Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[BUG] CryptographicException: Padding is invalid and cannot be removed.
See original GitHub issueLibrary name and version
Azure.Storage.Blobs 12.10.0
Describe the bug
An exception is thrown when doing multiple UploadAsync and DownloadAsync in parallel with ClientSideEncryption enabled.
Exception:
System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed when doing
Background information: We are migrating from Microsoft.Azure.Storage.Blob to Azure.Storage.Blobs. While doing a stress test on our service, we started seeing these exceptions. I’ve isolated the code to a single Unit Test which should be helpful to reproduce the issue. I’ve also tried several variants resulting in the same exception:
- New BlobClient per request
- Using streams for uploading and downloading
Expected behavior
No exception.
Actual behavior
A System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed when doing is thrown.
Reproduction Steps
[TestMethod]
public async Task TestUploadAsyncScenarios2()
{
var keyVaultUri = new Uri("https://***.vault.azure.net");
var keyVaultSecretName = "***";
var keyVaultTenantId = "***";
var keyVaultClientId = "***";
var certificateThumbprint = "***";
var x509Store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
x509Store.Open(OpenFlags.ReadOnly);
var certificates = x509Store.Certificates.Find(X509FindType.FindByThumbprint, certificateThumbprint, false);
var certificate = certificates[0];
x509Store.Close();
var credential = new ClientCertificateCredential(keyVaultTenantId, keyVaultClientId, certificate);
var secretClient = new SecretClient(keyVaultUri, credential);
var secret = secretClient.GetSecret(keyVaultSecretName);
var keyResolver = new KeyResolver(credential);
var keyEncryptionKey = keyResolver.Resolve(secret.Value.Id);
var clientSideEncryptionOptions = new ClientSideEncryptionOptions(ClientSideEncryptionVersion.V1_0)
{
KeyEncryptionKey = keyEncryptionKey,
KeyResolver = keyResolver,
KeyWrapAlgorithm = "A256KW"
};
var blobConnectionString = "***";
var blobContainerName = "***";
var blobName = "test";
var blobContents = "test content";
var blobContainerClient = new BlobContainerClient(blobConnectionString, blobContainerName);
var blobClient = blobContainerClient.GetBlobClient(blobName);
var encryptedBlobClient = blobClient.WithClientSideEncryptionOptions(clientSideEncryptionOptions);
await UploadAsync();
while (true)
{
try
{
await Task.WhenAll(
UploadAsync(),
DownloadAsync(),
UploadAsync()
);
}
catch (Exception)
{
throw;
}
}
Task UploadAsync() => encryptedBlobClient.UploadAsync(new BinaryData(blobContents), new BlobUploadOptions { });
Task DownloadAsync() => encryptedBlobClient.DownloadContentAsync();
}
Environment
Windows 10 .NET Standard 2.0 Visual Studio 16.10.3
Issue Analytics
- State:
- Created 2 years ago
- Comments:14 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
My Bad. I’ve updated the initial post. Should be using
System.Security.Cryptography.X509Certificatesnow.@bsumter We are looking into this and get back to you in case need any information.