When I encrypt with AES/CBC/PKCS5Padding a normal String there is no problem.
When I use a JSON String which contains typical JSON type data and it throws an exception when doing Decryption:
Full Exception:
Exception in thread "main" javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:936)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
at javax.crypto.Cipher.doFinal(Cipher.java:2165)
at io.crypto.Crypto.doFinal(Crypto.java:60)
at io.crypto.Crypto.decrypt(Crypto.java:50)
at io.Controller.main(Controller.java:38)
AES Code:
public class Crypto {
private static final char[] HEX = new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'b', 'c', 'D', 'e', 'F'};
private static Cipher cipher;
public static void init() {
try {
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
} catch (NoSuchPaddingException | NoSuchAlgorithmException e) {
NetworkModule.handleException(e);
}
}
public static String encrypt(String password, String message) throws Exception {
String salt = random(16);
String iv = random(16);
SecretKey key = generateKey(salt, password);
byte[] encrypted = doFinal(Cipher.ENCRYPT_MODE, key, iv, message.getBytes("UTF-8"));
String code = Base64.getEncoder().encodeToString(encrypted);
return salt + code.substring(0, code.length() - 2) + iv;
}
public static String decrypt(String password, String message) throws Exception {
String salt = message.substring(0, 32);
String iv = message.substring(message.length() - 32, message.length());
String base = message.substring(32, message.length() - 32) + "==";
SecretKey key = generateKey(salt, password);
byte[] decrypted = doFinal(Cipher.DECRYPT_MODE, key, iv, Base64.getDecoder().decode(base));
return new String(decrypted, "UTF-8");
}
private static byte[] doFinal(int encryptMode, SecretKey key, String iv, byte[] bytes) {
try {
cipher.init(encryptMode, key, new IvParameterSpec(hex(iv)));
return cipher.doFinal(bytes);
} catch (InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
NetworkModule.handleException(e);
return null;
}
}
private static SecretKey generateKey(String salt, String passphrase) {
try {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(passphrase.toCharArray(), hex(salt), 1000, 128);
SecretKey key = new SecretKeySpec(factory.generateSecret(spec).getEncoded(), "AES");
return key;
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
NetworkModule.handleException(e);
return null;
}
}
private static String random(int length) {
byte[] salt = new byte[length];
new SecureRandom().nextBytes(salt);
return hex(salt);
}
private static String hex(byte[] data) {
int l = data.length;
char[] out = new char[l << 1];
int i = 0;
for (int var5 = 0; i < l; ++i) {
out[var5++] = HEX[(240 & data[i]) >>> 4];
out[var5++] = HEX[15 & data[i]];
}
return new String(out);
}
private static byte[] hex(String hex) {
char[] data = hex.toCharArray();
int len = data.length;
if ((len & 1) != 0) {
return null;
} else {
byte[] out = new byte[len >> 1];
int i = 0;
for (int j = 0; j < len; ++i) {
int f = Character.digit(data[j], 16) << 4;
++j;
f |= Character.digit(data[j], 16);
++j;
out[i] = (byte) (f & 255);
}
return out;
}
}
}
Working Example:
Crypto.init();
String password = "42cb54a0b6a89a53709301ee320f45de102dda05ccd1a49c3c62c19b7319ca73";
String message = "Hello World";
System.out.println(message);
String encrypt = Crypto.encrypt(password, message);
System.out.println(encrypt);
String decrypt = Crypto.decrypt(password, encrypt);
System.out.println(decrypt);
Ouput:
Hello World
3cc6b607175011Fc50bb498c8064863ebbAePnO7nmGSFLBr2KnfhQDAb84b338007b4e3e9bbFF3e35b0341A
Hello World
Exception Example:
Crypto.init();
String password = "42cb54a0b6a89a53709301ee320f45de102dda05ccd1a49c3c62c19b7319ca73";
String message = new PacketBuilder("example").build();
System.out.println(message);
String encrypt = Crypto.encrypt(password, message);
System.out.println(encrypt);
String decrypt = Crypto.decrypt(password, encrypt);
System.out.println(decrypt);
Ouput:
{"packet":"EXAMPLE"}
6b1FbA86e4F17A21633AA12c352eAD63ebKIw+ljAx4XsqBgK5Q3KQ2Hd5w8nO4NP9sqxC+CLI0A4D2e4AbF47ecF6b6149A8F2445658F
Exception in thread "main" ... full stacktrace on the top of the post
Alright, I have found the issue.
Upon checking variables I discovered that printing the code in the encrypt method would yield a String ending in a single space. However, you cut off two letters in your substring so the first thing you need to do is rewrite you return in that method like this
return salt + code.replace("=","") + iv;
Next whenever you are about to decode from base you do this
String base = message.substring(32, message.length() - 32) + "==";
But this is not necesary so change it like this
String base = message.substring(32, message.length() - 32);
After changing these your methods should work.
Related
In Java code, i have source work well, this is use for encrypt:
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
public class HelloWorld{
private static final String hexKey = "B8EE12E123C0E300A202074A153CC0D27D739357480FFFFFFFFFFFFFFFFFFFEF";
public static void main(String []args){
System.out.println("Encryt ==== ");
String textToEncrypt = "From=ABC&Key=FootID1234&Value=ResultValue2324";
String encryptedText = encrypt(textToEncrypt);
System.out.println(encryptedText);
System.out.println("Decrypt ==== ");
String decryptedText = decrypt(encryptedText);
System.out.println(decryptedText);
}
public static String encrypt (String plainText) {
String encryptedText = null;
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
SecretKeySpec secretKey = new SecretKeySpec(hexToBytes(hexKey), "AES");
IvParameterSpec ivparameterspec = new IvParameterSpec(hexKey.getBytes(), 0, 16);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivparameterspec);
byte[] cipherText = cipher.doFinal(plainText.getBytes("UTF8"));
encryptedText = bytesToHex(cipherText);
} catch (Exception E) {
System.out.println("Encrypt Exception : " + E.getMessage());
}
return encryptedText;
}
public static String decrypt(String encryptedText) {
String decryptedText = null;
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
SecretKeySpec secretKey = new SecretKeySpec(hexToBytes(hexKey), "AES");
IvParameterSpec ivparameterspec = new IvParameterSpec(hexKey.getBytes("UTF8"), 0, 16);
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivparameterspec);
byte[] cipherText = hexToBytes(encryptedText);
byte[] dcrbyte = cipher.doFinal(cipherText);
decryptedText = new String(dcrbyte, "UTF-8");
} catch (Exception E) {
System.out.println("Encrypt Exception : " + E.getMessage());
}
return decryptedText;
}
private static byte[] hexToBytes(String hexStr) {
byte[] val = new byte[hexStr.length() / 2];
for (int i = 0; i < val.length; i++) {
int idx = i * 2;
int j = Integer.parseInt(hexStr.substring(idx, idx + 2), 16);
val[i] = (byte) j;
}
return val;
}
private static String bytesToHex(byte[] hashInBytes) {
char[] hexArray = "0123456789ABCDEF".toCharArray();
char[] hexChars = new char[hashInBytes.length * 2];
for (int i = 0; i < hashInBytes.length; i++) {
int v = hashInBytes[i] & 0xFF;
hexChars[i * 2] = hexArray[v >>> 4];
hexChars[i * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
}
And in c#, i try to write decryptAes() function like this:
public static class Encryption
{
// use these parameters to test decryptAes()
//string key = "B8EE12E123C0E300A202074A153CC0D27D739357480FFFFFFFFFFFFFFFFFFFEF";
//string textToDecrypt = "756AD4D80E2CF1E289D55A23E092F012E8D5F372A343A419BC87F77B6335F04EFB41C3B56F5CDA167F90F67CD672A186";
public static string decryptAes(string key, string textToDecrypt)
{
RijndaelManaged rijndaelCipher = new RijndaelManaged();
// Assumed Mode and padding values.
rijndaelCipher.Mode = CipherMode.CBC;
rijndaelCipher.Padding = PaddingMode.PKCS7;
// AssumedKeySize and BlockSize values.
rijndaelCipher.KeySize = 0x80; //128
rijndaelCipher.BlockSize = 0x80;
// Convert Hex keys to byte Array.
byte[] encryptedData = HexToBytes(textToDecrypt);
//byte[] pwdBytes = System.Text.Encoding.GetEncoding("UTF-8").GetBytes(key);
byte[] pwdBytes = HexToBytes(key);
byte[] keyBytes = new byte[0x10]; //16
int len = pwdBytes.Length;
if (len > keyBytes.Length)
{
len = keyBytes.Length;
}
Array.Copy(pwdBytes, keyBytes, len);
rijndaelCipher.Key = keyBytes;
rijndaelCipher.IV = keyBytes;
// Decrypt data
byte[] plainText = rijndaelCipher.CreateDecryptor()
.TransformFinalBlock(encryptedData, 0, encryptedData.Length);
return Encoding.UTF8.GetString(plainText);
}
public static byte[] HexToBytes(string str)
{
if (str.Length == 0 || str.Length % 2 != 0)
return new byte[0];
byte[] buffer = new byte[str.Length / 2];
char c;
for (int bx = 0, sx = 0; bx < buffer.Length; ++bx, ++sx)
{
// Convert first half of byte
c = str[sx];
buffer[bx] = (byte)((c > '9' ? (c > 'Z' ? (c - 'a' + 10) : (c - 'A' + 10)) : (c - '0')) << 4);
// Convert second half of byte
c = str[++sx];
buffer[bx] |= (byte)(c > '9' ? (c > 'Z' ? (c - 'a' + 10) : (c - 'A' + 10)) : (c - '0'));
}
return buffer;
}
public static string ByteToHex(byte[] ba)
{
StringBuilder hex = new StringBuilder(ba.Length * 2);
foreach (byte b in ba)
hex.AppendFormat("{0:x2}", b);
return hex.ToString().ToUpper();
}
}
But the c# decryptAes() function does not work as i expect. An error
System.Security.Cryptography.CryptographicException: 'Padding is invalid and cannot be removed.'
has occured at line rijndaelCipher.Padding = PaddingMode.PKCS7;
When i change to rijndaelCipher.Padding = PaddingMode.None, it does not work as i expect, the c# result is not the same as the result of java.
Please help, any advice would be appreciated!
Thanks!
You need to explicitly set the padding for both encryption and decryption. Unless you have a reason to do otherwise, use PKCS#7 padding.
rijndaelCipher.Padding=PaddingMode.none;
now i am using scotabb libs AESCryptor for AES encryption in my android project,
i really need the string IV bcs my other project in swift(IOS) and the webservice (c#) using AES encrypt/decrypt 256 with String IV.
but in the scotabb aesencriptor using blank IV.
is it possible to change the blank IV(bytes) to the 16-length string ?
and how to do that ?
this is my class
public final class AEScrypt{
private static final String TAG = "AESCrypt";
//AESCrypt-ObjC uses CBC and PKCS7Padding
private static final String AES_MODE = "AES/CBC/PKCS7Padding";
private static final String CHARSET = "UTF-8";
//AESCrypt-ObjC uses SHA-256 (and so a 256-bit key)
private static final String HASH_ALGORITHM = "SHA-256";
//AESCrypt-ObjC uses blank IV (not the best security, but the aim here is compatibility)
private static final byte[] ivBytes = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
//togglable log option (please turn off in live!)
public static boolean DEBUG_LOG_ENABLED = false;
private static SecretKeySpec generateKey(final String password) throws NoSuchAlgorithmException, UnsupportedEncodingException {
final MessageDigest digest = MessageDigest.getInstance(HASH_ALGORITHM);
byte[] bytes = password.getBytes("UTF-8");
digest.update(bytes, 0, bytes.length);
byte[] key = digest.digest();
log("SHA-256 key ", key);
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
return secretKeySpec;
}
public static String encrypt(final String password, String message)
throws GeneralSecurityException {
try {
final SecretKeySpec key = generateKey(password);
log("message", message);
byte[] cipherText = encrypt(key, ivBytes, message.getBytes(CHARSET));
//NO_WRAP is important as was getting \n at the end
String encoded = Base64.encodeToString(cipherText, Base64.NO_WRAP);
log("Base64.NO_WRAP", encoded);
return encoded;
} catch (UnsupportedEncodingException e) {
if (DEBUG_LOG_ENABLED)
Log.e(TAG, "UnsupportedEncodingException ", e);
throw new GeneralSecurityException(e);
}
}
public static byte[] encrypt(final SecretKeySpec key, final byte[] iv, final byte[] message)
throws GeneralSecurityException {
final Cipher cipher = Cipher.getInstance(AES_MODE);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
byte[] cipherText = cipher.doFinal(message);
log("cipherText", cipherText);
return cipherText;
}
public static String decrypt(final String password, String base64EncodedCipherText)
throws GeneralSecurityException {
try {
final SecretKeySpec key = generateKey(password);
log("base64EncodedCipherText", base64EncodedCipherText);
byte[] decodedCipherText = Base64.decode(base64EncodedCipherText, Base64.NO_WRAP);
log("decodedCipherText", decodedCipherText);
byte[] decryptedBytes = decrypt(key, ivBytes, decodedCipherText);
log("decryptedBytes", decryptedBytes);
String message = new String(decryptedBytes, CHARSET);
log("message", message);
return message;
} catch (UnsupportedEncodingException e) {
if (DEBUG_LOG_ENABLED)
Log.e(TAG, "UnsupportedEncodingException ", e);
throw new GeneralSecurityException(e);
}
}
public static byte[] decrypt(final SecretKeySpec key, final byte[] iv, final byte[] decodedCipherText)
throws GeneralSecurityException {
final Cipher cipher = Cipher.getInstance(AES_MODE);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
byte[] decryptedBytes = cipher.doFinal(decodedCipherText);
log("decryptedBytes", decryptedBytes);
return decryptedBytes;
}
private static void log(String what, byte[] bytes) {
if (DEBUG_LOG_ENABLED)
Log.d(TAG, what + "[" + bytes.length + "] [" + bytesToHex(bytes) + "]");
}
private static void log(String what, String value) {
if (DEBUG_LOG_ENABLED)
Log.d(TAG, what + "[" + value.length() + "] [" + value + "]");
}
private static String bytesToHex(byte[] bytes) {
final char[] hexArray = {'0', '1', '2', '3', '4', '5', '6', '7', '8',
'9', 'A', 'B', 'C', 'D', 'E', 'F'};
char[] hexChars = new char[bytes.length * 2];
int v;
for (int j = 0; j < bytes.length; j++) {
v = bytes[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
private AESCrypt() {
}
}
You can change the IV to whatever 16 byte value you want. You can see that a static IV (a bad idea) is defined at the class level as 0x00 * 16. You can replace that byte array with another value, either raw bytes or a decoded hexadecimal or Base64 value, etc.
You should be providing a unique and non-predictable IV for every encryption operation and passing the IV along with the cipher text for use in decryption. The IV does not need to be protected or encrypted and can travel in the clear alongside the cipher text.
I've been playing around with encryption in Java, and I bumped upon strange behavior. When encrypting a byte[] data using
InputStream fin = new ByteArrayInputStream(data);
CipherInputStream cin = new CipherInputStream(fin, mEcipher);
where mEcipher is a well-initialized AES cipher, this works always except when the length of the array is a multiple of 16. Then the encryption skips the last 16 bytes. I have to workaround it by adding an additional 16 0's, which can't be the intention since the encryption is done per block of 16 bytes so there is no need for the last bytes to be 0.
Below is a small example that demonstrates the behavior. Why is this happening and how can I fix it? It is only happening with encryption, decryption works fine (and there the length is always a multiple of 16). The routines encrypt() and decrypt() are written fully symmetric. I presume this a weird quirk in CipherInputStream, but I'd like to understand the details of it.
class Crypto {
String mPassword = null;
public final static int SALT_LEN = 8;
byte[] mInitVec = null;
byte[] mSalt = null;
Cipher mEcipher = null;
Cipher mDecipher = null;
private final int KEYLEN_BITS = 128; // see notes below where this is used.
private final int ITERATIONS = 65536;
private final int MAX_FILE_BUF = 1024;
public Crypto(String password) {mPassword = password;}
public byte[] getSalt() {return (mSalt);}
public byte[] getInitVec() {return (mInitVec);}
public void setupEncrypt() throws Exception {
mSalt = new byte[SALT_LEN];
SecureRandom rnd = new SecureRandom();
rnd.nextBytes(mSalt);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(mPassword.toCharArray(), mSalt, ITERATIONS, KEYLEN_BITS);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
mEcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
mEcipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = mEcipher.getParameters();
mInitVec = params.getParameterSpec(IvParameterSpec.class).getIV();
}
public void setupDecrypt(String initvec, String salt) throws Exception {
mSalt = decodeHex(salt.toCharArray());
mInitVec = decodeHex(initvec.toCharArray());
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(mPassword.toCharArray(), mSalt, ITERATIONS, KEYLEN_BITS);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
mDecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
mDecipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(mInitVec));
}
public byte[] decrypt(byte[] data) throws IllegalBlockSizeException, BadPaddingException, IOException {
byte[] decdata = new byte[data.length];
int totalread = 0;
int nread = 0;
byte[] substr = new byte[16];
InputStream fin = new ByteArrayInputStream(data);
CipherInputStream cin = new CipherInputStream(fin, mDecipher);
while ((nread = cin.read(substr)) > 0) {
for (int i = 0; i < nread; i++) decdata[totalread+i] = substr[i];
totalread += nread;
}
fin.close();
return decdata;
}
public byte[] encrypt(byte[] data) throws IllegalBlockSizeException, BadPaddingException, IOException {
System.out.println("data.length="+data.length);
byte[] encdata = new byte[data.length+15-(data.length-1)%16];
System.out.println("encdata.length="+encdata.length);
int totalread = 0;
int nread = 0;
byte[] substr = new byte[16];
InputStream fin = new ByteArrayInputStream(data);
CipherInputStream cin = new CipherInputStream(fin, mEcipher);
while ((nread = cin.read(substr)) > 0 && totalread<data.length) {
for (int i = 0; i < nread; i++) encdata[totalread+i] = substr[i];
totalread += nread;
}
fin.close();
return encdata;
}
public static void main(String[] args) throws Exception {
String inpstr = "Dit is een test.Zit if een mewt.";
Crypto en = new Crypto("mypassword");
en.setupEncrypt();
String iv = encodeHexString(en.getInitVec()).toUpperCase();
String salt = encodeHexString(en.getSalt()).toUpperCase();
byte[] inp = inpstr.getBytes();
byte[] enc = en.encrypt(inp);
System.out.println("In: "+Arrays.toString(inp));
System.out.println("En: "+Arrays.toString(enc));
Crypto dc = new Crypto("mypassword");
dc.setupDecrypt(iv, salt);
byte[] oup = dc.decrypt(enc);
System.out.println("En: "+Arrays.toString(enc));
System.out.println("Ou: "+Arrays.toString(oup));
}
public static final String DEFAULT_CHARSET_NAME = "UTF_8";
private static final char[] DIGITS_LOWER = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
private static final char[] DIGITS_UPPER = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
private static byte[] decodeHex(char[] data) {
int len = data.length;
if ((len & 0x01) != 0) {
throw new UnsupportedOperationException("Odd number of characters.");
}
byte[] out = new byte[len >> 1];
// two characters form the hex value.
for (int i = 0, j = 0; j < len; i++) {
int f = toDigit(data[j], j) << 4;
j++;
f = f | toDigit(data[j], j);
j++;
out[i] = (byte) (f & 0xFF);
}
return out;
}
private static char[] encodeHex(byte[] data) {
return encodeHex(data, true);
}
private static char[] encodeHex(byte[] data, boolean toLowerCase) {
return encodeHex(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER);
}
private static char[] encodeHex(byte[] data, char[] toDigits) {
int l = data.length;
char[] out = new char[l << 1];
// two characters form the hex value.
for (int i = 0, j = 0; i < l; i++) {
out[j++] = toDigits[(0xF0 & data[i]) >>> 4];
out[j++] = toDigits[0x0F & data[i]];
}
return out;
}
private static String encodeHexString(byte[] data) {
return new String(encodeHex(data));
}
private static int toDigit(char ch, int index) {
int digit = Character.digit(ch, 16);
if (digit == -1) {
throw new UnsupportedOperationException("Illegal hexadecimal character " + ch + " at index " + index);
}
return digit;
}
}
You are using PKCS #5 padding, which means your output data will always be larger than your input data. If your input data is block-aligned (i.e. a multiple of sixteen bytes), you will get sixteen bytes of padding added. Your code assumed they would be equal in length.
I've corrected and simplified your encrypt and decrypt methods. Using a ByteArrayOutputStream avoids you needing to know the expected size of the output in both cases. I took the liberty of using try-with-resources statements, if you are using Java 6 or below you'll have to edit those out.
public byte[] decrypt(byte[] data) throws IllegalBlockSizeException,
BadPaddingException, IOException {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
int nread = 0;
byte[] substr = new byte[16];
try (InputStream fin = new ByteArrayInputStream(data);
CipherInputStream cin = new CipherInputStream(fin, mDecipher)) {
while ((nread = cin.read(substr)) > 0) {
bos.write(substr, 0, nread);
}
return bos.toByteArray();
}
}
public byte[] encrypt(byte[] data) throws IllegalBlockSizeException,
BadPaddingException, IOException {
System.out.println("data.length=" + data.length);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
int nread = 0;
byte[] substr = new byte[16];
try (ByteArrayInputStream fin = new ByteArrayInputStream(data);
CipherInputStream cin = new CipherInputStream(fin, mEcipher)) {
while ((nread = cin.read(substr)) > 0) {
bos.write(substr, 0, nread);
}
return bos.toByteArray();
}
}
i try to decrypt a encrypted text and use this code but get this error to me:
Exception in thread "main" java.security.InvalidKeyException: Illegal key size
and decryption code is:
String key = "ffce885876a617e7";
String vector = "9ee153a3df56965e7baf13a7fa1075cc";
IvParameterSpec ivSpec = new IvParameterSpec(key.getBytes());
SecretKeySpec keySpec = new SecretKeySpec(vector.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec); //error occured in this line
.getBytes() will not automagically convert a "hex string" to the matching bytes.
Instead, try this utility method:
private static byte[] hexStringToBytes(final String input)
{
final int len = input.length();
if (len % 2 != 0)
throw new IllegalArgumentException();
final byte[] ret = new byte[len / 2];
int offset = 0;
for (int i = 0; i < ret.length; i++) {
ret[i] = (byte) Integer.parseInt(input.substring(offset, offset+2), 16);
offset += 2;
}
return ret;
}
Then in your code use hexStringToBytes(key) etc.
I uses this one to decrypt AES. But in Android env instead of Java vanila.
public String decrypt(String enc) throws Exception {
try {
String key = "ffce885876a617e7";
String vector = "9ee153a3df56965e7baf13a7fa1075cc";
IvParameterSpec ivSpec = new IvParameterSpec(key.getBytes());
SecretKeySpec keySpec = new SecretKeySpec(vector.getBytes(),
"AES");
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
return new String(cipher.doFinal(hexToByte(enc)), "UTF-8");
} catch (Exception localException) {
throw new Exception("[decrypt] " + localException.getMessage());
}
}
private static byte[] hexToByte(String enc) {
int j = enc.length() / 2;
byte[] arrayOfByte = new byte[j];
if (j >= 2) {
for (int i = 0; i < j; i++) {
arrayOfByte[i] = ((byte) Integer.parseInt(
enc.substring(i * 2, 2 + i * 2), 16));
}
}
return arrayOfByte;
}
I'm trying to encrypt data between my android application and a PHP webservice.
I found the next piece of code in this website: http://schneimi.wordpress.com/2008/11/25/aes-128bit-encryption-between-java-and-php/
But when I try to decrypt I get the Exception of the title "data not block size aligned"
This are the method in my MCrypt class
public String encrypt(String text) throws Exception
{
if(text == null || text.length() == 0)
throw new Exception("Empty string");
Cipher cipher;
byte[] encrypted = null;
try {
cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
encrypted = cipher.doFinal(padString(text).getBytes());
} catch (Exception e)
{
throw new Exception("[encrypt] " + e.getMessage());
}
return new String( encrypted );
}
public String decrypt(String code) throws Exception
{
if(code == null || code.length() == 0)
throw new Exception("Empty string");
Cipher cipher;
byte[] decrypted = null;
try {
cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
decrypted = cipher.doFinal(hexToBytes(code));
} catch (Exception e)
{
throw new Exception("[decrypt] " + e.getMessage());
}
return new String( decrypted );
}
private static byte[] hexToBytes(String hex) {
String HEXINDEX = "0123456789abcdef";
int l = hex.length() / 2;
byte data[] = new byte[l];
int j = 0;
for (int i = 0; i < l; i++) {
char c = hex.charAt(j++);
int n, b;
n = HEXINDEX.indexOf(c);
b = (n & 0xf) << 4;
c = hex.charAt(j++);
n = HEXINDEX.indexOf(c);
b += (n & 0xf);
data[i] = (byte) b;
}
return data;
}
private static String padString(String source)
{
char paddingChar = ' ';
int size = 16;
int x = source.length() % size;
int padLength = size - x;
for (int i = 0; i < padLength; i++)
{
source += paddingChar;
}
return source;
}
And this is how I'm using it in my activity to test:
String encrypted = mcrypt.encrypt(jsonUser.toString());
String decrypted = mcrypt.decrypt(encrypted);
the encrypt method works fine, but the second throws an exception.
At last! I made it work! Thanks for all your suggestion. I would like to share the code just in case somebody get stuck like me:
JAVA
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class MCrypt {
private String iv = "fedcba9876543210";//Dummy iv (CHANGE IT!)
private IvParameterSpec ivspec;
private SecretKeySpec keyspec;
private Cipher cipher;
private String SecretKey = "0123456789abcdef";//Dummy secretKey (CHANGE IT!)
public MCrypt()
{
ivspec = new IvParameterSpec(iv.getBytes());
keyspec = new SecretKeySpec(SecretKey.getBytes(), "AES");
try {
cipher = Cipher.getInstance("AES/CBC/NoPadding");
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public byte[] encrypt(String text) throws Exception
{
if(text == null || text.length() == 0)
throw new Exception("Empty string");
byte[] encrypted = null;
try {
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
encrypted = cipher.doFinal(padString(text).getBytes());
} catch (Exception e)
{
throw new Exception("[encrypt] " + e.getMessage());
}
return encrypted;
}
public byte[] decrypt(String code) throws Exception
{
if(code == null || code.length() == 0)
throw new Exception("Empty string");
byte[] decrypted = null;
try {
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
decrypted = cipher.doFinal(hexToBytes(code));
} catch (Exception e)
{
throw new Exception("[decrypt] " + e.getMessage());
}
return decrypted;
}
public static String bytesToHex(byte[] data)
{
if (data==null)
{
return null;
}
int len = data.length;
String str = "";
for (int i=0; i<len; i++) {
if ((data[i]&0xFF)<16)
str = str + "0" + java.lang.Integer.toHexString(data[i]&0xFF);
else
str = str + java.lang.Integer.toHexString(data[i]&0xFF);
}
return str;
}
public static byte[] hexToBytes(String str) {
if (str==null) {
return null;
} else if (str.length() < 2) {
return null;
} else {
int len = str.length() / 2;
byte[] buffer = new byte[len];
for (int i=0; i<len; i++) {
buffer[i] = (byte) Integer.parseInt(str.substring(i*2,i*2+2),16);
}
return buffer;
}
}
private static String padString(String source)
{
char paddingChar = ' ';
int size = 16;
int x = source.length() % size;
int padLength = size - x;
for (int i = 0; i < padLength; i++)
{
source += paddingChar;
}
return source;
}
}
HOW TO USE IT (JAVA)
mcrypt = new MCrypt();
/* Encrypt */
String encrypted = MCrypt.bytesToHex( mcrypt.encrypt("Text to Encrypt") );
/* Decrypt */
String decrypted = new String( mcrypt.decrypt( encrypted ) );
====================================================
PHP
<?php
class MCrypt
{
private $iv = 'fedcba9876543210'; #Same as in JAVA
private $key = '0123456789abcdef'; #Same as in JAVA
function __construct()
{
}
function encrypt($str) {
//$key = $this->hex2bin($key);
$iv = $this->iv;
$td = mcrypt_module_open('rijndael-128', '', 'cbc', $iv);
mcrypt_generic_init($td, $this->key, $iv);
$encrypted = mcrypt_generic($td, $str);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return bin2hex($encrypted);
}
function decrypt($code) {
//$key = $this->hex2bin($key);
$code = $this->hex2bin($code);
$iv = $this->iv;
$td = mcrypt_module_open('rijndael-128', '', 'cbc', $iv);
mcrypt_generic_init($td, $this->key, $iv);
$decrypted = mdecrypt_generic($td, $code);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return utf8_encode(trim($decrypted));
}
protected function hex2bin($hexdata) {
$bindata = '';
for ($i = 0; $i < strlen($hexdata); $i += 2) {
$bindata .= chr(hexdec(substr($hexdata, $i, 2)));
}
return $bindata;
}
}
HOW TO USE IT (PHP)
<?php
$mcrypt = new MCrypt();
#Encrypt
$encrypted = $mcrypt->encrypt("Text to encrypt");
#Decrypt
$decrypted = $mcrypt->decrypt($encrypted);
I'm guessing your keyspec and ivspec are not valid for decryption. I've typically transformed them into PublicKey and PrivateKey instances and then use the private key to decrypt.
I looked at the comments in the other answer. I ran into a similar problem trying to encrypt a large block of text using open SSL in php (on both sides). I imagine the same issue would come up in Java.
If you have a 1024 bit RSA key, you must split the incoming text into 117 byte chunks (a char is a byte) and encrypt each (you can concatenate them together). On the other end, you must split the encrypted data into 128 byte chunks and decrypt each. This should give you your original message.
Also note that http may not play friendly with the non-ASCII encrypted data. I base64 encode/decode it before and after transmission (plus you have to worry about additional urlencoding for the base64 change, but it is easy).
I'm not sure of your AES key length, but if it's 1024 bits the chunk length is probably the same. If it's not, you will have to divide the bits by 8 to find the byte chunk length coming out. I'm actually not sure how to get it coming in, unfortunately (maybe multiply by 117/128 ?)
Here's some php code:
class Crypto {
public function encrypt($key, $data) {
$crypto = '';
foreach (str_split($data, 117) as $chunk) {
openssl_public_encrypt($chunk, $encrypted, $key);
$crypto .= $encrypted;
}
return $crypto;
}
//Decrypt omitted. Basically the same, change 117 to 128.
/**##+
* Update data for HTTP transmission and retrieval
* Must be used on encrypted data, but also useful for any binary data
* (e.g. zip files).
*/
public function base64_encode($value) {
return rtrim(strtr(base64_encode($value), '+/', '-_'), '=');
}
//String length must be padded for decoding for some reason
public function base64_decode($value) {
return base64_decode(str_pad(strtr($value, '-_', '+/')
, strlen($value) % 4, '=', STR_PAD_RIGHT));
}
/**##-*/
}