So, we are using AES GCM encryption & decryption in nodejs as follows,
We need to use this in Java. So one can encrypt in Java and decrypt in nodeJs and vice versa.
here is encrypt decrypt function in node
const encrypt = (text, masterkey) => {
// random initialization vector
const iv = crypto.randomBytes(16);
// random salt
const salt = crypto.randomBytes(64);
// derive encryption key: 32 byte key length
// in assumption the masterkey is a cryptographic and NOT a password there is no need for
// a large number of iterations. It may can replaced by HKDF
// the value of 2145 is randomly chosen!
const key = crypto.pbkdf2Sync(masterkey, salt, 2145, 32, 'sha512');
// AES 256 GCM Mode
const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
// encrypt the given text
const encrypted = Buffer.concat([
cipher.update(text, 'utf8'),
cipher.final()
]);
// extract the auth tag
const tag = cipher.getAuthTag();
// generate output
return Buffer.concat([salt, iv, tag, encrypted]).toString('base64');
};
const decrypt = (encdata, masterkey) => {
// base64 decoding
const bData = Buffer.from(encdata, 'base64');
// convert data to buffers
const salt = bData.slice(0, 64);
const iv = bData.slice(64, 80);
const tag = bData.slice(80, 96);
const text = bData.slice(96);
// derive key using; 32 byte key length
const key = crypto.pbkdf2Sync(masterkey, salt, 2145, 32, 'sha512');
// AES 256 GCM Mode
const decipher = crypto.createDecipheriv('aes-256-gcm', key, iv);
decipher.setAuthTag(tag);
// encrypt the given text
return decipher.update(text, 'binary', 'utf8') + decipher.final('utf8');
};
Here's What I have done in Java, but getting input too short exception.
I have also tried to mock above nodeJs encrypt function, but it seems to be not working.
I have got initialization vector(IV), salt, key as same as nodejs (in java it is signed 128 bits)
public static String decrypt(String encData, String masterKey)
{
var cipherText = Base64.getDecoder().decode(encData.getBytes(StandardCharsets.UTF_8));
var salt = Arrays.copyOfRange(cipherText, 0, 64);
var iv = Arrays.copyOfRange(cipherText, 64, 80);
var tag = Arrays.copyOfRange(cipherText, 80, 96);
var ciphertext = Arrays.copyOfRange(cipherText, 96, cipherText.length);
var key = getKeyFromPassword(masterKey, salt);
//GCM_TAG_LENGTH = 16
return helper("AES/GCM/NoPadding", ciphertext, tag, key, new GCMParameterSpec(GCM_TAG_LENGTH * 8, iv));
}
public static SecretKey getKeyFromPassword(String masterKey, byte[] salt) {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
KeySpec spec = new PBEKeySpec(masterKey.toCharArray(), salt, 2145, 256);
SecretKey secret = new SecretKeySpec(factory.generateSecret(spec)
.getEncoded(), "AES");
return secret;
}
public static String helper(String algorithm, byte[] cipherText, SecretKey key,
GCMParameterSpec gcmParameterSpec){
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.DECRYPT_MODE, key, gcmParameterSpec);
cipher.update(cipherText);
byte[] plainText = cipher.doFinal(tag);
return new String(plainText, StandardCharsets.UTF_8);
}
UPDATE: above code works for decryption in java
But now need to encrypt in java
here's what i am doing, but getting Tag mismatch! exception while decryption.I also change the order of tag & cipherText but still same error occured.
public static String encrypt(String text, String masterKey)
{
var iv = generateIv(16);
var salt = generateIv(64);
var key = getKeyFromPassword(masterKey, salt);
var cipher = helper1("AES/GCM/NoPadding", text, key, new GCMParameterSpec(GCM_TAG_LENGTH * 8, iv));
var outputStream = new ByteArrayOutputStream();
var tag = Arrays.copyOfRange(cipher, 0, 16);
var ciphertext = Arrays.copyOfRange(cipher, 16, cipher.length);
outputStream.write(salt);
outputStream.write(iv);
outputStream.write(tag);
outputStream.write(ciphertext);
return Base64.getEncoder().encodeToString(outputStream.toByteArray());
}
public static byte[] generateIv(int N) {
byte[] iv = new byte[N];
new SecureRandom().nextBytes(iv);
return iv;
}
public static byte[] helper1(String algorithm, String input, SecretKey key,
GCMParameterSpec gcmParameterSpec){
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, key, gcmParameterSpec);
return cipher.doFinal(input.getBytes());
}
public static SecretKey getKeyFromPassword(String masterKey, byte[] salt) {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
KeySpec spec = new PBEKeySpec(masterKey.toCharArray(), salt, 2145, 256);
SecretKey secret = new SecretKeySpec(factory.generateSecret(spec)
.getEncoded(), "AES");
return secret;
}
So, I am putting Java version of encrypt & decrypt functions here
public static byte[] generateIv(int N) {
byte[] iv = new byte[N];
new SecureRandom().nextBytes(iv);
return iv;
}
public static SecretKey getKeyFromPassword(String masterKey, byte[] salt) {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
KeySpec spec = new PBEKeySpec(masterKey.toCharArray(), salt, 2145, 256);
SecretKey secret = new SecretKeySpec(factory.generateSecret(spec)
.getEncoded(), "AES");
return secret;
}
public static byte[] encryptHelper(String algorithm, String input, SecretKey key,
GCMParameterSpec gcmParameterSpec){
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, key, gcmParameterSpec);
return cipher.doFinal(input.getBytes());
}
#SneakyThrows
public static String decryptHelper(String algorithm, byte[] cipherText, byte[] tag,SecretKey key,
GCMParameterSpec gcmParameterSpec){
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.DECRYPT_MODE, key, gcmParameterSpec);
cipher.update(cipherText);
byte[] plainText = cipher.doFinal(tag);
return new String(plainText, StandardCharsets.UTF_8);
}
public static String encrypt(String text, String masterKey)
{
var iv = generateIv(16);
var salt = generateIv(64);
var key = getKeyFromPassword(masterKey, salt);
var cipher = encryptHelper("AES/GCM/NoPadding", text, key, new GCMParameterSpec(GCM_TAG_LENGTH * 8, iv));
var outputStream = new ByteArrayOutputStream();
var ciphertext = Arrays.copyOfRange(cipher, 0, text.length());
var tag = Arrays.copyOfRange(cipher, text.length(), cipher.length);
outputStream.write(salt);
outputStream.write(iv);
outputStream.write(tag);
outputStream.write(ciphertext);
return Base64.getEncoder().encodeToString(outputStream.toByteArray());
}
public static String decrypt(String encData, String masterKey)
{
var cipherText = Base64.getDecoder().decode(encData.getBytes(StandardCharsets.UTF_8));
var salt = Arrays.copyOfRange(cipherText, 0, 64);
var iv = Arrays.copyOfRange(cipherText, 64, 80);
var tag = Arrays.copyOfRange(cipherText, 80, 96);
var ciphertext = Arrays.copyOfRange(cipherText, 96, cipherText.length);
var key = getKeyFromPassword(masterKey, salt);
return decryptHelper("AES/GCM/NoPadding", ciphertext, tag, key, new GCMParameterSpec(GCM_TAG_LENGTH * 8, iv));
}
Related
I want to encrypt the data in flutter using the AES cbc-128 algorithm. below is the java code for that i want to achieve the same functionality as below but in dart. i have tried
cryptography
dependency in flutter but the problem with that is that i want to use my own key in the algorithm as below in the java code. if you know any method for achieving this please let me know.
public static String Decrypt(String text, String key) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
byte[] keyBytes = new byte[16];
byte[] b = key.getBytes("UTF-8");
int len = b.length;
if (len > keyBytes.length)
len = keyBytes.length;
System.arraycopy(b, 0, keyBytes, 0, len);
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
BASE64Decoder decoder = new BASE64Decoder();
byte[] results = cipher.doFinal(decoder.decodeBuffer(text));
return new String(results, "UTF-8");
}
public static String Encrypt(String text, String key) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
byte[] keyBytes = new byte[16];
byte[] b = key.getBytes("UTF-8");
int len = b.length;
if (len > keyBytes.length)
len = keyBytes.length;
System.arraycopy(b, 0, keyBytes, 0, len);
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
byte[] results = cipher.doFinal(text.getBytes("UTF-8"));
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(results);
}
Test Case
For the following input
plainText="This is plain text";
key="sahtojetrout2";
i want the encrypted result to be
encryptedText="8FmSMnDsFJVyNUXunhJLSmhFnRq89fl5DyTp0wdYfgk=";
which Topaco has written in an online editor you can check out that here Java Code. In flutter i have tried the program given at the Flutter site
You can do AES CBC-128 encryption in flutter with the help of crypt library. It supports the AES cbc encryption. The following sample code accepts key-string and plain-text as arguments and encrypts it as you have mentioned. You can pass your own key here. For AES-128, you need 128 bit key or 16 character string.
import 'package:encrypt/encrypt.dart';
void main() {
final key = "Your16CharacterK";
final plainText = "lorem ipsum example example";
Encrypted encrypted = encrypt(key, plainText);
String decryptedText = decrypt(key, encrypted);
print(decryptedText);
}
String decrypt(String keyString, Encrypted encryptedData) {
final key = Key.fromUtf8(keyString);
final encrypter = Encrypter(AES(key, mode: AESMode.cbc));
final initVector = IV.fromUtf8(keyString.substring(0, 16));
return encrypter.decrypt(encryptedData, iv: initVector);
}
Encrypted encrypt(String keyString, String plainText) {
final key = Key.fromUtf8(keyString);
final encrypter = Encrypter(AES(key, mode: AESMode.cbc));
final initVector = IV.fromUtf8(keyString.substring(0, 16));
Encrypted encryptedData = encrypter.encrypt(plainText, iv: initVector);
return encryptedData;
}
In the above example, the IV is created from the key itself to keep the code easy to read. Use random data for IV for better security. Referred article for flutter encryption.
I am trying to reproduce the following encryption/decryption algorithm in Java, but I can't find the alternatives for multiple methods such as Rfc2898DeriveBytes() and RijndaelManaged(). How do I do this?
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace CryptingTest
{
public static class StringCipher
{
// This constant is used to determine the keysize of the encryption algorithm in bits.
// We divide this by 8 within the code below to get the equivalent number of bytes.
private const int Keysize = 128;
// This constant determines the number of iterations for the password bytes generation function.
private const int DerivationIterations = 1000;
public static string Encrypt(string plainText, string passPhrase)
{
// Salt and IV is randomly generated each time, but is preprended to encrypted cipher text
// so that the same Salt and IV values can be used when decrypting.
var saltStringBytes = Generate128BitsOfRandomEntropy();
var ivStringBytes = Generate128BitsOfRandomEntropy();
var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
{
var keyBytes = password.GetBytes(Keysize / 8);
using (var symmetricKey = new RijndaelManaged())
{
symmetricKey.BlockSize = 128;
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;
using (var encryptor = symmetricKey.CreateEncryptor(keyBytes, ivStringBytes))
{
using (var memoryStream = new MemoryStream())
{
using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
cryptoStream.FlushFinalBlock();
// Create the final bytes as a concatenation of the random salt bytes, the random iv bytes and the cipher bytes.
var cipherTextBytes = saltStringBytes;
cipherTextBytes = cipherTextBytes.Concat(ivStringBytes).ToArray();
cipherTextBytes = cipherTextBytes.Concat(memoryStream.ToArray()).ToArray();
memoryStream.Close();
cryptoStream.Close();
return Convert.ToBase64String(cipherTextBytes);
}
}
}
}
}
}
public static string Decrypt(string cipherText, string passPhrase)
{
// Get the complete stream of bytes that represent:
// [32 bytes of Salt] + [16 bytes of IV] + [n bytes of CipherText]
var cipherTextBytesWithSaltAndIv = Convert.FromBase64String(cipherText);
// Get the saltbytes by extracting the first 16 bytes from the supplied cipherText bytes.
var saltStringBytes = cipherTextBytesWithSaltAndIv.Take(Keysize / 8).ToArray();
// Get the IV bytes by extracting the next 16 bytes from the supplied cipherText bytes.
var ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(Keysize / 8).Take(Keysize / 8).ToArray();
// Get the actual cipher text bytes by removing the first 64 bytes from the cipherText string.
var cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip((Keysize / 8) * 2).Take(cipherTextBytesWithSaltAndIv.Length - ((Keysize / 8) * 2)).ToArray();
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
{
var keyBytes = password.GetBytes(Keysize / 8);
using (var symmetricKey = new RijndaelManaged())
{
symmetricKey.BlockSize = 128;
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;
using (var decryptor = symmetricKey.CreateDecryptor(keyBytes, ivStringBytes))
{
using (var memoryStream = new MemoryStream(cipherTextBytes))
{
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
var plainTextBytes = new byte[cipherTextBytes.Length];
var decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
memoryStream.Close();
cryptoStream.Close();
return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
}
}
}
}
}
}
private static byte[] Generate128BitsOfRandomEntropy()
{
var randomBytes = new byte[16]; // 16 Bytes will give us 128 bits.
using (var rngCsp = new RNGCryptoServiceProvider())
{
// Fill the array with cryptographically secure random bytes.
rngCsp.GetBytes(randomBytes);
}
return randomBytes;
}
}
}
Any help would be really appreciated.
Here's a code snippet from what I tried so far but it's still off:
private static byte[] Generate128BitsOfRandomEntropy()
{
var randomBytes = new byte[16]; // 16 Bytes will give us 128 bits.
SecureRandom rngCsp = new SecureRandom();
// Fill the array with cryptographically secure random bytes.
rngCsp.nextBytes(randomBytes);
return randomBytes;
}
public static String encrypt(String plainText, String passPhrase)
{
try
{
var saltStringBytes = Generate128BitsOfRandomEntropy();
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec pbeKeySpec = new PBEKeySpec(passPhrase.toCharArray(), saltStringBytes, 1000, 384);
Key secretKey = factory.generateSecret(pbeKeySpec);
byte[] key = new byte[16];
byte[] iv = new byte[16];
System.arraycopy(secretKey.getEncoded(), 0, key, 0, 16);
System.arraycopy(secretKey.getEncoded(), 16, iv, 0, 16);
SecretKeySpec secret = new SecretKeySpec(key, "AES");
AlgorithmParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret, ivSpec);
return Base64.getEncoder().encodeToString(cipher.doFinal(plainText.getBytes("UTF-8")));
}
catch (Exception e)
{
System.out.println("Error while encrypting: " + e.toString());
}
return null;
}
Rfc2898DeriveBytes implements PBKDF2, and RijndaelManaged with a block size of 128 bits implements AES. Both seem to be applied correctly in the Java code.
However, there are differences in determining the IV and regarding concatenation: In the C# code, the salt and IV are determined randomly and concatenated with the ciphertext at the end.
In the Java code only the salt is determined randomly, the IV is derived together with the key and the concatenation is missing.
I.e. the encrypt() method in the Java code could be changed for instance as follows, so that a decryption with the C# code is possible:
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
...
byte[] salt = Generate128BitsOfRandomEntropy();
byte[] iv = Generate128BitsOfRandomEntropy();
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec pbeKeySpec = new PBEKeySpec(passPhrase.toCharArray(), salt, 1000, 128);
SecretKey secretKey = factory.generateSecret(pbeKeySpec);
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getEncoded(), "AES");
AlgorithmParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivSpec);
byte[] ciphertext = cipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8));
byte[] saltIvCiphertext = ByteBuffer.allocate(salt.length + iv.length + ciphertext.length).put(salt).put(iv).put(ciphertext).array();
return Base64.getEncoder().encodeToString(saltIvCiphertext);
Note that for PBKDF2, an iteration count of 1000 is generally too low.
I'm trying to mimic a java encryption routine in C# because the endpoint is java based and will be decrypting the value generated by C#.
I've tried different implementations using AesCryptoServiceProvider and AesManaged from several examples found in SO and around the web but I still can't get the java endpoint to successfully decrypt the value, it errors with {"message":"AUTHENTICATION_ERROR: Error while decrypting the cipher.","status":"Error"}.
Using postman I was able to call the java endpoint and retrieve a document using the
encrypted text generated by the java code posted below, so that part is positively verified.
The endpoint uses the header values to decrypt the text and verify the contents, here are the pertinent code pieces:
java encryption
private static Cipher generateCipher(int mode, String password, String salt, String iv, Integer iterations, Integer keySize) throws Exception {
byte[] saltBytes = salt.getBytes("UTF-8"); byte[]ivBytes = iv.getBytes("UTF-8");
// Derive the key
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), saltBytes, iterations, keySize);
SecretKey secretKey = factory.generateSecret(spec);
SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES");
//encrypt the message
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(mode, secret, new IvParameterSpec(ivBytes));
return cipher;
}
public static String AES_encrypt(String plainText, String password, String salt, String iv, Integer iterations, Integer keySize) throws Exception {
Cipher cipher = generateCipher(Cipher.ENCRYPT_MODE, password, salt, iv, iterations, keySize);
byte[] encryptedTextBytes = cipher.doFinal(plainText.getBytes("UTF-8"));
Base64.Encoder encoder = Base64.getEncoder();
return encoder.encodeToString(encryptedTextBytes);
}
headers
interface_name: interfaceName
strength: 256
salt: salt_sixteen1234
iterate: 100
iv: sixteen_value_12
ciphertext: ECtKO7VluxCPFS/D8LVsb2bOQjhViIZm+O3zfMqSwJOLLTpDL4xdgwmIWr+41n5j
C# encrypt
...
using (var csp = new AesCryptoServiceProvider())
{
ICryptoTransform e = GetCryptoTransform(csp, true, key, salt, iv);
byte[] inputBuffer = Encoding.UTF8.GetBytes(plainText);
byte[] output = e.TransformFinalBlock(inputBuffer, 0, inputBuffer.Length);
string encrypted = Convert.ToBase64String(output);
return encrypted;
}
...
private static ICryptoTransform GetCryptoTransform(AesCryptoServiceProvider csp, bool encrypting, string password, string salt, string iv, int iterations)
{
csp.Mode = CipherMode.CBC;
csp.Padding = PaddingMode.PKCS7;
var spec = new Rfc2898DeriveBytes(Encoding.UTF8.GetBytes(password), Encoding.UTF8.GetBytes(salt), iterations);
byte[] key = spec.GetBytes(16);
csp.IV = Encoding.UTF8.GetBytes(iv);
csp.Key = key;
if (encrypting)
{
return csp.CreateEncryptor();
}
return csp.CreateDecryptor();
}
To test any C# encryption I added a decryption method to your Java code and run successfully a full round (encryption and decryption).
For the C# part I was too lazy to check your code (as #Topaco did it) and used my own code with your credentials to get an output that you can present to the Java decryption method.
Let's start with a longer Security warning: the codes are using a static initialization vector and a static salt and the iteration count
for PBKDF2 key derivation is much too low (a minimum of 10.000 should be used). The codes do not have any exception handling and are for educational purpose only.
Running the C#-code gives a short output:
AES CBC 256 string encryption with PBKDF2 SHA1 key derivation
plaintext: The quick brown fox jumps over the lazy dog
ciphertext: 5HMLSQKEgG+RADgPmf5Eyw0F/GG9sXFuWiHeuZxgpmJP+UoH4MZlvnQDrgnofQy4
Presenting the ciphertext to the Java decryption will give this output:
C# AES encrypt to java 8 decrypt
plaintext: The quick brown fox jumps over the lazy dog
ciphertext: 5HMLSQKEgG+RADgPmf5Eyw0F/GG9sXFuWiHeuZxgpmJP+UoH4MZlvnQDrgnofQy4
decryptedtext: The quick brown fox jumps over the lazy dog
decryption of a ciphertext from C#
ciphertextFromCsharp: 5HMLSQKEgG+RADgPmf5Eyw0F/GG9sXFuWiHeuZxgpmJP+UoH4MZlvnQDrgnofQy4
decryptedtextFromCsharp: The quick brown fox jumps over the lazy dog
Both codes are available for a live self test here (Java: https://repl.it/#javacrypto/JavaAes256EncryptionWithPBKDF2SHA1keyderivation, C#: https://repl.it/#javacrypto/CsharpAes256Pbkdf2Encryption#main.cs).
C#-code:
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
public class Program {
public static void Main() {
Console.WriteLine("AES CBC 256 string encryption with PBKDF2 SHA1 key derivation");
// credentials
string plaintext = "The quick brown fox jumps over the lazy dog";
string password = "myPassword";
string saltString = "salt_sixteen1234";
var iterationsCount = 100;
string ivString = "sixteen_value_12";
Encoding enc = Encoding.UTF8;
byte[] saltBytes = enc.GetBytes(saltString);
byte[] iv = enc.GetBytes(ivString);
byte[] key;
try {
// pbkdf2 sha1 key derivation
using (var pbkdf2 = new Rfc2898DeriveBytes(
password,
saltBytes,
iterationsCount,
HashAlgorithmName.SHA1))
{
key = pbkdf2.GetBytes(32);
}
Console.WriteLine("plaintext: {0}", plaintext);
string ciphertext = encrypt(key, iv, plaintext);
Console.WriteLine("ciphertext: {0}", ciphertext);
}
catch(Exception e) {
Console.WriteLine("Error: {0}", e.Message);
}
}
static string encrypt(byte[] key, byte[] IV, string data) {
byte[] encrypted;
using(Aes aesAlg = Aes.Create()) {
aesAlg.Key = key;
aesAlg.IV = IV;
aesAlg.Mode = CipherMode.CBC;
var encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// create the streams used for encryption.
using(var msEncrypt = new MemoryStream()) {
using(var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)) {
using(var swEncrypt = new StreamWriter(csEncrypt)) {
//Write all data to the stream.
swEncrypt.Write(data);
}
encrypted = msEncrypt.ToArray();
}
}
}
return Convert.ToBase64String(encrypted);
}
}
Java-code:
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
public class Main {
public static void main(String[] args) throws Exception {
System.out.println("C# AES encrypt to java 8 decrypt");
String plaintext = "The quick brown fox jumps over the lazy dog";
String password = "myPassword";
String iv = "sixteen_value_12";
String salt = "salt_sixteen1234";
int iterations = 100;
int keySize = 256;
System.out.println("plaintext: " + plaintext);
String ciphertext = AES_encrypt(plaintext, password, salt, iv, iterations, keySize);
System.out.println("ciphertext: " + ciphertext);
String decryptedtext = AES_decrypt(ciphertext, password, salt, iv, iterations, keySize);
System.out.println("decryptedtext: " + decryptedtext);
System.out.println("\ndecryption of a ciphertext from C#");
String ciphertextFromCsharp = "5HMLSQKEgG+RADgPmf5Eyw0F/GG9sXFuWiHeuZxgpmJP+UoH4MZlvnQDrgnofQy4";
System.out.println("ciphertextFromCsharp: " + ciphertextFromCsharp);
String decryptedtextFromCsharp = AES_decrypt(ciphertextFromCsharp, password, salt, iv, iterations, keySize);
System.out.println("decryptedtextFromCsharp: " + decryptedtextFromCsharp);
}
private static Cipher generateCipher(int mode, String password, String salt, String iv, Integer iterations, Integer keySize) throws Exception {
byte[] saltBytes = salt.getBytes("UTF-8"); byte[]ivBytes = iv.getBytes("UTF-8");
// Derive the key
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), saltBytes, iterations, keySize);
SecretKey secretKey = factory.generateSecret(spec);
SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), "AES");
//encrypt the message
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(mode, secret, new IvParameterSpec(ivBytes));
return cipher;
}
public static String AES_encrypt(String plainText, String password, String salt, String iv, Integer iterations, Integer keySize) throws Exception {
Cipher cipher = generateCipher(Cipher.ENCRYPT_MODE, password, salt, iv, iterations, keySize);
byte[] encryptedTextBytes = cipher.doFinal(plainText.getBytes("UTF-8"));
Base64.Encoder encoder = Base64.getEncoder();
return encoder.encodeToString(encryptedTextBytes);
}
public static String AES_decrypt(String cipherText, String password, String salt, String iv, Integer iterations, Integer keySize) throws Exception {
Base64.Decoder decoder = Base64.getDecoder();
Cipher cipher = generateCipher(Cipher.DECRYPT_MODE, password, salt, iv, iterations, keySize);
return new String(cipher.doFinal(decoder.decode(cipherText)), StandardCharsets.UTF_8);
}
}
Encryption done in java using AES and wanted to decrypt in Python, but the result is empty in python (no errors).
See the code before marking as duplicate. I want to detect problem in my code.
java encryption code:
public static String encrypt(String plainText) throws Exception {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
SecretKey secretKey = keyGenerator.generateKey();
String keyStr = Base64.encodeToString(secretKey.getEncoded(), Base64.NO_WRAP);
byte[] initVector = new byte[16];
(new Random()).nextBytes(initVector);
IvParameterSpec iv = new IvParameterSpec(initVector);
SecretKeySpec skeySpec = new SecretKeySpec(secretKey.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] plainTextByte = plainText.getBytes();
byte[] encryptedByte = cipher.doFinal(plainTextByte);
byte[] messagebytes = new byte[initVector.length + encryptedByte.length];
System.arraycopy(initVector, 0, messagebytes, 0, 16);
System.arraycopy(encryptedByte, 0, messagebytes, 16, encryptedByte.length);
return Base64.encodeToString(messagebytes, Base64.NO_WRAP);
}
Python code
def decrypt(key, message):
"""
Input encrypted bytes, return decrypted bytes, using iv and key
"""
byte_array = message.encode("UTF-8")
iv = byte_array[0:16] # extract the 16-byte initialization vector
messagebytes = byte_array[16:] # encrypted message is the bit after the iv
cipher = AES.new(key.encode("UTF-8"), AES.MODE_CBC, iv)
decrypted_padded = cipher.decrypt(messagebytes)
decrypted = unpad(decrypted_padded)
return decrypted.decode("UTF-8");
I see that the Java is explicitly encoding the string as Base 64 at return Base64.encodeToString(messagebytes, Base64.NO_WRAP);
But i see that you are again encoding in python byte_array = message.encode("UTF-8") where in you will have to decode the encrypted message
# Standard Base64 Decoding
decodedBytes = base64.b64decode(encodedStr)
decodedStr = str(decodedBytes, "utf-8")
And only then Decrypt the decoded message.
I have a sample code,which encrypt and decrypt a string using AES-GCM-256.
I am unable to understand,how authentication tag is being generated on encrypter side and how is that being used on decrypter side.
Actually here i am not generating authentication tag either on encrypter side nor validating decrypter side,so is it being done internally by library itself.
private static String encrypt(String s, byte[] k) throws Exception {
SecureRandom r = SecureRandom.getInstance("SHA1PRNG");
// Generate 128 bit IV for Encryption
byte[] iv = new byte[12]; r.nextBytes(iv);
SecretKeySpec eks = new SecretKeySpec(k, "AES");
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
// Generated Authentication Tag should be 128 bits
c.init(Cipher.ENCRYPT_MODE, eks, new GCMParameterSpec(128, iv));
byte[] es = c.doFinal(s.getBytes(StandardCharsets.UTF_8));
// Construct Output as "IV + CIPHERTEXT"
byte[] os = new byte[12 + es.length];
System.arraycopy(iv, 0, os, 0, 12);
System.arraycopy(es, 0, os, 12, es.length);
// Return a Base64 Encoded String
return Base64.getEncoder().encodeToString(os);
}
private static String decrypt(String eos, byte[] k) throws Exception {
// Recover our Byte Array by Base64 Decoding
byte[] os = Base64.getDecoder().decode(eos);
// Check Minimum Length (IV (12) + TAG (16))
if (os.length > 28) {
byte[] iv = Arrays.copyOfRange(os, 0, 12);
byte[] es = Arrays.copyOfRange(os, 12, os.length);
// Perform Decryption
SecretKeySpec dks = new SecretKeySpec(k, "AES");
Cipher c = Cipher.getInstance("AES/GCM/NoPadding");
c.init(Cipher.DECRYPT_MODE, dks, new GCMParameterSpec(128, iv));
// Return our Decrypted String
return new String(c.doFinal(es), StandardCharsets.UTF_8);
}
throw new Exception();
}