Debugging Symmetric Encryption such as AES

Symmetric encryption algorithms such as AES require all parameters to be pre-known and exactly the same on both sides in order to decrypt what was encrypted elsewhere. Parameters include the algorithm itself (AES, Blowfish, Twofish, ChaCha20, 3DES, etc.), the secret key, the key length, the cipher mode (CBC, ECB, CTR, ...), the padding scheme, the IV if the cipher mode uses an IV, and the charset if text (because you need to know the exact byte representation such as utf-8, utf-16, windows-1252, etc.).

If both sides don't match exactly, then decrypting will result in all garbage output, except for a few cases. Here I describe the 2 cases where almost all parameters match on both sides, except for padding or the IV.

If something encrypted on one system does not decrypt correctly on another, make sure to test with data longer than one "block". The block size of a block encryption algorithm is defined by the algorithm itself. For example, when doing AES encryption, the block size is 16 bytes. When debugging, make sure to test with data longer than 16 bytes. For example, encrypting "Hello" is just one block. Instead, encrypt "Hello, what am I going to do today, 1234567890 abcdefghij" which is several blocks.

1) If using a cipher mode such as CBC (cipher block chaining) and the decrypted result is correct except for the very first block, it means all paramters match except the IV. You need to set the IV on the decrypt side to match the IV used on the encrypt side.

2) If the decrypted result is correct except for the very last block, then all parameters match except for the padding scheme, because the padding scheme is what controls the content of the last partial block that is encrypted.