function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
dotNetkowdotNetkow 

Decrypt AES256 value created in Salesforce using C#

Full code over at: Stack Overflow

 

Basically, I've encrypted a value in Salesforce using AES 256.  When I try to decrypt it via C#, I see a Padding error.  The exact same question was posted a few months ago, but no response (  Does anyone have any idea? I'm quite stumped.   thanks!

Best Answer chosen by Admin (Salesforce Developers) 
Doublehead SoftwareDoublehead Software

I had the same issue and was able to find a solution.  When you encrypt in Salsforce using the encryptWithManagedIV method the first 16 bytes of the returned blob is the IV value the remaining bytes are the phase content.  The following C# code will decrypt your example.  Using the code below decrypting string returned "info string to be decrypted".  Hopefully this resolves your issue.

 

using System.Security.Cryptography;
using System.IO;

 

private void Decrypt2()
{
string plaintext;

byte[] Key = Convert.FromBase64String("Ii7oSjjWuhp6J6/hj/wmivqx1h3N2HzJ2ByJOy1n89E=");
string encryptedbase64Password = "hRVlbM79aEQi8Tz7JJIL7CEhSxZAJvCh8Ni6ORP1C55+qbJzjDshBYBjyP12/zT2";
byte[] IV = new byte[16];
byte[] phase = Convert.FromBase64String(encryptedbase64Password);
Array.Copy(phase, 0, IV, 0, IV.Length);
byte[] cipherText = new byte[phase.Length - 16];;
Array.Copy(phase, 16, cipherText, 0, cipherText.Length);

using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;

// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);

// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{

// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}

}
}

All Answers

Doublehead SoftwareDoublehead Software

I had the same issue and was able to find a solution.  When you encrypt in Salsforce using the encryptWithManagedIV method the first 16 bytes of the returned blob is the IV value the remaining bytes are the phase content.  The following C# code will decrypt your example.  Using the code below decrypting string returned "info string to be decrypted".  Hopefully this resolves your issue.

 

using System.Security.Cryptography;
using System.IO;

 

private void Decrypt2()
{
string plaintext;

byte[] Key = Convert.FromBase64String("Ii7oSjjWuhp6J6/hj/wmivqx1h3N2HzJ2ByJOy1n89E=");
string encryptedbase64Password = "hRVlbM79aEQi8Tz7JJIL7CEhSxZAJvCh8Ni6ORP1C55+qbJzjDshBYBjyP12/zT2";
byte[] IV = new byte[16];
byte[] phase = Convert.FromBase64String(encryptedbase64Password);
Array.Copy(phase, 0, IV, 0, IV.Length);
byte[] cipherText = new byte[phase.Length - 16];;
Array.Copy(phase, 16, cipherText, 0, cipherText.Length);

using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;

// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);

// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{

// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}

}
}

This was selected as the best answer
dotNetkowdotNetkow

Awesome! this works.  Looks like using CryptoStream handles the Padding correctly.