I'm a fairly new developer so bear with me, this has given me a headache.
I have been trying to store the passwords for a Winforms application I'm developing in an encrypted format in the database. There is a login and registration interface when the application is first opened.
I have managed to encrypt the password that is given during registration, and it is not in plaintext in the database, and I used a class Cryptography
for this. However, when I try to decrypt the password to grant the user access to the application I get the exception unhandled error:
The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
Is there a way to solve this? I cannot figure it out.
The code that does the encryption:
public static string Encrypt(string encryptString)
{
string EncryptionKey = "djknh46hdkkjsdvvjjsijeykskerfubb1906234575";
byte[] clearBytes = Encoding.Unicode.GetBytes(encryptString);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] {
0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76});
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(),
CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
encryptString = Convert.ToBase64String(ms.ToArray());
}
}
return encryptString;
}
The code that is supposed to do the decryption:
public static string Decrypt(string cipherText)
{
string EncryptionKey = "djknh46hdkkjsdvvjjsijeykskerfubb1906234575";
cipherText = cipherText.Replace(" ", "+");
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] {
0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76});
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(),
CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}
The code that does is supposed to verify the password from the database:
string Password = "";
bool IsExist = false;
SqlCommand command = new SqlCommand("select * from LibraryUser where UserName='" +
txtUsernameLogin.Text + "'", connection1);
SqlDataReader dataReader = command.ExecuteReader();
if (dataReader.Read())
{
Password = dataReader.GetString(4);
IsExist = true;
}
connection1.Close();
if (IsExist)
{
if (Cryptography.Decrypt(Password).Equals(txtPasswordLogin.Text))
{
this.Hide();
new LibraryForm().Show();
}
else
{
MessageBox.Show("The password you have entered is incorrect, please try again.",
"Incorrect Password", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
else
{
MessageBox.Show("Please enter the valid credentials.", "Error",
MessageBoxButtons.OK, MessageBoxIcon.Error);
}
I appreciate any help anyone has to offer, thanks in advance.