We have some security interactions where our installer creates an encrypted file and our Windows service reads that file. The installer is InnoSetup which is a 32 bit application and the service is 64 bit. When the service decrypts the file we get:
"System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed"
If the installer encrypts the file it can successfully decrypt it. If we use a 64 bit test application to create the file the service can successfully read it.
Since the user who creates (must be admin) the file is different from the user who reads the file (LocalService account) we are using machine key based encryption/decryption.
private static CngProvider keyStorageProvider = CngProvider.MicrosoftSoftwareKeyStorageProvider;
...
if (!CngKey.Exists(KeyName, keyStorageProvider, CngKeyOpenOptions.MachineKey))
{
CngKeyCreationParameters keyCreationParameters = new CngKeyCreationParameters()
{
ExportPolicy = CngExportPolicies.AllowPlaintextExport,
KeyCreationOptions = CngKeyCreationOptions.MachineKey | CngKeyCreationOptions.OverwriteExistingKey,
Provider = keyStorageProvider
};
CngKey.Create(new CngAlgorithm("AES"), KeyName, keyCreationParameters);
}
Aes aes = new AesCng(KeyName, keyStorageProvider, CngKeyOpenOptions.MachineKey);
Is the issue likely to be the bitness? How could we work around it?