AES-256-GCM decode - java

I try to use java7 to achieve AES-256-GCM decoding
I encountered a mac check failure response in GCM
Please help me out, thank you all.
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public static void main(String[] args) throws Exception {
String iv = "35d117c42d1c1835420b6b9942dd4f1b"; // utf-8
String key = "3a7bd3e2360a3d29eea436fcfb7e44c7"; // utf-8
String hexCipherString = "07a604fc0c143a6e"; // hex
String hexAuthTagString = "984e81176ff260717beb184db3d73753"; //hex
byte[] decodedCipherHexBtye = Hex.decodeHex(hexCipherString.toCharArray());
byte[] base64Cipher = Base64.decodeBase64(decodedCipherHexBtye);
byte[] decodedAuthTagHex = Hex.decodeHex(hexAuthTagString.toCharArray());
byte[] base64AuthTag = Base64.decodeBase64(decodedAuthTagHex);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
byte[] gcmIv = iv.getBytes("UTF-8");
Security.addProvider(new BouncyCastleProvider());
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
GCMParameterSpec params = new GCMParameterSpec(base64AuthTag.length * Byte.SIZE, gcmIv);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, params);
cipher.updateAAD(base64AuthTag);
byte[] result = cipher.doFinal(base64Cipher);
System.out.println(Base64.encodeBase64(result));
}
I am looking forward to the expected result of Base64Encode: dGVzdA==


How to address the Security warning comment to implement safe code.
The core issue in the warning is the need for a randomly generated IV (a set of truly random bytes) for each encryption
when you make a Cypher here is a concrete example using Java 8 Oracle SE
val cipher = Cipher.getInstance("some scheme", "some provider");
then when we use the the Cypher safely we need a true random initialization vector IV to correctly resolve the issue this warning is directing us too,
turns out at least in Oracle Java 8 this is easy,
with the above cypher
cipher.getIV()
the instance method for the cipher object is safe see
generally use with IvParameterSpec
ivParams = IvParameterSpec( cipher.getIV())
cipher.init(Cipher.ENCRYPT_MODE, key, ivParams);


I found a solution and modified the code as follows:
public static void main(String[] args) throws Exception {
String iv = "35d117c42d1c1835420b6b9942dd4f1b"; // utf-8
String key = "3a7bd3e2360a3d29eea436fcfb7e44c7"; // utf-8
String hexCipherString = "07a604fc0c143a6e"; // hex
String hexAuthTagString = "984e81176ff260717beb184db3d73753"; //hex
byte[] decodedCipherHexBtye = Hex.decodeHex(hexCipherString.toCharArray());
byte[] decodedAuthTagHex = Hex.decodeHex(hexAuthTagString.toCharArray());
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
byte[] gcmIv = iv.getBytes("UTF-8");
Security.addProvider(new BouncyCastleProvider());
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
GCMParameterSpec params = new GCMParameterSpec(decodedAuthTagHex.length * Byte.SIZE, gcmIv);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, params);
cipher.update(decodedCipherHexBtye);
byte[] result = cipher.doFinal(decodedAuthTagHex);
System.out.println(new String(result));
}
Refer to this article
Tag mismatch error in AES-256-GCM Decryption using Java


This is the easiest way to encryption and decryption using AES-256.
if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.O) {
String decryptedData = AESUtils.decrypt("Your Encrypted Data");
System.out.println(decryptedData);
}
public class AESUtils {
private static final String ENCRYPTION_KEY = "RwcmlVpg";
private static final String ENCRYPTION_IV = "5183666c72eec9e4";
#RequiresApi(api = Build.VERSION_CODES.O)
public static String encrypt(String src) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, makeKey(), makeIv());
byte[] origignal= Base64.encode(cipher.doFinal(src.getBytes()),Base64.DEFAULT);
return new String(origignal);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
#RequiresApi(api = Build.VERSION_CODES.O)
public static String decrypt(String src) {
String decrypted = "";
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, makeKey(), makeIv());
byte[] decode = Base64.decode(src, Base64.NO_WRAP);
decrypted= new String(cipher.doFinal(decode), "UTF-8");
} catch (Exception e) {
Log.v("AES Exception", String.valueOf(e));
throw new RuntimeException(e);
}
return decrypted;
}
static AlgorithmParameterSpec makeIv() {
try {
return new IvParameterSpec(ENCRYPTION_IV.getBytes("UTF-8"));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return null;
}
static Key makeKey() {
try {
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[] key = md.digest(ENCRYPTION_KEY.getBytes("UTF-8"));
return new SecretKeySpec(key, "AES");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return null;
}
}

Related

BadPaddingException: pad block corrupted | BouncyCastle

I'm trying to decrypt data that is encrypted with AES/SIC/PKCS7Padding. I'm making use of BouncyCastleProvider to achieve this, but on decryption BadPaddingException is thrown.
Here's the code i'm using to decrypt, am i doing something wrong? Any help is appreciated, thanks!
public class AesEncryption {
public static String decrypt(String aesKey, String cipherText) {
try {
Security.addProvider(new BouncyCastleProvider());
Cipher dcipher;
SecretKey key = new SecretKeySpec(Base64.getDecoder().decode(aesKey), "AES");
dcipher = Cipher.getInstance("AES/SIC/PKCS7Padding", "BC");
dcipher.init(Cipher.DECRYPT_MODE, key, generateIv());
byte[] dec = Base64.getDecoder().decode(cipherText);
byte[] utf8 = dcipher.doFinal(dec);
return new String(utf8, "UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static IvParameterSpec generateIv() {
byte[] iv = new byte[16];
new SecureRandom().nextBytes(iv);
return new IvParameterSpec(iv);
}
}

Blowfish encryption and decryption not working

So I'm using a simple Blowfish encryption/decryption for an application I'm making. It works sometimes but isn't reliable.
Form template being encrypted:
email#gmail.com
message
END
It works perfectly when I use an email like test1#gmail.com or test2#gmail.com.
When I use my personal email: tywemc#gmail.com, the form is encrypted but when it's decrypted, it returns î/ÅÝ®Îmail.comÄþ4œ’>L/ND
So it seems like it decrypts part of the form but not the whole thing and I can't figure out why. It seems to decrypts other forms partially with different real emails but still not completely. I'm using a static key within the Crypto.java class for simplicity.
I've tried to make sure the longer emails were causing it to not work because of a block size or string length issue but I don't think that's the problem.
Crypto.java
package core;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class Crypto {
private static String key = "key12345";
public static String encrypt(String strClearText,String strKey) {
String strData = "";
try {
SecretKeySpec skeyspec = new SecretKeySpec(key.getBytes(), "Blowfish");
System.out.println("Ëncryption keyspec: " + skeyspec.toString());
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, skeyspec);
byte[] encrypted = cipher.doFinal(strClearText.getBytes());
strData = new String(encrypted);
} catch (Exception e) {
e.printStackTrace();
}
return strData;
}
public static String decrypt(String strEncrypted,String strKey) {
String strData = "";
try {
SecretKeySpec skeyspec = new SecretKeySpec(key.getBytes(),"Blowfish");
System.out.println("Decryption keyspec: " + skeyspec.toString());
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.DECRYPT_MODE, skeyspec);
byte[] decrypted = cipher.doFinal(strEncrypted.getBytes());
strData = new String(decrypted);
} catch (Exception e) {
e.printStackTrace();
}
return strData;
}
}
Should I use a different encryption type/method or is there something I'm doing wrong? Thanks in advance!
Updated Code:
package core;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class Crypto {
private static String key = "key12345";
public static byte[] encrypt(String strClearText, String strKey) {
byte[] encrypted = null;
try {
SecretKeySpec skeyspec = new SecretKeySpec(key.getBytes(), "Blowfish");
System.out.println("Ëncryption keyspec: " + skeyspec.toString());
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, skeyspec);
encrypted = cipher.doFinal(strClearText.getBytes());
// strData = new String(encrypted);
} catch (Exception e) {
e.printStackTrace();
}
return encrypted;
}
public static String decrypt(byte[] strEncrypted, String strKey) {
String strData = "";
try {
SecretKeySpec skeyspec = new SecretKeySpec(key.getBytes(),"Blowfish");
System.out.println("Decryption keyspec: " + skeyspec.toString());
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.DECRYPT_MODE, skeyspec);
byte[] decrypted = cipher.doFinal(strEncrypted);
strData = new String(decrypted);
} catch (Exception e) {
e.printStackTrace();
}
return strData;
}
}
[B#164b077d is what is passed in as strEncrypted.
Error
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher

Unable to decrypt the password throws javax.crypto.BadPaddingException: final block not properly padded

In JDK 1_7, I am trying to decrypt the encrypted password.From the result set (rs2),encrypted password is passed to a string variable and later on calling the decrypt method and passed the string 'p_password' and key.While decrypting the password system throws "javax.crypto.BadPaddingException: Given final block not properly padded"
Can someone please advise on how to resolve this problem?
// Encrypted password retrieving from result set
String key = "Blowfish";
String p_password = rs2.getString("USER_PASSWORD");
EncryptDecrypt encryptdecrypt = new EncryptDecrypt();
String p_decryptedPassword = encryptdecrypt.decrypt(p_password, key);
//EncryptDecrypt class
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class EncryptDecrypt {
public static String encrypt(String strClearText, String strKey) throws Exception{
String strData="";
try {
SecretKeySpec skeyspec=new SecretKeySpec(strKey.getBytes(),"Blowfish");
Cipher cipher=Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, skeyspec);
byte[] encrypted=cipher.doFinal(strClearText.getBytes());
strData=new String(encrypted);
} catch (Exception e) {
e.printStackTrace();
throw new Exception(e);
}
return strData;
}
public static String decrypt(String strEncrypted,String strKey) throws Exception{
String strData=null;
try {
byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0 };
IvParameterSpec ivspec = new IvParameterSpec(iv);
SecretKeySpec skeyspec=new SecretKeySpec(strKey.getBytes(),"Blowfish");
Cipher cipher=Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, skeyspec, ivspec);
byte[] decrypted=cipher.doFinal(strEncrypted.getBytes());
strData= new String(decrypted);
} catch (Exception e) {
e.printStackTrace();
throw new Exception(e);
}
return strData;
}
}

How do I encrypt a message and then I decryot it on another device with javax.crypto.cipher using AES

I have a problem with my code. I want to encrypt a message using a key made from passphrase. Then I want to send it (or use it somewhere, whatever) in String form (the encrypted one), and after that I want to decrypt it only by knowing the passphrase.
I wrote the code below, but I receive either IllegalBlockSizeException or BadPaddingException. I thought that badding would be took care by padding.
Here is my code:
Constructor and initialization:
public class AES_Cipher {
private String keyString;
private byte[] byteKey;
private SecretKey key;
Cipher c;
public AES_Cipher(String keyString){
this.keyString = keyString.toString();
}
public void init() throws InitializtionFailedException{
try{
c = Cipher.getInstance("AES/ECB/PKCS5Padding");
byteKey = keyString.getBytes("UTF-8");
MessageDigest sha = MessageDigest.getInstance("SHA-1");
byteKey = sha.digest(byteKey);
byteKey = Arrays.copyOf(byteKey, 16);
key = new SecretKeySpec(byteKey, "AES");
}catch(NoSuchAlgorithmException e){
throw new InitializtionFailedException();
}
}
Encrypt:
public String encrypt(String text) throws EncryptionException{
try{
c.init(Cipher.ENCRYPT_MODE, key);
byte[] tmp = c.doFinal( text.getBytes("UTF-8"));
return new String(tmp, "UTF-8");
}catch(IllegalBlockSizeException e){
throw new EncryptionException();
}
}
Decrypt:
public String decrypt(String text) throws DecryptionException{
try{
//byte[] decordedValue = new BASE64Decoder().decodeBuffer(text);
// tried too use it but with poor outcome
//c = Cipher.getInstance("AES/ECB/PKCS5Padding");
c.init(Cipher.DECRYPT_MODE, key);
byte[] tmp1 = text.getBytes("UTF-8");
//byte[] tmp = c.doFinal("aaaaaaaaaaaaaaaa".getBytes());
//this returns BadPaddingException
byte[] tmp = c.doFinal(text.getBytes());
return new String(tmp, "UTF-8");
}catch(IllegalBlockSizeException e){
throw new DecryptionException();
}
}
Of course there are some more exceptions.
Also, I would like to later use this code on android, and It doesn't need to be AES if there is some other Ciphers that are maybe less effective but less troublesome. But not simple XOR if that's not too much too ask.
Thank you in advance.

Ok. Seems to work now thanks to Artjom B.
Constructor and inicialization:
public class AES_Cipher {
private String keyString;
private byte[] byteKey;
private SecretKey key;
Cipher c;
public AES_Cipher(String keyString){
this.keyString = keyString.toString();
}
public void init() throws InitializtionFailedException{
try{
c = Cipher.getInstance("AES/ECB/PKCS5Padding");
byteKey = keyString.getBytes("UTF-8");
MessageDigest sha = MessageDigest.getInstance("SHA-1");
byteKey = sha.digest(byteKey);
byteKey = Arrays.copyOf(byteKey, 16);
key = new SecretKeySpec(byteKey, "AES");
}catch(NoSuchAlgorithmException e){
throw new InitializtionFailedException();
}
}
Encryption:
public String encrypt(String text) throws EncryptionException{
try{
c.init(Cipher.ENCRYPT_MODE, key);
byte[] textByte = text.getBytes("UTF-8");
byte[] tmp = c.doFinal(textByte);
String return1 = Base64.encodeToString(tmp, Base64.DEFAULT);
return return1;
} // of course there is some exceptions catched down there
Decryption:
public String decrypt(String text) throws DecryptionException{
try{
c.init(Cipher.DECRYPT_MODE, key);
byte[] textByte = Base64.decode(text, Base64.DEFAULT);
byte[] tmp = c.doFinal(textByte);
return new String(tmp, "UTF-8");
}catch(IllegalBlockSizeException e){
Log.d("Exception", "IllegalBlockSizeException");
throw new DecryptionException();
} // wrote DecryptionException myself.
// also there is more Exceptions below
}

Image encryption/decryption using AES256 symmetric block ciphers [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
Is there any good example of how to encrypt and decrypt image and other files with AES on Android?

Warning: This answer contains code you should not use as it is insecure (using SHA1PRNG for key derivation and using AES in ECB mode)
Instead (as of 2016), use PBKDF2WithHmacSHA1 for key derivation and AES in CBC or GCM mode (GCM provides both privacy and integrity)
You could use functions like these:
private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(clear);
return encrypted;
}
private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(encrypted);
return decrypted;
}
And invoke them like this:
ByteArrayOutputStream baos = new ByteArrayOutputStream();
bm.compress(Bitmap.CompressFormat.PNG, 100, baos); // bm is the bitmap object
byte[] b = baos.toByteArray();
byte[] keyStart = "this is a key".getBytes();
KeyGenerator kgen = KeyGenerator.getInstance("AES");
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.setSeed(keyStart);
kgen.init(128, sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] key = skey.getEncoded();
// encrypt
byte[] encryptedData = encrypt(key,b);
// decrypt
byte[] decryptedData = decrypt(key,encryptedData);
This should work, I use similar code in a project right now.

As mentioned by Nacho.L PBKDF2WithHmacSHA1 derivation is used as it is more secured.
import android.util.Base64;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class AESEncyption {
private static final int pswdIterations = 10;
private static final int keySize = 128;
private static final String cypherInstance = "AES/CBC/PKCS5Padding";
private static final String secretKeyInstance = "PBKDF2WithHmacSHA1";
private static final String plainText = "sampleText";
private static final String AESSalt = "exampleSalt";
private static final String initializationVector = "8119745113154120";
public static String encrypt(String textToEncrypt) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(getRaw(plainText, AESSalt), "AES");
Cipher cipher = Cipher.getInstance(cypherInstance);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(initializationVector.getBytes()));
byte[] encrypted = cipher.doFinal(textToEncrypt.getBytes());
return Base64.encodeToString(encrypted, Base64.DEFAULT);
}
public static String decrypt(String textToDecrypt) throws Exception {
byte[] encryted_bytes = Base64.decode(textToDecrypt, Base64.DEFAULT);
SecretKeySpec skeySpec = new SecretKeySpec(getRaw(plainText, AESSalt), "AES");
Cipher cipher = Cipher.getInstance(cypherInstance);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, new IvParameterSpec(initializationVector.getBytes()));
byte[] decrypted = cipher.doFinal(encryted_bytes);
return new String(decrypted, "UTF-8");
}
private static byte[] getRaw(String plainText, String salt) {
try {
SecretKeyFactory factory = SecretKeyFactory.getInstance(secretKeyInstance);
KeySpec spec = new PBEKeySpec(plainText.toCharArray(), salt.getBytes(), pswdIterations, keySize);
return factory.generateSecret(spec).getEncoded();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return new byte[0];
}
}

import java.security.AlgorithmParameters;
import java.security.SecureRandom;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
class SecurityUtils {
private static final byte[] salt = { (byte) 0xA4, (byte) 0x0B, (byte) 0xC8,
(byte) 0x34, (byte) 0xD6, (byte) 0x95, (byte) 0xF3, (byte) 0x13 };
private static int BLOCKS = 128;
public static byte[] encryptAES(String seed, String cleartext)
throws Exception {
byte[] rawKey = getRawKey(seed.getBytes("UTF8"));
SecretKeySpec skeySpec = new SecretKeySpec(rawKey, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
return cipher.doFinal(cleartext.getBytes("UTF8"));
}
public static byte[] decryptAES(String seed, byte[] data) throws Exception {
byte[] rawKey = getRawKey(seed.getBytes("UTF8"));
SecretKeySpec skeySpec = new SecretKeySpec(rawKey, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
return cipher.doFinal(data);
}
private static byte[] getRawKey(byte[] seed) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.setSeed(seed);
kgen.init(BLOCKS, sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
return raw;
}
private static byte[] pad(byte[] seed) {
byte[] nseed = new byte[BLOCKS / 8];
for (int i = 0; i < BLOCKS / 8; i++)
nseed[i] = 0;
for (int i = 0; i < seed.length; i++)
nseed[i] = seed[i];
return nseed;
}
public static byte[] encryptPBE(String password, String cleartext)
throws Exception {
SecretKeyFactory factory = SecretKeyFactory
.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1024, 256);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = cipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
return cipher.doFinal(cleartext.getBytes("UTF-8"));
}
public static String decryptPBE(SecretKey secret, String ciphertext,
byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));
return new String(cipher.doFinal(ciphertext.getBytes()), "UTF-8");
}
}

For AES/CBC/PKCS7 encryption/decryption, Just Copy and paste the following code and replace SecretKey and IV with your own.
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import android.util.Base64;
public class CryptoHandler {
String SecretKey = "xxxxxxxxxxxxxxxxxxxx";
String IV = "xxxxxxxxxxxxxxxx";
private static CryptoHandler instance = null;
public static CryptoHandler getInstance() {
if (instance == null) {
instance = new CryptoHandler();
}
return instance;
}
public String encrypt(String message) throws NoSuchAlgorithmException,
NoSuchPaddingException, IllegalBlockSizeException,
BadPaddingException, InvalidKeyException,
UnsupportedEncodingException, InvalidAlgorithmParameterException {
byte[] srcBuff = message.getBytes("UTF8");
//here using substring because AES takes only 16 or 24 or 32 byte of key
SecretKeySpec skeySpec = new
SecretKeySpec(SecretKey.substring(0,32).getBytes(), "AES");
IvParameterSpec ivSpec = new
IvParameterSpec(IV.substring(0,16).getBytes());
Cipher ecipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
ecipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);
byte[] dstBuff = ecipher.doFinal(srcBuff);
String base64 = Base64.encodeToString(dstBuff, Base64.DEFAULT);
return base64;
}
public String decrypt(String encrypted) throws NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException,
InvalidAlgorithmParameterException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException {
SecretKeySpec skeySpec = new
SecretKeySpec(SecretKey.substring(0,32).getBytes(), "AES");
IvParameterSpec ivSpec = new
IvParameterSpec(IV.substring(0,16).getBytes());
Cipher ecipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
ecipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec);
byte[] raw = Base64.decode(encrypted, Base64.DEFAULT);
byte[] originalBytes = ecipher.doFinal(raw);
String original = new String(originalBytes, "UTF8");
return original;
}
}

Old question but I upgrade the answers supporting Android prior and post 4.2 and considering all recent changes according to Android developers blog
Plus I leave a working example on my github repo.
import java.nio.charset.Charset;
import java.security.AlgorithmParameters;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
/*
* This software is provided 'as-is', without any express or implied
* warranty. In no event will Google be held liable for any damages
* arising from the use of this software.
*
* Permission is granted to anyone to use this software for any purpose,
* including commercial applications, and to alter it and redistribute it
* freely, as long as the origin is not misrepresented.
*
* #author: Ricardo Champa
*
*/
public class MyCipher {
private final static String ALGORITHM = "AES";
private String mySecret;
public MyCipher(String mySecret){
this.mySecret = mySecret;
}
public MyCipherData encryptUTF8(String data){
try{
byte[] bytes = data.toString().getBytes("utf-8");
byte[] bytesBase64 = Base64.encodeBase64(bytes);
return encrypt(bytesBase64);
}
catch(Exception e){
MyLogs.show(e.getMessage());
return null;
}
}
public String decryptUTF8(byte[] encryptedData, IvParameterSpec iv){
try {
byte[] decryptedData = decrypt(encryptedData, iv);
byte[] decodedBytes = Base64.decodeBase64(decryptedData);
String restored_data = new String(decodedBytes, Charset.forName("UTF8"));
return restored_data;
} catch (Exception e) {
MyLogs.show(e.getMessage());;
return null;
}
}
//AES
private MyCipherData encrypt(byte[] raw, byte[] clear) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, ALGORITHM);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
//solved using PRNGFixes class
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] data = cipher.doFinal(clear);
AlgorithmParameters params = cipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
return new MyCipherData(data, iv);
}
private byte[] decrypt(byte[] raw, byte[] encrypted, IvParameterSpec iv) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, ALGORITHM);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] decrypted = cipher.doFinal(encrypted);
return decrypted;
}
private byte[] getKey() throws Exception{
byte[] keyStart = this.mySecret.getBytes("utf-8");
KeyGenerator kgen = KeyGenerator.getInstance(ALGORITHM);
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "Crypto");
// if (android.os.Build.VERSION.SDK_INT >= 17) {
// sr = SecureRandom.getInstance("SHA1PRNG", "Crypto");
// } else {
// sr = SecureRandom.getInstance("SHA1PRNG");
// }
sr.setSeed(keyStart);
kgen.init(128, sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] key = skey.getEncoded();
return key;
}
////////////////////////////////////////////////////////////
private MyCipherData encrypt(byte[] data) throws Exception{
return encrypt(getKey(),data);
}
private byte[] decrypt(byte[] encryptedData, IvParameterSpec iv) throws Exception{
return decrypt(getKey(),encryptedData, iv);
}
}

If you are encrypting a text file, then the following test/sample may be useful. It does the following:
Create a byte stream,
wraps that with AES encryption,
wrap it next with text processing
and lastly buffers it
// AESdemo
public class AESdemo extends Activity {
boolean encryptionIsOn = true;
#Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_aesdemo);
// needs <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
String homeDirName = Environment.getExternalStorageDirectory().getAbsolutePath() +
"/" + getPackageName();
File file = new File(homeDirName, "test.txt");
byte[] keyBytes = getKey("password");
try {
File dir = new File(homeDirName);
if (!dir.exists())
dir.mkdirs();
if (!file.exists())
file.createNewFile();
OutputStreamWriter osw;
if (encryptionIsOn) {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivParameterSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec);
FileOutputStream fos = new FileOutputStream(file);
CipherOutputStream cos = new CipherOutputStream(fos, cipher);
osw = new OutputStreamWriter(cos, "UTF-8");
}
else // not encryptionIsOn
osw = new FileWriter(file);
BufferedWriter out = new BufferedWriter(osw);
out.write("This is a test\n");
out.close();
}
catch (Exception e) {
System.out.println("Encryption Exception "+e);
}
///////////////////////////////////
try {
InputStreamReader isr;
if (encryptionIsOn) {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivParameterSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);
FileInputStream fis = new FileInputStream(file);
CipherInputStream cis = new CipherInputStream(fis, cipher);
isr = new InputStreamReader(cis, "UTF-8");
}
else
isr = new FileReader(file);
BufferedReader in = new BufferedReader(isr);
String line = in.readLine();
System.out.println("Text read: <"+line+">");
in.close();
}
catch (Exception e) {
System.out.println("Decryption Exception "+e);
}
}
private byte[] getKey(String password) throws UnsupportedEncodingException {
String key = "";
while (key.length() < 16)
key += password;
return key.substring(0, 16).getBytes("UTF-8");
}
}

AES encrypt/decrypt in android
String encData= encrypt("keykey".getBytes("UTF-16LE"), ("0123000000000215").getBytes("UTF-16LE"));
String decData= decrypt("keykey",Base64.decode(encData.getBytes("UTF-16LE"), Base64.DEFAULT));
encrypt function
private static String encrypt(byte[] key, byte[] clear) throws Exception
{
MessageDigest md = MessageDigest.getInstance("md5");
byte[] digestOfPassword = md.digest(key);
SecretKeySpec skeySpec = new SecretKeySpec(digestOfPassword, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(clear);
return Base64.encodeToString(encrypted,Base64.DEFAULT);
}
decrypt function
private static String decrypt(String key, byte[] encrypted) throws Exception
{
MessageDigest md = MessageDigest.getInstance("md5");
byte[] digestOfPassword = md.digest(key.getBytes("UTF-16LE"));
SecretKeySpec skeySpec = new SecretKeySpec(digestOfPassword, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(encrypted);
return new String(decrypted, "UTF-16LE");
}
AES encrypt/decrypt in c#
static void Main(string[] args)
{
string enc = encryptAES("0123000000000215", "keykey");
string dec = decryptAES(enc, "keykey");
Console.ReadKey();
}
encrypt function
public static string encryptAES(string input, string key)
{
var plain = Encoding.Unicode.GetBytes(input);
// 128 bits
AesCryptoServiceProvider provider = new AesCryptoServiceProvider();
provider.KeySize = 128;
provider.Mode = CipherMode.ECB;
provider.Padding = PaddingMode.PKCS7;
provider.Key = CalculateMD5Hash(key);
var enc = provider.CreateEncryptor().TransformFinalBlock(plain, 0, plain.Length);
return Convert.ToBase64String(enc);
}
decrypt function
public static string decryptAES(string encryptText, string key)
{
byte[] enc = Convert.FromBase64String(encryptText);
// 128 bits
AesCryptoServiceProvider provider = new AesCryptoServiceProvider();
provider.KeySize = 128;
provider.Mode = CipherMode.ECB;
provider.Padding = PaddingMode.PKCS7;
provider.Key = CalculateMD5Hash(key);
var dec = provider.CreateDecryptor().TransformFinalBlock(enc, 0, enc.Length);
return Encoding.Unicode.GetString(dec);
}
create md5
public static byte[] CalculateMD5Hash(string input)
{
MD5 md5 = MD5.Create();
byte[] inputBytes = Encoding.Unicode.GetBytes(input);
return md5.ComputeHash(inputBytes);
}

Simple API to perform AES encryption on Android. This is the Android counterpart to the AESCrypt library Ruby and Obj-C (with the same defaults):
https://github.com/scottyab/AESCrypt-Android

Here is simple code snippet working for AES Encryption and Decryption.
import android.util.Base64;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class AESEncryptionClass {
private static String INIT_VECTOR_PARAM = "#####";
private static String PASSWORD = "#####";
private static String SALT_KEY = "#####";
private static SecretKeySpec generateAESKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
// Prepare password and salt key.
char[] password = new String(Base64.decode(PASSWORD, Base64.DEFAULT)).toCharArray();
byte[] salt = new String(Base64.decode(SALT_KEY, Base64.DEFAULT)).getBytes(StandardCharsets.UTF_8);
// Create object of [Password Based Encryption Key Specification] with required iteration count and key length.
KeySpec spec = new PBEKeySpec(password, salt, 64, 256);
// Now create AES Key using required hashing algorithm.
SecretKey key = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(spec);
// Get encoded bytes of secret key.
byte[] bytesSecretKey = key.getEncoded();
// Create specification for AES Key.
SecretKeySpec secretKeySpec = new SecretKeySpec(bytesSecretKey, "AES");
return secretKeySpec;
}
/**
* Call this method to encrypt the readable plain text and get Base64 of encrypted bytes.
*/
public static String encryptMessage(String message) throws BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException, NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException {
byte[] initVectorParamBytes = new String(Base64.decode(INIT_VECTOR_PARAM, Base64.DEFAULT)).getBytes(StandardCharsets.UTF_8);
Cipher encryptionCipherBlock = Cipher.getInstance("AES/CBC/PKCS5Padding");
encryptionCipherBlock.init(Cipher.ENCRYPT_MODE, generateAESKey(), new IvParameterSpec(initVectorParamBytes));
byte[] messageBytes = message.getBytes();
byte[] cipherTextBytes = encryptionCipherBlock.doFinal(messageBytes);
String encryptedText = Base64.encodeToString(cipherTextBytes, Base64.DEFAULT);
return encryptedText;
}
/**
* Call this method to decrypt the Base64 of encrypted message and get readable plain text.
*/
public static String decryptMessage(String base64Cipher) throws BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException, NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException {
byte[] initVectorParamBytes = new String(Base64.decode(INIT_VECTOR_PARAM, Base64.DEFAULT)).getBytes(StandardCharsets.UTF_8);
Cipher decryptionCipherBlock = Cipher.getInstance("AES/CBC/PKCS5Padding");
decryptionCipherBlock.init(Cipher.DECRYPT_MODE, generateAESKey(), new IvParameterSpec(initVectorParamBytes));
byte[] cipherBytes = Base64.decode(base64Cipher, Base64.DEFAULT);
byte[] messageBytes = decryptionCipherBlock.doFinal(cipherBytes);
String plainText = new String(messageBytes);
return plainText;
}
}
Now, call encryptMessage() or decryptMessage() for desired AES Operation with required parameters.
Also, handle the exceptions during AES operations.
Hope it helped...

To add bouncy castle to Android project: https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16/1.45
Add this line in your Main Activity:
static {
Security.addProvider(new BouncyCastleProvider());
}
public class AESHelper {
private static final String TAG = "AESHelper";
public static byte[] encrypt(byte[] data, String initVector, String key) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
Cipher c = Cipher.getInstance("AES/CBC/PKCS5PADDING");
SecretKeySpec k = new SecretKeySpec(Base64.decode(key, Base64.DEFAULT), "AES");
c.init(Cipher.ENCRYPT_MODE, k, iv);
return c.doFinal(data);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static byte[] decrypt(byte[] data, String initVector, String key) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
Cipher c = Cipher.getInstance("AES/CBC/PKCS5PADDING");
SecretKeySpec k = new SecretKeySpec(Base64.decode(key, Base64.DEFAULT), "AES");
c.init(Cipher.DECRYPT_MODE, k, iv);
return c.doFinal(data);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static String keyGenerator() throws NoSuchAlgorithmException {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(192);
return Base64.encodeToString(keyGenerator.generateKey().getEncoded(),
Base64.DEFAULT);
}
}

Categories