Validate key/IV before decrypting with AesManaged ? or avoid CryptographicException before it occurs?

Question

I've written a pair of AES encrypt/decrypt functions based on this example.

It works great, until I pass the wrong key or IV into my decrypt function, at which point I get the "Padding is invalid and cannot be removed." CryptographicException that others have discussed.

My question is: Is there some sort of way to validate the key/IV before the exception occurs? Maybe some sort of checksum ? Or is the answer to just catch that exception ?

Answer 1

The answer is just to catch the exception yes. The IV is normally send with the encrypted message, so it makes little sense to validate that separately. As for the key, the normal way to check the key value is using a KCV (key check value):

Check the asnwer of Poncho about my question here:

https://crypto.stackexchange.com/questions/1930/sending-kcv-key-check-value-with-cipher-text

Basically, it does not seem to be worth it. Your milage may vary of course. Adding some kind of authentication to your encrypted message on the other hand does always makes a lot of sense, but it still won't show you if the data is corrupt or tampered with, or if you have the wrong key...