Let's say I have a Base64 String:
data = AOUTl5C2QV2xFRPlzKR0Ag==
I want to generate a Key in Java (Android) from the first 10 characters of this Base64 String and then use it to AES-Decrypt a Message sent from the Server. To do this, I use the below code:
String firstTen = data.substring(0, 10);
byte[] decodedBytes = Base64.decode(firstTen, Base64.DEFAULT);
SecretKeySpec key = new SecretKeySpec(decodedBytes, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] original = cipher.doFinal(Message_to_Decrypt, Base64.DEFAULT));
But then I can a Java.security.Exception:
java.security.InvalidKeyException: Key length not 128/192/256 bits.
Is there a way that I can get a valid Key which I can use for AES decryption from the first 10 Characters of a Base64String?
Extend the 10 characters with a hash function or better yet PBKDF2 (Password Based Key Derivation Function 2).
You really need to provide a key of an expected length, AES keys can be 128, 192 or 256 bytes long. While some AED implementations may null pad the key do not rely on that, it is not part of the standard.
The error message says: Key length not 128/192/256 bits.
You are using 10 Characters, each char is 8 bits. So 10*8=80. Try with 16 characters (128/8=16).
Related
I have received a message from AT5 (Atrack) unite encoded with AES-128 ECB encryption and this is the key in hex (33333838000000000000000000000000)
the original key is in string "3388"
and this is the cipher that i received but i convert it to hex
Whenever I try to decrypt the message, I face this exception:
Error while decrypting: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
Here is my code:
orginalString
?U??????}MgD?R???`????
#?j????g:N???#???$=???r?u?>~??Qh,?N?????3?8:?-E??;?b<J??I?v{?'o?m[?|?CY?n????K????>?ã??<?,???? ??f?'???}&?}?7r%??93??!u?0D?3Ig|??%'????*??`?Y^?M?4J?I?>?tIu???;?RR;2??{nrl??us
?R?F?oi????
String strToDecrypt = "E255898281B7C0B67D4D6744DB52FA1789F760B99B86A40A1F238B6ABCC690C1C9673A4E07EA03F79B40B2ACC8243DD098F4B10E72BA75CE3E7EE50F935168042CC74EA2F4BBE3D833F4383AE02D45C0119C3BC8623C4AD5189249FAB0BB767BA2276FB56D5BF27CE017435901DD8F6EC9DECD05B74BF51A99B1933E89C3A3AD06CA893CE72CDDEAE5F509E2D01B66A02717AADD0C917D26BA7DB1377225CCF23933E5F92175BD3044C63349677CEBC6251B27BE1FC9FD7FC32A0785F36019C2595E1EE783B64DB2344A14CE49C63EAB74174975FCE1C53BD95252113B0332CBD7A37B6E726CCFF675730DB052B14605E36F69AF11E8F3D2002D8BABEFFF508187E4C176329A3ABE08CF2B9A9F4812CF4084BACE87AD116F49C2ACD449767E758CE9184C60268AE3AAEADA052C91BF16241682E333671AC209D5BDC34CFD2B2D0C8D6D795D36A5FBD707FB56F71B3740BA86B1CEAC6E784E8E2B999CC6C9260A13F697A115C80F29C5AA38E95964731073CB051BB8A201EBAE6443A057AA69CFF41C9A593F88E2D6A712107EABCDE7042134F818268BF31896072C1B399B878BACCECC096F79A8D1835C2766EA639341E4AB22820D5AAD0F202BC896BD6C6F4D1FB1873C5BE06278D11E67F577D0120E054971088E7DB7E3A8139B20C6E22B86205BC0F4778A1DA0D6E50416FCE55DBC576A9F907FC706148204CA3C79993A4F37756427871C12EB379B4BFA0A518FFCA2BC698B1CA68AC9B3548B241C12669CEFAC9C8ECDB7B5A8149B";
secretKey = new SecretKeySpec("33333838000000000000000000000000".getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] cipherResult = cipher.doFinal(Base64.decodeBase64(strToDecrypt));
Your strToDecrypt seems to be hex encoded, not base64 encoded .. so you need to hex decode it before decrypting, instead of base64 decoding. But actually you encrypted data if hex decoded, would also end up having an invalid size. Your hex string is 1200 hex chars = 600 bytes = 37.5 AES blocks of 16 bytes .. Something seems to be wrong with your data ..
Also, your key is also Hex encoded, so you need to hex decode it .. not just do a getBytes(..).
I'm writing a program to encrypt and decrypt data.
for encrypting,
I created a symmetric key using keyGenerator.
I transferred the key to the cipher, and created a string version of the key:
String keyString = Base64.getEncoder().encodeToString(symmetricKey.getEncoded());
in order to store it in a configuration file (so I can retrieve the key in the decrypt function).
Now, in the decrypt function I need to get that string back to key format, so I can send it as a parameter to the cipher in dercypt mode.
I convert it back to key this way:
byte[] keyBytes = key.getBytes(Charset.forName("UTF-8"));
Key newkey = new SecretKeySpec(keyBytes,0,keyBytes.length, "AES");
And I transffer it to the cipher and write the output (the decrypted data) using CipherInputStream:
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, newkey, newiv, SecureRandom.getInstance("SHA1PRNG"));
CipherInputStream cipherInputStream = new CipherInputStream(
new ByteArrayInputStream(encryptedBytes), cipher);
ArrayList<Byte> decryptedVal = new ArrayList<>();
int nextByte;
while ((nextByte = cipherInputStream.read()) != -1) {
decryptedVal.add((byte) nextByte);
}
byte[] bytes = new byte[decryptedVal.size()];
for (int i = 0; i < bytes.length; i++) {
bytes[i] = decryptedVal.get(i);
}
String decryptedData = new String(bytes);
cipherInputStream.close();
System.out.println("decryptedData: " + decryptedData);
I get this error:
Exception in thread "main" java.io.IOException: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
So I suspect that there might be a problem with the way I treat the key.
Any suggestions? help would be appreciated!
I think you have not sent IV to decryption function. For decryption in CBC mode, you must provide an IV which is used in encryption process.
Update:
IV will affect only first block in CBC decryption mode. So my answer may affect the unpadding if your data is less than 1 block. It will just change the decrypted plaintext of the first block otherwise.
Of course you get this error: first you apply base 64 encoding:
String keyString = Base64.getEncoder().encodeToString(symmetricKey.getEncoded());
and then you use character-encoding to turn it back into bytes:
byte[] keyBytes = key.getBytes(Charset.forName("UTF-8"));
which just keeps be base64 encoding, probably expanding the key size from 16 bytes to 24 bytes which corresponds with a 192 bit key instead of a 128 bit key. Or 24 bytes key to a 32 bytes key of course - both seem to work.
To solve this you need to use Base64.getDecoder() and decode the key.
Currently you get a key with a different size and value. That means that each block of plaintext, including the last one containing the padding, will decrypt to random plaintext. As random plaintext is unlikely to contain valid padding, you will be greeted with a BadPaddingException.
Reminder:
encoding, e.g. base 64 or hex: encoding bytes to a text string
character-encoding, e.g. UTF-8 or ASCII: encoding a text string into bytes
They are not opposites, that would be decoding and character-decoding respectively.
Remarks:
yes, listen to Ashfin; you need to use a random IV during encryption and then use it during decryption, for instance by prefixing it to the ciphertext (unencrypted);
don't use ArrayList<Byte>; that stores a reference to each separate byte (!) - use ByteArrayOutputStream or any other OutputStream instead;
you can better use a byte buffer and use that to read / write to the streams (note that the read function may not fill the buffer, even if at the start or in the middle of the stream) - reading a single byte at the time is not performant;
lookup try-with-resources for Java;
using a KeyStore may be better than storing in a config file;
GCM mode (AES/GCM/NoPadding) also authenticates data and should be preferred over CBC mode.
How can a JWT created in Java with JJWT (https://github.com/jwtk/jjwt) be verified using Node.js? If we create the JWT like below and print the value out:
byte[] apiKeySecretBytes = DatatypeConverter.parseBase64Binary("something");
Key key = new SecretKeySpec(apiKeySecretBytes, SignatureAlgorithm.HS512.getJcaName());
JwtBuilder builder = Jwts.builder()
.setSubject(subject)
.signWith(SignatureAlgorithm.HS512, key);
System.put.println(builder.compact());
Trying to decode the printed out string in Node.js results to invalid signature error:
var nJwt = require('jsonwebtoken');
var token = 'eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJKb2UifQ.dqJqRrJ1zDlNq79RAJqhbqme23Fq_Fh9M4MufE5AT8A7-c2yo3OgG71RMSsUxloceG0WaYwhz3WIprcdZsYY_Q',
secretKey = 'something';
var verifiedJwt = nJwt.verify(token,secretKey);
console.log(verifiedJwt);
The token value is not correct in the example above, just provided as an example.
You're base64 decoding the String something when using JJWT, but you're not doing that when using nJwt.
The bytes of a String and the bytes resulting from Base64 decoding the same String are different byte arrays. So your two code samples are using effectively different keys.
edit:
Also, for what its worth, to ensure key integrity guarantees, you should ensure that your key when using HMAC-SHA algorithms is equal to or greater than the hash output length.
For SHA-256, the output length is 256 bits, SHA-384 is 384 and SHA-512 is 512. This implies a minimum key length of 32 bytes (32 ascii chars), 48 bytes, and 64 bytes, respectively. Using something as a key (9 bytes) for HMAC-SHA-512 is not advisable.
This is why JJWT provides convenience key generators to ensure best practices:
byte[] hmacSha512Key = MacProvider.generateKey().getEncoded();
byte[] hmacSha384Key = MacProvider.generateKey(SignatureAlgorithm.HS384).getEncoded();
byte[] hmacSha256Key = MacProvider.generateKey(SignatureAlgorithm.HS256).getEncoded();
HTH!
I am using 3DESC to decrypt data but i am getting following exception
java.security.InvalidKeyException: Invalid key length: 16 bytes
My Code:
public static byte[] decrypt3DESCBC(byte[] keyBytes, byte[] ivBytes,
byte[] dataBytes) {
try {
AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivBytes);
SecretKeySpec newKey = new SecretKeySpec(keyBytes, "DESede");
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, newKey, ivSpec); // Causes Exception
return cipher.doFinal(dataBytes);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
Printed all the byte array above used
keyBytes : FC15780BB4B0**********0876482C1B // Masked 10 Characters
ivBytes : 0000000000000000
dataBytes : AF53C90F7FAD977E**********69DB5A2BF3080F9F07F4BFEA3EDB4DE96887BE7D40A5A590C0911A // Masked 10 Characters
DES-EDE cipher can be used with 3 different subkeys therefore the key size should be 24 bytes (3 times 8 bytes). If you want to use only 2 keys (i.e. in this mode first key == last key) then you just have to duplicate the first 8 bytes of the key array.
byte[] key;
if (keyBytes.length == 16) {
key = new byte[24];
System.arraycopy(keyBytes, 0, key, 0, 16);
System.arraycopy(keyBytes, 0, key, 16, 8);
} else {
key = keyBytes;
}
You are using an older Java version that does not handle 128 bit key lengths. In principle, 3DES always uses three keys - keys ABC - which are 64 bit each when we include the parity bits into the count (for a single DES encrypt with A, then decrypt with B, then encrypt again with C). 128 bit (dual) key however uses A = C. So to create a valid 24 byte key, you need to copy and concatenate the first 8 bytes to the tail of the array. Or you could upgrade to a newer JRE, or use a provider that does accept 16 byte 3DES keys.
Note that 192 bit (168 bit effective) 3DES keys are quite a bit more secure than 128 (112 bit effective) bit keys; 128 bit 3DES is not accepted by NIST (which handles US government standardization of cryptography) anymore. You should try and switch to AES if possible; AES doesn't have these kind of shenanigans and is much more secure.
I have some data from a external party which is encrypted according to them in: 'Rijndeal 256 with the private key'
Alongside these records there are a public and private key certificate which look like RSA certificates.
From what i've learned so far it seems the common way to use encryption with certifcates is to generate a 'secret key' or some kind in initialization vector and use this to encrypted text. So i'm thinking this is probably what they have done (the data was encrypted by a PHP application)
I'm trying to decrypt this text with javax.crypto.Cipher but i think i problably need more information on the specific encryption, but i dont really know what information to ask for, and think its likely the 'default options' will probably work. (Communication with the supplying party is difficult and slow).
i'm currently Using the following code to get the private key:
InputStreamReader ir = new InputStreamReader(the_inputstream_for_the_private_key_record);
Security.addProvider(new BouncyCastleProvider());
pemr = new PEMReader(ir);
Object o = pemr.readObject();
keyPair kp = (KeyPair) o;
return kp.getPrivate();
This seems to work as i get a instantiated PrivateKey object without errors the toString looks like:
RSA Private CRT Key
modulus: c98faa50ba69<trimmed>
public exponent: 10001
private exponent: bb889fbe5cb2a6763f...<trimmed>
primeP: eb73e85dc636f5751b...<trimmed>
primeQ: db269bd603a2b81fc9...<trimmed>
primeExponentP: 85b9f111c190595cc8...<trimmed>
primeExponentQ: a66d59a75bb77530de...<trimmed>
crtCoefficient: 79415b078c4c229746...<trimmed>
For each record i also have a entry like the following:
{
"decryptedLength":128389,
"symKeyLength":32,
"symKey":"SImE8VnSZaAu1Ve...<trimmed (this is always 685 chars long) >...ayaJcnpSeOqAGM7q="
}
Basically this is where i'm a bit stuck.
My guess would be that that 'symkey' value is encrypted with RSA which in turn when decrypted would yield the secretKey for the AES part, but if i try:
Cipher rsaCipher = Cipher.getInstance("RSA");
rsaCipher.init(Cipher.DECRYPT_MODE, key);
byte[] b = rsaCipher.doFinal('symkey'.getbytes());
this gets me "javax.crypto.IllegalBlockSizeException: Data must not be longer than 512 bytes", which seems logical since this string is 685characters long
I'm probably missing something very obvious here...
Any suggestions are appreciated.
Just guessing, but I think the value
"symKey":"SImE8VnSZaAu1Ve...<trimmed (this is always 685 chars long) >...ayaJcnpSeOqAGM7q="
is the base64 encoded output from RSA encryption using a 4096-bit public key. You need to first base64 decode the value into a byte[] array, then decrypt it with the private key, the result of which will be a 256-bit key. Note that "Rijndael 256" is ambiguous, since Rijndael supports both a 256 bit blocksize and also a 256 bit keysize.
with GregS's answer i finaly got this to work.
(adding an answer in case someone else needs to decrypt similar php encoded stuff).
The first part was to decrypt de symmetricKey ("symkey") from the metaData string
This was as Greg notes a Base64 encoded, RSA encrypted key which was decoded like so:
Cipher rsaCipher = Cipher.getInstance("RSA");
rsaCipher.init(Cipher.DECRYPT_MODE, key);
byte[] encryptedRijndaelKey = Base64.decodeBase64(base64EncodedSymetricKey); //from the metaData
byte[] rijndaelKeyBytes = rsaCipher.doFinal(encryptedRijndaelKey);
This Rijndael key was then used to decrypt de actual encrypted data like so:
RijndaelEngine rijndaelEngine = new RijndaelEngine(256); // *1 *2
KeyParameter keyParam = new KeyParameter(rijndaelKeyBytes)
rijndaelEngine.init(false, keyParam); //false == decrypt
PaddedBufferedBlockCipher bbc = new PaddedBufferedBlockCipher(rijndaelEngine, new ZeroBytePadding()); // *3
byte[] decryptedBytes = new byte[decryptedLenght]; //from the storageOptions string
int processed = bbc.processBytes(inputBytes, 0, inputBytes.length, decryptedBytes, 0);
bbc.doFinal(decryptedBytes, processed);
*1 because the Sun JCA only supports common AES which has a 128bits keysize i had to use a different provider (BouncyCastle).
*2 apparently the blocksize was also 256 bits (trail & error)
*3 apparently there was no padding used, thus the ZeroPadding for padding (again trail & error).
The symKey value is Base64 encoded and must be decoded before you can do the private key decryption on it. Also, the symmetric encryption sounds like it is AES-256. (AES is based on the Rijndael cipher).