This question already has an answer here:
Closed 11 years ago.
Possible Duplicate:
Java AES Encrypt Entire String
Im having problems with the conversions back and forth between strings and byte arrays.
Basically I've made a small program to encrypt and decrypt messages using AES.
After encrypting the message this happens:
byte[] result = cipher.doFinal(message.getBytes());
String stringResult = new String(result);
Which converts the encrypted message to a string.
Now my decryptor changes the string back to a byte using:
byte[] result = stringResult.getBytes();
but when it decrypts the message (depending on the message) it may not be able to. There appears to be a padding problem and the error that I get is:
Exception in thread "main" javax.crypto.BadPaddingException: Given final block not properly padded
Any ideas why this occurs?
One example when this occurs for sure is when the encryption key is "1231231231231231" and the message encrypted is "read".
You're using the platform default encoding - once to convert message to bytes, and once to then convert the arbitrary binary output of encryption back into a string. Both steps are problematic.
Firstly, it's best to use a fixed encoding which is known to cover the whole of Unicode when converting the string to bytes. UTF-8 is usually a good bet.
Then there's the matter of representing arbitrary binary data as text. This isn't text data represented in an encoding - it's binary data. Interpreting it as if it were text data will almost certainly lose information. You need something more robust, capable of round-tripping arbitrary binary data. Base64 is usually the way to go.
There's a public domain base64 encoder which works pretty well as far as I know. So your encryption code becomes:
byte[] result = cipher.doFinal(message.getBytes("UTF-8"));
String stringResult = Base64.encodeBytes(result);
The decrypting code would then be:
byte[] encrypted = Base64.decode(encryptedBase64);
byte[] decrypted = /* do the decryption here */
String message = new String(decrypted, "UTF-8");
Your encrypted bytes are binary data which are unlikely to survive conversion to a string and back. If it needs to be stored in a string then Base64 encode it.
Related
I'm writing a program to encrypt data.
I created a random IV this way:
byte[] ivBytes = new byte[16];
IvParameterSpec iv = new IvParameterSpec(ivBytes);
And used it for the cipher.
Now I want to store this IV in a configuration file so I can transport it to the decrypting function, and for that I need to convert the IV to a string format.
I used byte curIV[] = cipher.getIV(); to get the IV and printed it's value to the console, but when I convert it to string,
this way String ivString = new String(curIV);, it doesn't return anything.
Your code works correctly
The array is initialized with a size of 16, where each of this 16 bytes is a 0.
Now, lets look at the ascii table to find the correct character for 0.
Aha, the character for 0 is character NUL.
If you do a new String(cipher.getIV()); you become a valid String value containing no informations.
How to solve
Simply convert a String of size 16 to bytes.
byte[] ivBytes = "123456789abcdef".getBytes();
Security
Computers are good in calculation but bad in random values. Random values are hard to estimated. That makes random values important for security. That makes the 16x0 byte array a bad idea.
Configuration
Finally you need to store that information to the configuration. Hm, as this character is not readable character its hard to save this to a text-based configuration.
Focusing on security you should not allow 16x0 IVs. So 16x0 IVs must not be able to be stored to the configuration.
Suggestion
Use this instead:
String ivString = "blahblah"; // read from configuration if required
IvParameterSpec iv = new IvParameterSpec(ivString.getBytes());
ivString = new String(iv.getIV()); //write to configuration if required
byte[] ivBytes = new byte[16];
This creates an array of 16 bytes initialized to 0. 0x00 is not a printable character (it's a control character), so you might have trouble seeing it printed (either problem in printing or problem with how you view the printed result).
Depending on your needs, you may want to:
Print it using Arrays.toString() as suggested by #TmTron (but expect to not see the printed result properly in some programs, you'll need hexa viewer to see it properly)
Print it in hexadecimal representation
Encode it using Base64
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
the conversion string to byte and back are different. I use to encypt/decrypt des and when i recive a string by Server, the server make toString(),i make myString.getByte for decrypt. decrypt not working because Input length must be multiple of 8 when decrypting with padded cipher... anyone can help me. thank you.
Server:
String keySession=DesKeySession.toString();
String Message=keySessione+"1.1.1.1";
byte [] text=(Message).getBytes();
// Encrypt the text
byte[] textEncrypted = desCipher.doFinal(text);
String StringtextEncrypted = textEncrypted.toString();
OutLista.InsertTail(StringtextEncrypted);
//list to send client with all information
outToClient.writeObject(OutLista);
Client:
String mesage=listaFromServer.DeleteTail();
byte [] messaggioKab=(message).getBytes();
// Initialize the same cipher for decryption
desCipher.init(Cipher.DECRYPT_MODE, myDesKey);
// Decrypt the text
byte[] textDecrypted = desCipher.doFinal(messaggioKab);//error
There are two problems here:
You are not converting a byte array to a String correctly. You must use new String, not toString().
In C, you can use a string to hold bytes. In Java, you cannot, because not every byte will be a valid representation of a character.
Both problems are due to this line:
String StringtextEncrypted = textEncrypted.toString();
In Java, all primitive arrays directly extend java.lang.Object. Such arrays do not define a toString method, which means every primitive array inherits the toString method of Object, which for a byte array usually produces something like "[B#19de8a6f89".
For this reason, you cannot convert a byte array to a String using toString(). You must create a String directly:
String stringtextEncrypted = new String(textEncrypted);
However, this is not safe unless you know your bytes actually represent characters encoded with a Charset. Your bytes are not encoded in a charset—they are the result of an encryption operation. It is never safe to store arbitrary bytes in a String as one might do in C, because the bytes may contain invalid sequences according to the charset used to decode them, and such invalid sequences will be automatically replaced with a designated "invalid sequence" character like ? or � in the new String.
(The actual charset used is the platform's default charset, since you didn't specify one explicitly; that is another issue with your code, since the client and server may not have the same default charset, but the above problems need to be corrected first.)
Simply put, you cannot safely use a String to hold your encrypted bytes. However, since byte[] is a subclass of Object, you can always put the encrypted byte array itself in your list. All primitive arrays are serializable.
By the way, the convention in Java is for all variable names and method names to start with a lowercase letter (except static final variables, which are usually constants). You should use names like message, insertTail and deleteTail.
I need to attach a Base64 binary element to a SOAP message...Im doing a dry run to check if I can convert a value read from a file into Base64 binary..
Here is the below code..In the last line I try to print the type of encoded1(I assume it should be Base64 binary values) but I get the following display..."Attachment[B"...How can I confirm if its Base64 binary string?
Path path = Paths.get("c:/tomcatupload/text.csv");
byte[] attachment1 = Files.readAllBytes(path);
byte[] encoded1 = Base64.encode(attachment1);
System.out.println("Attachment"+ encoded1.getClass().getName());
Base-64 encoding is a way to convert arbitrary bytes to bytes that fit in a range of text characters in ASCII encoding. This is done without any interpretation whatsoever - raw bytes are converted to base-64 on sender's end; the receiver converts them back to a stream of bytes, and that's all there is to it.
When your code prints encoded1.getClass().getName(), all it gets is the static type of the byte array. In order to interpret the data encoded in base-64 as something meaningful to your program, you need to know the format of underlying data transported as base-64. Once the bytes are delivered to you (in your case, that's encoded1 array of bytes) you need to decide what's inside, and act accordingly.
For example, if a serialized Java object is sent to you as base-64, you need to take encoded1, make an in-memory stream from it, and read the object using the regular serialization mechanism:
ByteArrayInputStream memStream = new ByteArrayInputStream(encoded1);
ObjectInputStream objStream = new ObjectInputStream(memStream);
Object attachedObject = objStream.readObject();
The encoding by Base64.encode() was successful if and only if size of encoded1 > size of obtained attachment1.
Please refer, to understand how the encoding works.
http://en.wikipedia.org/wiki/Base64
By the way, your last statement doesn't print the array content. It prints the name of the class to which encoded1 belongs to.
I'm working on communicating with a server and I've reached the final stage, where after negotiating keys and setting the session key, I send an encrypted message and the server answers back.
Currently, we're working with AES-256 CBC, with a random IV that gets sent to the server and I locally store. The problem that I'm currently facing is when I decrypt the data I got from the server:
decryptCipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(cipher.getIV(), 0, 16));
//Get the array after the 7 bytes from the header
byte[] encrypted = Arrays.copyOfRange(sbResponse.toString().getBytes(), 7, sbResponse.toString().length());
When I try to decrypt that parsed array, any of the following happen, however, the response from the server does not vary in length or content at all:
I can't decrypt it, because of the following error:
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
I can't decrypt it, this error comes up:
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
I can decrypt it, certain blocks come up fine, but some of them, have weird characters among clear text:
k¤kC²O©æÖ—Õw½QøX»ÌEXøÀWHÌËùtiÓaÚo at?the application
Everything comes up just fine.
So, I have to make a bunch of calls until I get a clean response from the server.
What I've noticed is that the server does change the IV on its end, however, on my end, the IV always remains the same when I ask the Cipher for it, so I really don't know where else to look.
Here's an excerpt of the code that gets the response from the server:
StringBuilder sb = new StringBuilder();
while (ConnectionStatus.LISTENING.equals(status)) {
if (in.ready()) {
sb.append((char) in.read());
} else {
if (sb.length() > 0) {
status = ConnectionStatus.OPEN;
}
}
}
if (ConnectionStatus.TIMEOUT.equals(status)) {
status = ConnectionStatus.OPEN;
throw new TimeoutException();
}
Does anyone have any idea on what might be happening?
Let me know if you need further details, code or anything.
The problem is with storing binary data into a String.
If the InputStreamReader expects UTF-8, it most likely encounters invalid data since most binary streams are not valid UTF-8. Data is lost when the reader encounters a sequence of bytes that is not a valid character.
There are at least two or three solutions:
Switch to the underlying InputStream for binary data. Since an InputStreamReader may perform buffering, this is problematic - even if this might happen with some charsets only (To enable the efficient conversion of bytes to characters, more bytes may be read ahead from the underlying stream than are necessary to satisfy the current read operation.)
Always treat data as binary, and only if you expect textual data, convert the data to String.
Encode the encrypted message to text before transmission, and decode it after receiving. There are several standard encoding schemes or you may roll your own. Here are some:
Hexadecimal - not exactly efficient (4 bits per character) but easier to implement manually.
Base64 - the de-facto standard in binary data encoding (6 bits per character). While not a part of the JFC (yet), there's at least one library for that.
Ascii85 - the top notch in encoding density to printable text (6.4 bits per character), if you can find a library for that. It's not widely used.
I am converting a byte[] array to string . And then converting the string back to byte[] array. Then on checking if both the arrays are equal - I get that they are not equal:
byte[] ciphertext2=c.doFinal(username.getBytes("utf-8"));
//JUST CHECKING IGNORE
String qaz=new String(ciphertext2,"utf-8");
//qaz=qaz+"1";
System.out.println("just chekcing------------------------"+qaz);
byte[] ciphertext3=qaz.getBytes("utf-8");
if(Arrays.equals(ciphertext2,ciphertext3))
{
System.out.println("just chekcing they are equal------------------------");
}
else
System.out.println("just chekcing they are not equal------------------------");<br>
OUTPUT :
just chekcing they are not equal--------------------
Why doesn't it work?
Edit
It works perfectly fine when using Base64 of java. But why doesn't it work when converting byte to string and vice-versa directly? What actually happens when you convert a string a byte array and vice versa?
If this is the result of encryption, you should not be using a string constructor. You don't have encoded text - you have arbitrary binary data. You need to understand the difference between data which is fundamentally text and which needs to be represented in binary (e.g. writing a text file to disk) and data which is fundamentally binary and which needs to be represented in text (e.g. including encrypted data in an XML document).
You should use base64 (e.g. with this public domain library) or possibly hex. This will result in ASCII data which is guaranteed to roundtrip to the original binary data.