encryption code of java applied in PHP resulting in wrong decryption string - java
I am using one encryption/decryption method used in java and applying it in php . I have almost reached to the end but there is one mistake which I found that my decrypted string is not what i was expecting ,
This is my java code
private static final String ALGORITHM = "AES/CBC/PKCS5Padding";
public static String encrypt(String message, String key) throws GeneralSecurityException, UnsupportedEncodingException {
if (message == null || key == null) {
throw new IllegalArgumentException("text to be encrypted and key should not be null");
}
Cipher cipher = Cipher.getInstance(ALGORITHM);
byte[] messageArr = message.getBytes();
byte[] keyparam = key.getBytes();
SecretKeySpec keySpec = new SecretKeySpec(keyparam, "AES");
byte[] ivParams = new byte[16];
byte[] encoded = new byte[messageArr.length + 16];
System.arraycopy(ivParams, 0, encoded, 0, 16);
System.arraycopy(messageArr, 0, encoded, 16, messageArr.length);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(ivParams));
byte[] encryptedBytes = cipher.doFinal(encoded);
encryptedBytes = Base64.getEncoder().encode(encryptedBytes);
return new String(encryptedBytes);
}
public static String decrypt(String encryptedStr, String key) throws GeneralSecurityException, UnsupportedEncodingException {
if (encryptedStr == null || key == null) {
throw new IllegalArgumentException("text to be decrypted and key should not be null");
}
Cipher cipher = Cipher.getInstance(ALGORITHM);
byte[] keyparam = key.getBytes();
SecretKeySpec keySpec = new SecretKeySpec(keyparam, "AES");
byte[] encoded = encryptedStr.getBytes();
encoded = Base64.getDecoder().decode(encoded);
byte[] decodedEncrypted = new byte[encoded.length - 16];
System.arraycopy(encoded, 16, decodedEncrypted, 0, encoded.length - 16);
byte[] ivParams = new byte[16];
System.arraycopy(encoded, 0, ivParams, 0, ivParams.length);
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(ivParams));
byte[] decryptedBytes = cipher.doFinal(decodedEncrypted);
return new String(decryptedBytes);
}
now i have done this in php like this
$encKey = 'encryptionKey';
$cipher = "aes-256-cbc";
$data = 'some data';
$encryption_key = openssl_random_pseudo_bytes(32);
$iv_size = openssl_cipher_iv_length($cipher);
$iv = openssl_random_pseudo_bytes($iv_size);
$ciphertext_raw = openssl_encrypt(json_encode($data), 'aes-256-cbc', $encKey, $options = OPENSSL_RAW_DATA, $iv);
//$ciphertext_raw = openssl_encrypt(json_encode($data), $cipher, $encKey, $options=OPENSSL_RAW_DATA, $iv);
$encrypted_data = base64_encode($iv . $ciphertext_raw);
print_r($encrypted_data);
now the problem is when i encrypt one string in php and decrypt it in java code it add some escape sequence but when i encrypt that same string in java and decrypt it in java it is proper and accurate and i am not sure why this is happening ... may be i am doing some thing wrong
as I have to do this encryption in php using java code i am not sure that is this process going in right way or there is some error .
this is the string which i am encrypting
String str = "vendor_id=INT_GTW&format=json&msg_code=KBEX99&data={\"header\":{\"msg_code\":\"KBEX99\",\"source\":\"INSTANTPAY\",\"channel\":\"CONBNK\",\"txn_ref_number\":\"INSTANTPAY_CONBNK_00001\",\"txn_datetime\":\"1498118309808\",\"ip\":\"1\",\"device_id\":\"XYWZPQR123\",\"api_version\":\"1.0.0\"},\"detail\":{\"entity\":\"INSTANTPAY\",\"intent\":\"REG\",\"user_identifier\":\"INSTANTPAY28423928\",\"crn\":\"105683710\",\"p1\":\"105683710\",\"p2\":\"\",\"p3\":\"INSTANTPAY\",\"p4\":\"\",\"p5\":\"\",\"p6\":\"\",\"p7\":\"\",\"p8\":\"\",\"p9\":\"\",\"p10\":\"\",\"p11\":\"\",\"p12\":\"\",\"p13\":\"\",\"p14\":\"\",\"p15\":\"\",\"p16\":\"\",\"p17\":\"\",\"p18\":\"\",\"p19\":\"\",\"p20\":\"\"}}";
and this is decrypted string
vendor_id=INT_GTW&format=json&msg_code=KBEX99&data={"header":{"msg_code":"KBEX99","source":"INSTANTPAY","channel":"CONBNK","txn_ref_number":"INSTANTPAY_CONBNK_00001","txn_datetime":"1498118309808","ip":"1","device_id":"XYWZPQR123","api_version":"1.0.0"},"detail":{"entity":"INSTANTPAY","intent":"REG","user_identifier":"INSTANTPAY28423928","crn":"105683710","p1":"105683710","p2":"","p3":"INSTANTPAY","p4":"","p5":"","p6":"","p7":"","p8":"","p9":"","p10":"","p11":"","p12":"","p13":"","p14":"","p15":"","p16":"","p17":"","p18":"","p19":"","p20":""}}
but when i am doing it in php and decrypting
"vendor_id=INT_GTW&format=json&msg_code=KBEX99&data={\"header\":{\"msg_code\":\"KBEX99\",\"source\":\"INSTANTPAY\",\"channel\":\"CONBNK\",\"txn_ref_number\":\"INSTANTPAY_CONBNK_00001\",\"txn_datetime\":\"1498118309808\",\"ip\":\"1\",\"device_id\":\"XYWZPQR123\",\"api_version\":\"1.0.0\"},\"detail\":{\"entity\":\"INSTANTPAY\",\"intent\":\"REG\",\"user_identifier\":\"INSTANTPAY28423928\",\"crn\":\"105683710\",\"p1\":\"105683710\",\"p2\":\"\",\"p3\":\"INSTANTPAY\",\"p4\":\"\",\"p5\":\"\",\"p6\":\"\",\"p7\":\"\",\"p8\":\"\",\"p9\":\"\",\"p10\":\"\",\"p11\":\"\",\"p12\":\"\",\"p13\":\"\",\"p14\":\"\",\"p15\":\"\",\"p16\":\"\",\"p17\":\"\",\"p18\":\"\",\"p19\":\"\",\"p20\":\"\"}}"
i am getting this
So any encryption decryption expert please help me in this ...
Thank you !!
Related
I want to decrypt and enccrypt the data in flutter
I want to encrypt the data in flutter using the AES cbc-128 algorithm. below is the java code for that i want to achieve the same functionality as below but in dart. i have tried
cryptography
dependency in flutter but the problem with that is that i want to use my own key in the algorithm as below in the java code. if you know any method for achieving this please let me know.
public static String Decrypt(String text, String key) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
byte[] keyBytes = new byte[16];
byte[] b = key.getBytes("UTF-8");
int len = b.length;
if (len > keyBytes.length)
len = keyBytes.length;
System.arraycopy(b, 0, keyBytes, 0, len);
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
BASE64Decoder decoder = new BASE64Decoder();
byte[] results = cipher.doFinal(decoder.decodeBuffer(text));
return new String(results, "UTF-8");
}
public static String Encrypt(String text, String key) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
byte[] keyBytes = new byte[16];
byte[] b = key.getBytes("UTF-8");
int len = b.length;
if (len > keyBytes.length)
len = keyBytes.length;
System.arraycopy(b, 0, keyBytes, 0, len);
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
byte[] results = cipher.doFinal(text.getBytes("UTF-8"));
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(results);
}
Test Case
For the following input
plainText="This is plain text";
key="sahtojetrout2";
i want the encrypted result to be
encryptedText="8FmSMnDsFJVyNUXunhJLSmhFnRq89fl5DyTp0wdYfgk=";
which Topaco has written in an online editor you can check out that here Java Code. In flutter i have tried the program given at the Flutter site
You can do AES CBC-128 encryption in flutter with the help of crypt library. It supports the AES cbc encryption. The following sample code accepts key-string and plain-text as arguments and encrypts it as you have mentioned. You can pass your own key here. For AES-128, you need 128 bit key or 16 character string.
import 'package:encrypt/encrypt.dart';
void main() {
final key = "Your16CharacterK";
final plainText = "lorem ipsum example example";
Encrypted encrypted = encrypt(key, plainText);
String decryptedText = decrypt(key, encrypted);
print(decryptedText);
}
String decrypt(String keyString, Encrypted encryptedData) {
final key = Key.fromUtf8(keyString);
final encrypter = Encrypter(AES(key, mode: AESMode.cbc));
final initVector = IV.fromUtf8(keyString.substring(0, 16));
return encrypter.decrypt(encryptedData, iv: initVector);
}
Encrypted encrypt(String keyString, String plainText) {
final key = Key.fromUtf8(keyString);
final encrypter = Encrypter(AES(key, mode: AESMode.cbc));
final initVector = IV.fromUtf8(keyString.substring(0, 16));
Encrypted encryptedData = encrypter.encrypt(plainText, iv: initVector);
return encryptedData;
}
In the above example, the IV is created from the key itself to keep the code easy to read. Use random data for IV for better security. Referred article for flutter encryption.
Android String Encryption/Decryption
I want to encrypt and decrypt a String from an EditText using AndroidKeyStore. My problem is that at the decrypt process is get a BadPaddingException.
Key generator code:
KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder(ALIAS, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT).
setBlockModes(KeyProperties.BLOCK_MODE_GCM).setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE).build();
keyGenerator.init(keyGenParameterSpec);
keyGenerator.generateKey();
Encryption code:
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(ALIAS, null);
SecretKey secretKey = secretKeyEntry.getSecretKey();
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
cipherIV = cipher.getIV();
plainText.setText(new String(cipher.doFinal(plainText.getText().toString().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
Decryption code:
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
final KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(ALIAS, null);
final SecretKey secretKey = secretKeyEntry.getSecretKey();
final Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
final GCMParameterSpec spec = new GCMParameterSpec(128, cipherIV);
cipher.init(Cipher.DECRYPT_MODE, secretKey, spec);
byte[] decrypted = cipher.doFinal(plainText.getText().toString().getBytes(StandardCharsets.UTF_8));
plainText.setText(new String(decrypted, StandardCharsets.UTF_8));
This line is in error: plainText.setText(new String(cipher.doFinal(plainText.getText().toString().getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8)); If we break it apart, we have something like byte [] cipherBytes = cipher.doFinal(plainText.getText().toString().getBytes(StandardCharsets.UTF_8)); plainText.setText(new String(cipherBytes, StandardCharsets.UTF_8); The problem is that cipherBytes is a sequence of arbitrary bytes rather than the characters of a string. The String constructor will silently replace invalid characters with something else, a process which corrupts the data. If you want to display the cipher bytes or otherwise send it to a character oriented channel you must encode it. Typically encodings are base64 or hex. To decrypt the String you must then decode it to bytes first and then decrypt it. Example: byte [] cipherBytes = cipher.doFinal(plainText.getText().toString().getBytes(StandardCharsets.UTF_8)); plainText.setText(Base64.encodeToString(cipherBytes, Base64.DEFAULT)); And on decrypt: byte[] cipherBytes = Base64.decode(plainText.getText().toString(), Base64.DEFAULT); byte[] decrypted = cipher.doFinal(cipherBytes);
byte[] decrypted = cipher.doFinal(plainText.getText().toString().getBytes(StandardCharsets.UTF_8));
This line may not work well because of the call of getBytes(StandardCharsets.UTF_8). If your EditText is hex representation, try to convert it to string and then invoke getBytes(). E.g.
public static byte[] convertHexStringToByteArray(String hexString) {
int l = hexString.length();
byte[] data = new byte[l/2];
for (int i = 0; i < l; i += 2) {
data[i/2] = (byte)((Character.digit(hexString.charAt(i), 16) << 4) + Character.digit(hexString.charAt(i+1), 16));
}
return data;
}
javax.crypto.IllegalBlockSizeException:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH
I use aes-256-cbc for data encrypt/decrypt.
When decrypt data with php code i'm not getting an error.
Php code like this:
$key = 'd7df7d66bc110ba2e03a3a647ecd8c3f';
$iv = '73e8c03a24b4bb1e';
$encrypt_method = "AES-256-CBC";
$encrypted_text = "K0JOVFQreEQ4TlRjWGwyNXBhejRtQWVWU2doVkRsUjkvaEhQamlRdWRIWWpQQ0dVWmNpNTJXR3hhbXdWbDN4WGJpcGZTblpHRVpyeGpDY2lLc3o4cGJEeHdwdmZDTUlxalRyeDdVYlB4SmJtVUhEQkVSN3VZSklWb2h0dlZkYmY=";
$output = openssl_decrypt(base64_decode($data), $encrypt_method, $key, 0, $iv);
output:
{"Sayfa":"b2pneVd4bUcQT09","TelNo":"905373603204","Sifre":"9cbf8a4dcb8e30682b927f352d6559a0"}
But when decrypt data with android ( java ) code i getting an error like this:
javax.crypto.IllegalBlockSizeException:Cipher functions:OPENSSL_internal:WRONG_FINAL_BLOCK_LENGTH
Java code :
String key = "d7df7d66bc110ba2e03a3a647ecd8c3f";
String iv = "73e8c03a24b4bb1e";
String encryptedText = "K0JOVFQreEQ4TlRjWGwyNXBhejRtQWVWU2doVkRsUjkvaEhQamlRdWRIWWpQQ0dVWmNpNTJXR3hhbXdWbDN4WGJpcGZTblpHRVpyeGpDY2lLc3o4cGJEeHdwdmZDTUlxalRyeDdVYlB4SmJtVUhEQkVSN3VZSklWb2h0dlZkYmY=";
AESUtil.decrypt(encryptedText,key,iv);
public String decrypt(String encryptedText, String key, String iv) {
byte[] cipheredBytes = Base64.decode(encryptedText,Base64.DEFAULT);
byte[] keyBytes = getKeyBytes(key);
byte[] ivBytes = getIvBytes(iv);
return new String(decrypt(cipheredBytes, keyBytes, ivBytes), "UTF-8");
}
public byte[] decrypt(byte[] cipherText, byte[] key, byte [] initialVector) {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
IvParameterSpec ivParameterSpec = new IvParameterSpec(initialVector);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec);
return cipher.doFinal(cipherText);
}
private byte[] getIvBytes(String iv) {
byte[] keyBytes= new byte[16];
byte[] parameterKeyBytes= iv.getBytes(characterEncoding);
System.arraycopy(parameterKeyBytes, 0, keyBytes, 0, Math.min(parameterKeyBytes.length, keyBytes.length));
return keyBytes;
}
private byte[] getKeyBytes(String key){
byte[] keyBytes= new byte[32];
byte[] parameterKeyBytes= key.getBytes(characterEncoding);
System.arraycopy(parameterKeyBytes, 0, keyBytes, 0, Math.min(parameterKeyBytes.length, keyBytes.length));
return keyBytes;
}
where is the error in java code?
I don't have Android, and on regular Java (Oracle JavaSE 8) after replacing that Base64 decoder with the Oracle one I don't get that error, but I do get BadPaddingException because your data is actually double base64 encoded. In your PHP this works because you decode explicitly once, then openssl_decrypt with options=0 does the second decode. In Java if I base64-decode the data twice (and use key and IV directly as bytes, as PHP did, even though they look like they should be hex-decoded) it does decrypt successfully and as expected. According to the doc on developer.android.com I think Android's Base64.DEFAULT is the same as Oracle's default, but I can't verify that myself.
How authentication tag is calculated in AES-GCM-256
I have a sample code,which encrypt and decrypt a string using AES-GCM-256.
I am unable to understand,how authentication tag is being generated on encrypter side and how is that being used on decrypter side.
Actually here i am not generating authentication tag either on encrypter side nor validating decrypter side,so is it being done internally by library itself.
private static String encrypt(String s, byte[] k) throws Exception {
SecureRandom r = SecureRandom.getInstance("SHA1PRNG");
// Generate 128 bit IV for Encryption
byte[] iv = new byte[12]; r.nextBytes(iv);
SecretKeySpec eks = new SecretKeySpec(k, "AES");
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
// Generated Authentication Tag should be 128 bits
c.init(Cipher.ENCRYPT_MODE, eks, new GCMParameterSpec(128, iv));
byte[] es = c.doFinal(s.getBytes(StandardCharsets.UTF_8));
// Construct Output as "IV + CIPHERTEXT"
byte[] os = new byte[12 + es.length];
System.arraycopy(iv, 0, os, 0, 12);
System.arraycopy(es, 0, os, 12, es.length);
// Return a Base64 Encoded String
return Base64.getEncoder().encodeToString(os);
}
private static String decrypt(String eos, byte[] k) throws Exception {
// Recover our Byte Array by Base64 Decoding
byte[] os = Base64.getDecoder().decode(eos);
// Check Minimum Length (IV (12) + TAG (16))
if (os.length > 28) {
byte[] iv = Arrays.copyOfRange(os, 0, 12);
byte[] es = Arrays.copyOfRange(os, 12, os.length);
// Perform Decryption
SecretKeySpec dks = new SecretKeySpec(k, "AES");
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.DECRYPT_MODE, dks, new GCMParameterSpec(128, iv));
// Return our Decrypted String
return new String(c.doFinal(es), StandardCharsets.UTF_8);
}
throw new Exception();
}
Translating an encryption method from Java to C#
I need to implement an encryption and decryption method pair using C# that uses "AES/ECB/PKCS5Padding". The original code is in Java. Here is the encryption method in Java:
public static String Encrypt(String plainText, byte[] key2) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
byte[] encryptedTextBytes=null;
byte[] key3 =null;
MessageDigest sha = MessageDigest.getInstance("SHA-1");
key3= sha.digest(key2);
key3 = copyOf(key3, 16);
SecretKeySpec keySpec = new SecretKeySpec(key3, "AES");
// Instantiate the cipher
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
encryptedTextBytes = cipher.doFinal(plainText.getBytes("UTF-8"));
return new Base64().encode(encryptedTextBytes);
}
And this is my attempt at reconstructing it in C#:
public static string Encrypt_AES(string plainText, byte[] key2)
{
var sha = new System.Security.Cryptography.SHA1CryptoServiceProvider();
byte[] key3 = new byte[16];
sha.TransformFinalBlock(key2, 0, key2.Length);
var tmpkey = sha.Hash;
Array.Copy(tmpkey, key3, 16);
var aes = new System.Security.Cryptography.AesCryptoServiceProvider();
aes.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
aes.Mode = System.Security.Cryptography.CipherMode.ECB;
aes.Key = key3;
var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
var encryptor = aes.CreateEncryptor();
byte[] encryptedTextBytes = encryptor.TransformFinalBlock(plainTextBytes, 0, plainTextBytes.Length);
return Convert.ToBase64String(encryptedTextBytes);
}
After encrypting some content and sending it to a remote service, the service replies with an error saying that it could not decrypt the message. So I'm assuming something is wrong with it.
I also have an example for a decrypt method in Java. I implemented that method too and tried to encrypt and decrypt some text locally. When I do that, the Decrypt_AES method is throwing a CryptographicException at TransformFinalBlock() saying "Padding is invalid and cannot be removed." Maybe I'm using the CryptoProvider classes wrong?
Here are the Java and C# versions of the decrypt function:
Java
public static String Decrypt(String encryptedText, byte[] key2) throws NoSuchAlgorithmException,NoSuchPaddingException,InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
byte[] decryptedTextBytes=null;
byte[] key3 =null;
MessageDigest sha = MessageDigest.getInstance("SHA-1");
key3= sha.digest(key2);
key3 = copyOf(key3, 16);
SecretKeySpec keySpec = new SecretKeySpec(key3, "AES");
// Instantiate the cipher
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, keySpec);
byte[] encryptedTextBytes = new Base64().decode(encryptedText);
decryptedTextBytes = cipher.doFinal(encryptedTextBytes);
return new String(decryptedTextBytes);
}
C#
public static string Decrypt_AES(byte[] key2, string encryptedText)
{
var sha = new System.Security.Cryptography.SHA1CryptoServiceProvider();
byte[] key3 = new byte[16];
sha.TransformFinalBlock(key2, 0, key2.Length);
var tmpkey = sha.Hash;
Array.Copy(tmpkey, key3, 16);
var aes = new System.Security.Cryptography.AesCryptoServiceProvider();
aes.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
aes.Mode = System.Security.Cryptography.CipherMode.ECB;
aes.Key = key3;
var encryptedBytes = Encoding.UTF8.GetBytes(encryptedText);
var decryptor = aes.CreateDecryptor();
var decryptedBytes = decryptor.TransformFinalBlock(encryptedBytes, 0, encryptedBytes.Length);
return System.Text.Encoding.UTF8.GetString(decryptedBytes);
}
Thank you for any hint in advance!
You are not Base64-decoding your ciphertext in your decrypt method. var encryptedBytes = Encoding.UTF8.GetBytes(encryptedText); should be changed to something like var encryptedBytes = Convert.FromBase64String(encryptedText);