Encoding and Decoding Password in login Form from Database

Question

I am making a Registration and a login Form with encoded password saved to database, I can encode the password using encodin.utf8.

Problem is I register with some username and password and the data get saved to database with encoded password, but when I login with the same data it shows me this below error.

Invalid length for a Base-64 char array or string.

Can anyone give me the described solution for this. Below I am attaching my encoded and decoded methods :

Encoded :

private string encryption(string clearText)
{
string encryptkey = "123";
byte[] clearBytes = Encoding.Unicode.GetBytes(clearText);
using (Aes encrypt = Aes.Create())
{
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes(encryptkey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encrypt.Key = rdb.GetBytes(32);
encrypt.IV = rdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cst = new CryptoStream(ms, encrypt.CreateEncryptor(), CryptoStreamMode.Write))
{
cst.Write(clearBytes, 0, clearBytes.Length);
cst.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
return clearText;

Decoded :

private string decryp(string cipherText)
{
cipherText = cipherText.Replace(" ", "+");
string decryptkey = "123";
byte[] cipherBytes = Convert.FromBase64String(cipherText.Replace(" ", "+"));
using (Aes encrypt = Aes.Create())
{
Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes(decryptkey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encrypt.Key = rdb.GetBytes(32);
encrypt.IV = rdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cst = new CryptoStream(ms, encrypt.CreateDecryptor(), CryptoStreamMode.Write))
{
cst.Write(cipherBytes, 0, cipherBytes.Length);
cst.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;

Any help will be appreciated,thank you !

Tapan Patel · Answer

Even the line you have highlighted is working fine. Can you please check the length of the CipherText variable? It doesn't seem to be multiple of 4. (for base64 - it should be).

ketan borsdiya · Answer

Hi Nilesh your encrypted string is not encrypted with provided encode method or something different string. while you are not provide your encrypted string I am not able to found issue.

Nilesh Jadav · Answer

I am getting error in the highlighted line: Invalid length for a Base-64 char array or string. private string decryp( string cipherText) { cipherText=cipherText.Replace(   + ); string decryptkey= 123 ; byte []cipherBytes=Convert.FromBase64String(cipherText.Replace(   + )); using (Aesencrypt=Aes.Create()) { Rfc2898DeriveBytesrdb= new Rfc2898DeriveBytes(decryptkey new byte []{0x490x760x610x6e0x200x4d0x650x640x760x650x640x650x76}); encrypt.Key=rdb.GetBytes(32); encrypt.IV=rdb.GetBytes(16); using (MemoryStreamms= new MemoryStream()) { using (CryptoStreamcst= new CryptoStream(msencrypt.CreateDecryptor()CryptoStreamMode.Write)) { cst.Write(cipherBytes0cipherBytes.Length); cst.Close(); } cipherText=Encoding.Unicode.GetString(ms.ToArray()); } } return cipherText;

Vishal Jadav · Answer

Hi Your code looks ok. But if you really want to make it more better and totally SQL server dependent then you can use Encryption and Decryption methods of SQL server it self. Try https://msdn.microsoft.com/en-us/library/ms190357.aspx this method. Its really helpful and easy to understand. Hope it helps Thanks. Cheers. :)

ketan borsdiya · Answer

Hi Nilesh Your methods are working fine. please provide your encrypted string for sample.