azure-sdk-for-net: [BUG] Padding is invalid and cannot be removed while doing client side encryption for storage blob data using keyvault key

Describe the bug We are doing client side encryption for storage blob data using keyvault key. This is the bug “https://github.com/Azure/azure-sdk-for-net/issues/16298” i intially filled for SNI. We were able to get it done but we are getting “Padding is invalid and cannot be removed” error now

Expected behavior Should successfully decrypt and encrypt the data

Actual behavior (include Exception or Stack Trace) Padding is invalid and cannot be removed error

To Reproduce Steps to reproduce the behavior (include a code snippet, screenshot, or any additional information that might help us reproduce the issue)

code snippet is exactly explained here except we are using SNI https://github.com/Azure/azure-sdk-for-net/issues/16298

Environment:

Name and version of the Library package used: [e.g. Azure.Storage.Blobs 12.2.0] Azure.Storage.Blobs : 12.8.0 Azure.Identity is 1.4.0-beta.1 Azure.Security.KeyVault.Keys 4.2.0-beta.2
Hosting platform or OS and .NET runtime version (dotnet --info output for .NET Core projects): [e.g. Azure AppService or Windows 10 .NET Framework 4.8] .Net core
IDE and version : [e.g. Visual Studio 16.3] Visual Studi 2019

Call stack:

System.Security.Cryptography.CryptographicException:
   at Internal.Cryptography.UniversalCryptoDecryptor.DepadBlock (System.Security.Cryptography.Algorithms, Version=4.3.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at Internal.Cryptography.UniversalCryptoDecryptor.UncheckedTransformFinalBlock (System.Security.Cryptography.Algorithms, Version=4.3.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at Internal.Cryptography.UniversalCryptoTransform.TransformFinalBlock (System.Security.Cryptography.Algorithms, Version=4.3.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at System.Security.Cryptography.CryptoStream+<ReadAsyncCore>d__42.MoveNext (System.Security.Cryptography.Primitives, Version=4.1.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Security.Cryptography.CryptoStream+<ReadAsyncInternal>d__37.MoveNext (System.Security.Cryptography.Primitives, Version=4.1.2.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Shared.WindowStream+<ReadInternal>d__18.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Shared.WindowStream+<ReadAsync>d__17.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.IO.Stream+<CopyToAsyncInternal>d__30.MoveNext (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.PartitionedDownloader+<CopyToAsync>d__9.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.PartitionedDownloader+<DownloadToAsync>d__5.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient+<StagedDownloadAsync>d__74.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient+<DownloadToAsync>d__72.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient+<DownloadToAsync>d__68.MoveNext (Azure.Storage.Blobs, Version=12.8.0.0, Culture=neutral, PublicKeyToken=92742159e12e44c8)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Microsoft.AzureMonitor.Billing.Common.Storage.AzureBlobStorageClient+<**DownloadStreamAsync**>d__11.MoveNext (Common, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null: C:\source\src\Common\Storage\AzureBlobStorageClient.cs:78)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Microsoft.AzureMonitor.Billing.LogAnalyticsCollectorBusiness.BlobHelper+<DownloadEHInfoFromBlobAsync>d__15.MoveNext (LogAnalyticsCollectorService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null: C:\source\src\LogAnalyticsCollectorService\Business\BlobHelper.cs:244)
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification (System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e)
   at Microsoft.AzureMonitor.Billing.LogAnalyticsCollectorBusiness.BlobHelper+<CompareEHInfoWithBlob>d__13.MoveNext (LogAnalyticsCollectorService, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null: C:\source\src\LogAnalyticsCollectorService\Business\BlobHelper.cs:221)

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 23 (10 by maintainers)

Most upvoted comments

So out of my testing, I haven’t been able to upload a new files and then get the error. I have only been able to reproduce on files that have been in our environment already. I am currently trying to tell if it happens to the same blob every time or different blobs each run, our environment has 300+k blobs so I am going to move into another environment with 10+ blobs for testing clarity

wonderphil on Oct 13, 2021