[Mono-bugs] [Bug 77276][Wis] Changed - Encrypt/Decrypt generates 'Bad PKC padding' exceptions

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Jan 16 14:39:44 EST 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.


--- shadow/77276	2006-01-16 14:06:53.000000000 -0500
+++ shadow/77276.tmp.13112	2006-01-16 14:39:44.000000000 -0500
@@ -1,16 +1,16 @@
 Bug#: 77276
 Product: Mono: Class Libraries
 Version: 1.1
 OS: All
 OS Details: 
-Status: NEW   
+Status: RESOLVED   
+Resolution: NOTABUG
+Severity: Unknown
 Priority: Wishlist
-Component: System.Security
+Component: CORLIB
 AssignedTo: sebastien at ximian.com                            
 ReportedBy: wdai at fnfr.com               
 QAContact: mono-bugs at ximian.com
 TargetMilestone: ---
@@ -304,6 +304,51 @@
 encrypt multiple strings, It only works if the same object is used to 
 decrypt them. Decrypt by a new object works only when encrypt is called 
 Second problem, encryptTwiceError routine. If you  encrypt the same 
 string twice, decrypt no longer work.
+------- Additional Comments From sebastien at ximian.com  2006-01-16 14:39 -------
+Your code isn't safe because it depends on specific details of the
+implementation, i.e. ICryptoTransform.CanReuseTransform returns true.
+You shouldn't depend on this (and neither depend on
+CanTransformMultipleBlocks) because:
+(a) their values could change in future version of the framework;
+(b) other implementations could use other values - so it makes your
+code less re-usable;
+(c) algorithm implementation remapping, using CryptoConfig /
+machine.config, could break your application (and be hard to debug);
+(d) ICryptoTransform inherits from IDisposable. As you can't know
+(implementation specific) it's resource requirement you should
+manually dispose (i.e. not wait for the GC) of the transform when you
+don't need it anymore.
+The changes are simple:
+1. remove the ICryptoTransform from the .ctor
+2. In the Encrypt method, do
+   if ((mEncryptor == null) || (!mEncryptor.CanReuseTransform))
+      mEncryptor = rijndael.CreateEncryptor(mKeys, mIVs);
+3. Do the same in your Decrypt method
+4. Consider disposing the ICryptoTransform if it's not gonna (or
+can't) be re-used immediately. This will be more secure and will lower
+resource usage. E.g. in Encrypt
+     if (!mEncryptor.CanReuseTransform) {
+        mEncryptor.Dispose ();
+        mEncryptor = null;
+     }
+5. Enjoy code that will works on MS (including future versions), Mono
+and any 3rd party encryption algorithm for .NET ;-)
+Note: For simplicity I suggest you encode your encrypted data using
+base64 (Convert.[To|From]Base64String).

More information about the mono-bugs mailing list