encrypt.to | Send encrypted PGP messages with one click | Cryptography library

You are disposing the Aes instance with using statement in GetAes method.

Change:

The issue was not only because the IV was different. I provide more detail below:

In .NET C # the hashKey is a 32-byte array which comes from a 16-byte key string of text. But the hashIV is an array equivalent to the leading half of the array of the hashKey.

So in Node.js the algorithm to use is 'aes-256-cbc' assigning the keystring and IV variables the Buffer.from of bytes corresponding to each one, which must be the same as in C #.

Next I leave the Node.js solution that gave me the same result.

How about you serialize it to a string first and then encrypt.

Then on the other side, decrypt and deserialize.

One format to represent an object as a string is JSON, and serialize/deserialize to JSON is build into dotnet since dotnet core 3. You can also use Newtonsoft.JSON (which used to be the default json serializer for c#)

So you can add the following code:

As mentioned in President James K. Polk's comment, Rijndael with a block size of 256 bits is only supported in the .NET Framework, not in .NET Core. You did not specify the version you are running, but since you use a block size of 256 bits in the posted code (rijAlg.BlockSize = 256;), I assume you are running .NET Framework (otherwise, you need to apply a third party library that supports Rijndael with a block size of 256 bits, such as BouncyCastle/C#).

Both codes use a different padding. mcrypt applies Zero padding by default, the C# code explicitly uses PKCS7 padding (which is also the C# default). So that the C# code provides the same result as the PHP code, it is necessary to switch to Zero padding in the C# code (it should be noted that Zero padding is unreliable, unlike PKCS7 padding).

When additional_params is instantiated (which, by the way, does not compile on my machine), the variable names are missing, so they are also missing in the serialization. An anonymous type could be used instead. Also, note that json_encode() escapes the slash (/) by default, i.e. converts it to a \/, which has to be done manually in the C# code, e.g. with Replace("/", "\\/"). One possible implementation of the JSON serialization is:

My solution is to determine whether the string is in json format.

The cause of your problem is that different paddings are used.

The posted ciphertext can be reproduced (with the posted public key) or decrypted (with the posted private key) if no padding is applied (RSA/ECB/NoPadding, see here). This RSA variant is called textbook RSA and shouldn't be used in practice because it's insecure. The website applies PKCS#1 v1.5 padding (the first three options) or OAEP (the last three options), the insecure textbook RSA is not supported at all. I.e. the paddings are incompatible and decryption therefore fails.

There are two ways to specify the encryption with Cipher#getInstance, the full variant algorithm/mode/padding or the short variant algorithm, see here. In the latter, mode and padding are determined by provider-specific default values. And because they are provider specific, they can be different in different environments, which can lead to cross-platform problems, as in this case. That is why the full variant should always be used!

Cipher#getInstance("RSA") obviously applies textbook RSA in your environment, i.e. no padding. I can reproduce this behavior e.g. in Android Studio (API level 28). In contrast, in Eclipse (Kotlin plugin 0.8.14) PKCS#1 v1.5 padding is used.

So the solution to the problem is to explicitly specify the padding according to the environment used, e.g. for PKCS#1 v1.5 padding usually with RSA/ECB/PKCS1Padding or RSA/NONE/PKCS1Padding, see here. Note that the scheme algorithm/mode/padding is used for both symmetric and asymmetric encryption. While the mode of operation is defined for symmetric encryption, it's generally not defined for asymmetric encryptionsuch as RSA, i.e. ECB has no meaning in the context of RSA, but is still used by some providers on the specification.

Another possible problem is that the website can't handle line breaks, but it doesn't remove them automatically, so decryption fails if the ciphertext contains line breaks. The option Base64.DEFAULT generates line breaks after 76 characters. These must therefore be removed (e.g. manually) before the ciphertext is decrypted using the website. Alternatively, Base64.NO_WRAP can be used, which produces the ciphertext on a single line.

The example code is attempting to decrypt the original unencrypted string, which looks to be a mistake perhaps created when trying to simplify the example code for posting the question? Either way the steps required are not too difficult, but the toString() call needs to be replaced.

TLDR;

You're using a different IV and algorithm (AES-128 vs AES-256) so you will get different results...

You will need to use the same IV as well as the same key and algorithm if you want to get identical results. This would be an anti-pattern (i.e. don't do this)! Check John's comment about how you're ignoring the algorithm variable in your code, as at a quick glance this and the different IV are responsible for why you're getting different results.

Longer Answer;

1) You actually want it so that the same message (plain text) encrypted with the same key does not always produce the same encrypted result (cipher text). Otherwise any party that is eavesdropping will always know when a duplicate message has been sent again.

2) The initialization vector (IV) is used to provide randomness so that the same plain text does not always result in the same cipher text when a given key is used.

3) This means that to decrypt a message you need to know not only the key but also the IV.

4) The IV should be random and not deterministically derived from the key, otherwise every use of the same key will have the same IV and thus each time the same plain text is encrypted the same cipher text would result. (Leaving you vulnerable to eavesdroppers observing the results of a given message being received and beginning to determine the meaning of the message).

Have a look at the answers to this question AES Encryption - Key versus IV and also this Wikipedia entry http://en.wikipedia.org/wiki/Initialization_vector for more info.

There is mismatch of padding parameter in Encrpyt and Decrypt:

In encryptWithRSA() method it is: