{"id":53445,"date":"2022-12-28T00:35:20","date_gmt":"2022-12-28T05:35:20","guid":{"rendered":"https:\/\/euvolution.com\/open-source-convergence\/uncategorized\/system-security-cryptography-cryptographicexception-the-payload-was.php"},"modified":"2022-12-28T00:35:20","modified_gmt":"2022-12-28T05:35:20","slug":"system-security-cryptography-cryptographicexception-the-payload-was","status":"publish","type":"post","link":"https:\/\/euvolution.com\/open-source-convergence\/cryptography\/system-security-cryptography-cryptographicexception-the-payload-was.php","title":{"rendered":"System.Security.Cryptography.CryptographicException: The payload was &#8230;"},"content":{"rendered":"<p><p>When you are using your .Net Core application to decrypt a string from a different machine than it was encrypted, you may run into the following exception:<\/p>\n<\/p>\n<p>Exception:<\/p>\n<p>System.Security.Cryptography.CryptographicException: The payload was invalid.<\/p>\n<p> at Microsoft.AspNetCore.DataProtection.Cng.CbcAuthenticatedEncryptor.DecryptImpl(Byte* pbCiphertext, UInt32 cbCiphertext, Byte* pbAdditionalAuthenticatedData, UInt32 cbAdditionalAuthenticatedData)<\/p>\n<p> at Microsoft.AspNetCore.DataProtection.Cng.Internal.CngAuthenticatedEncryptorBase.Decrypt(ArraySegment`1 ciphertext, ArraySegment`1 additionalAuthenticatedData)<\/p>\n<p> at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.UnprotectCore(Byte[] protectedData, Boolean allowOperationsOnRevokedKeys, UnprotectStatus& status)<\/p>\n<p> at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.DangerousUnprotect(Byte[] protectedData, Boolean ignoreRevocationErrors, Boolean& requiresMigration, Boolean& wasRevoked)<\/p>\n<p> at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingBasedDataProtector.Unprotect(Byte[] protectedData)<\/p>\n<p> at Microsoft.AspNetCore.DataProtection.DataProtectionCommonExtensions.Unprotect(IDataProtector protector, String protectedData)<\/p>\n<\/p>\n<p>Two things you will need to check:<\/p>\n<p>1. Is the encryption key persists to a local path? - The key needs to bepersisted to a shared location<\/p>\n<p>2. SetApplicationName must be used to set an explicit application name. - If ApplicationName is not set, it will be generated a guid at runtime for different machines, and that will lead to the error above.<\/p>\n<\/p>\n<p>Code Example below:<\/p>\n<\/p>\n<p> services.AddDataProtection()<\/p>\n<p> .ProtectKeysWithCertificate(x509Cert)<\/p>\n<p>.UseCryptographicAlgorithms(<\/p>\n<p> new AuthenticatedEncryptorConfiguration()<\/p>\n<p> {<\/p>\n<p> EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,<\/p>\n<p> ValidationAlgorithm = ValidationAlgorithm.HMACSHA256<\/p>\n<p> }<\/p>\n<p> )<\/p>\n<p> .PersistKeysToFileSystem(new System.IO.DirectoryInfo(Configuration.GetValue<string>(\"KeyLocation\"))) \/\/shared network folder for key location<\/p>\n<p> .SetApplicationName(\"MyApplicationName\")<\/p>\n<p> .SetDefaultKeyLifetime(TimeSpan.FromDays(600));<\/p>\n<\/p>\n<p><!-- Auto Generated --><\/p>\n<p>Visit link:<br \/>\n<a target=\"_blank\" href=\"https:\/\/techcommunity.microsoft.com\/t5\/iis-support-blog\/system-security-cryptography-cryptographicexception-the-payload\/ba-p\/1919096\" title=\"System.Security.Cryptography.CryptographicException: The payload was ...\" rel=\"noopener\">System.Security.Cryptography.CryptographicException: The payload was ...<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> When you are using your .Net Core application to decrypt a string from a different machine than it was encrypted, you may run into the following exception: Exception: System.Security.Cryptography.CryptographicException: The payload was invalid. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1600],"tags":[],"class_list":["post-53445","post","type-post","status-publish","format-standard","hentry","category-cryptography"],"_links":{"self":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts\/53445"}],"collection":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/comments?post=53445"}],"version-history":[{"count":0,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/posts\/53445\/revisions"}],"wp:attachment":[{"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/media?parent=53445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/categories?post=53445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/euvolution.com\/open-source-convergence\/wp-json\/wp\/v2\/tags?post=53445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}