search

leocavalcante / encrypt

🔒 A set of high-level APIs over PointyCastle for two-way cryptography.
BSD 3-Clause "New" or "Revised" License
348 stars 141 forks source link

Invalid argument(s): Input buffer too short AND Invalid or corrupted pad block #258

Open kcibdev opened 2 years ago

kcibdev commented 2 years ago

I am trying to encrypt and decrypt chat messages for my app using this code

String decrypt(String encrypted, {String key, String iv}) {
  final key = Key.fromUtf8(key); //hardcode combination of 16 character
  final iv = IV.fromUtf8(iv); //hardcode combination of 16 character

  final encrypter = Encrypter(AES(key, mode: AESMode.cbc));
  Encrypted enBase64 = Encrypted.from64(encrypted);
  final decrypted = encrypter.decrypt(enBase64, iv: iv);
  return decrypted;
}

String encrypt(String value, {String key, String iv}) {
  final key = Key.fromUtf8(key); //hardcode
  final iv = IV.fromUtf8(iv); //hardcode

  final encrypter = Encrypter(AES(key, mode: AESMode.cbc));
  final encrypted = encrypter.encrypt(value, iv: iv);

  return encrypted.base64;
}

I generated a unique 16 characters for key and iv for each chat room u know for security purpose Eg

decrypt("plain text" {key: "1204581692165412",  iv: "e16ca718048594ce"});
encrypt("plain text" {key: "1204581692165412",  iv: "e16ca718048594ce"});

But i keep getting the error Invalid argument(s): Invalid or corrupted pad block So i added padding to be null final encrypter = Encrypter(AES(key, mode: AESMode.cbc, padding: null)); I still get another error Unhandled Exception: Invalid argument(s): Input buffer too short

And if i use a particular non-generated dummy key

String decrypt(String encrypted) {
  final key =
      Key.fromUtf8("1245714587458888"); //hardcode combination of 16 character
  final iv =
      IV.fromUtf8("e16ce888a20dadb8"); //hardcode combination of 16 character

  final encrypter = Encrypter(AES(key, mode: AESMode.cbc));
  Encrypted enBase64 = Encrypted.from64(encrypted);
  final decrypted = encrypter.decrypt(enBase64, iv: iv);
  return decrypted;
}

String encrypt(String value) {
  final key = Key.fromUtf8("1245714587458888"); //hardcode
  final iv = IV.fromUtf8("e16ce888a20dadb8"); //hardcode

  final encrypter = Encrypter(AES(key, mode: AESMode.cbc));
  final encrypted = encrypter.encrypt(value, iv: iv);

  return encrypted.base64;
}

It works perfectly without any issue, but this isn't secured. So i want to ask if my problem is from the keys i generated or from somewhere else. Please help me out.

CuriousDev21 commented 2 years ago

observing this same issue...

xylophonee commented 2 years ago

I have the same issue...

xylophonee commented 2 years ago

I solved the problem,length to be supplemented.

String pad(String s){
  int l = 16 - utf8.encode(s).length % 16;
  return s + String.fromCharCode(0) * l;
}

String getSign() {
  String str = "1234567890";
  String password = "8A04D41F57EFCDA7";
  String ivv = "8A04D41F57EFCDA7"; 
  //加密key
  final key = Encrypt.Key.fromUtf8(password);
  //偏移量
  final iv = Encrypt.IV.fromUtf8(ivv);
  //设置cbc模式
  final encrypter = Encrypt.Encrypter(Encrypt.AES(key, mode: Encrypt.AESMode.cbc, padding: null));
  //加密
  final encrypted = encrypter.encrypt(pad(str), iv: iv);

  return encrypted.base64;
}