Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[BUG] Padding is invalid and cannot be removed while doing client side encryption for storage blob data using keyvault key

See original GitHub issue

Describe the bug We are doing client side encryption for storage blob data using keyvault key. This is the bug “https://github.com/Azure/azure-sdk-for-net/issues/16298” i intially filled for SNI. We were able to get it done but we are getting “Padding is invalid and cannot be removed” error now

Expected behavior Should successfully decrypt and encrypt the data

Actual behavior (include Exception or Stack Trace) Padding is invalid and cannot be removed error

To Reproduce Steps to reproduce the behavior (include a code snippet, screenshot, or any additional information that might help us reproduce the issue)

code snippet is exactly explained here except we are using SNI https://github.com/Azure/azure-sdk-for-net/issues/16298

Environment:

  • Name and version of the Library package used: [e.g. Azure.Storage.Blobs 12.2.0] Azure.Storage.Blobs : 12.8.0 Azure.Identity is 1.4.0-beta.1 Azure.Security.KeyVault.Keys 4.2.0-beta.2
  • Hosting platform or OS and .NET runtime version (dotnet --info output for .NET Core projects): [e.g. Azure AppService or Windows 10 .NET Framework 4.8] .Net core
  • IDE and version : [e.g. Visual Studio 16.3] Visual Studi 2019

Call stack:

System.Security.Cryptography.CryptographicException:
   at Internal.Cryptography.UniversalCryptoDecryptor.DepadBlock (System.Security.Cryptography.Algorithms, Version=4.3.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at Internal.Cryptography.UniversalCryptoDecryptor.UncheckedTransformFinalBlock (System.Security.Cryptography.Algorithms, Version=4.3.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at Internal.Cryptography.UniversalCryptoTransform.TransformFinalBlock (System.Security.Cryptography.Algorithms, Version=4.3.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at System.Security.Cryptography.CryptoStream+<ReadAsyncCore>d__42.MoveNext (System.Security.Cryptography.Primitives, Version=4.1.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Security.Cryptography.CryptoStream+<ReadAsyncInternal>d__37.MoveNext (System.Security.Cryptography.Primitives, Version=4.1.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Shared.WindowStream+<ReadInternal>d__18.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Shared.WindowStream+<ReadAsync>d__17.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.IO.Stream+<CopyToAsyncInternal>d__30.MoveNext (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.PartitionedDownloader+<CopyToAsync>d__9.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.PartitionedDownloader+<DownloadToAsync>d__5.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient+<StagedDownloadAsync>d__74.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient+<DownloadToAsync>d__72.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient+<DownloadToAsync>d__68.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Microsoft.AzureMonitor.Billing.Common.Storage.AzureBlobStorageClient+<**DownloadStreamAsync**>d__11.MoveNext (Common, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null: C:\source\src\Common\Storage\AzureBlobStorageClient.cs:78)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Microsoft.AzureMonitor.Billing.LogAnalyticsCollectorBusiness.BlobHelper+<DownloadEHInfoFromBlobAsync>d__15.MoveNext (LogAnalyticsCollectorService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null: C:\source\src\LogAnalyticsCollectorService\Business\BlobHelper.cs:244)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Microsoft.AzureMonitor.Billing.LogAnalyticsCollectorBusiness.BlobHelper+<CompareEHInfoWithBlob>d__13.MoveNext (LogAnalyticsCollectorService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null: C:\source\src\LogAnalyticsCollectorService\Business\BlobHelper.cs:221)

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:23 (10 by maintainers)

github_iconTop GitHub Comments

1reaction
wonderphilcommented, Oct 13, 2021

So out of my testing, I haven’t been able to upload a new files and then get the error. I have only been able to reproduce on files that have been in our environment already. I am currently trying to tell if it happens to the same blob every time or different blobs each run, our environment has 300+k blobs so I am going to move into another environment with 10+ blobs for testing clarity

0reactions
jaschrep-msftcommented, Feb 22, 2022

Closing this issue. Feel free to reopen if the problem persists after eliminating this race condition.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Padding is invalid and cannot be removed?
One common way is to have the caller provide the keys in the constructor of the encryption methods class, to prevent the encryption/decryption ......
Read more >
[BUG]CryptographyClient failed to gettoken when SNI ...
This is while doing client side encryption for storage blob data using keyvault key. Expected behavior. When subject name Issuer is ...
Read more >
Client-side encryption for blobs - Azure Storage
For a step-by-step tutorial that leads you through the process of encrypting blobs using client-side encryption and Azure Key Vault, see Encrypt ......
Read more >
Padding is invalid and cannot be removed
Background on Padding is invalid and cannot be removed​​ only after setting the block size and the key size the error went away....
Read more >
Padding is invalid and cannot be removed Exception while ...
I am getting exception while I try to decrypt the encrypted string using following code. Following line is throwing exception: C#. using ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Check if StorageInputType needs to be in TranslationSource or in DocumentTranslationInput

Next page

[BUG] Can not set PrefixMatch on ManagementPolicyFilter