyNotWar Feb 12 '20 at 01:12
  • 1
    @John , looks like it **is**. – Momoro Feb 12 '20 at 01:18
  • @John seems like it is a duplicate, however that answer doesn't have a solution either. All zeroes did not help, nor did changing the Mode to ECB, which is what the MySQL uses. I was missing that, but still didnt do anything. I tried playing with the padding but that didn't help either. – Lenard Bartha Feb 12 '20 at 17:51
  • Found the problem. It had to with the key size. MySQL AES uses a 128 bit key, mine was 192 bits. So their argorithm XORs larger keys until it gets a new 128 bit key and uses that to encrypt, decrypt. More info here: https://forums.mysql.com/read.php?38,193084,195959#msg-195959 – Lenard Bartha Feb 12 '20 at 19:53
  • I've reopened your question. Please add your solution as an answer (you can answer your own question) :-) – DiplomacyNotWar Feb 13 '20 at 00:45

0 Answers0