I'm currently using AES/GCM/NoPadding to perform cipher operations.
My encryption code:
fun encrypt(plainText: ByteArray, key: Key): ByteArray? {
var resultText: ByteArray? = null
try {
val cipher = Cipher.getInstance(ALGORITHM)
cipher.init(Cipher.ENCRYPT_MODE, key)
val cipherText = cipher.doFinal(plainText)
resultText = ByteBuffer.allocate(1 + cipher.iv.size + cipherText.size)
.put(cipher.iv.size.toByte())
.put(cipher.iv)
.put(cipherText)
.array()
} catch (e : Exception) {
Logger.e(TAG, "Error encrypting plain text", e)
}
return resultText
}
My decryption code:
fun decrypt(cipherTextWithHeaders: ByteArray, key: Key): ByteArray? {
var plainText: ByteArray? = null
try {
val cipher = Cipher.getInstance(ALGORITHM)
val ivSize = cipherTextWithHeaders[0].toInt()
val iv = ByteArray(ivSize)
System.arraycopy(cipherTextWithHeaders, 1, iv, 0, ivSize)
cipher.init(Cipher.DECRYPT_MODE, key, GCMParameterSpec(ivSize * 8, iv))
val headerLen = 1 + ivSize
val cipherText = ByteArray(cipherTextWithHeaders.size - headerLen)
System.arraycopy(cipherTextWithHeaders, headerLen, cipherText, 0, cipherTextWithHeaders.size - headerLen)
plainText = cipher.doFinal(cipherText)
} catch (e : Exception) {
Logger.e(TAG, "Error decrypting cipher text", e)
}
return plainText
}
I get this exception while doing doFinal in decrypt method above:
javax.crypto.IllegalBlockSizeException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:519)
at javax.crypto.Cipher.doFinal(Cipher.java:1736)
I tried the below option during encryption:
val temp = ByteArray(12)
SecureRandom().nextBytes(temp)
cipher.init(Cipher.ENCRYPT_MODE, key, GCMParameterSpec(96, temp))
But this throws the below error:
java.security.InvalidAlgorithmParameterException: Caller-provided IV not permitted
at android.security.keystore.KeyStoreCryptoOperationUtils.getExceptionForCipherInit(KeyStoreCryptoOperationUtils.java:85)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized(AndroidKeyStoreCipherSpiBase.java:265)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineInit(AndroidKeyStoreCipherSpiBase.java:148)
at javax.crypto.Cipher.tryTransformWithProvider(Cipher.java:2659)
at javax.crypto.Cipher.tryCombinations(Cipher.java:2570)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider(Cipher.java:2475)
at javax.crypto.Cipher.chooseProvider(Cipher.java:566)
at javax.crypto.Cipher.init(Cipher.java:973)
at javax.crypto.Cipher.init(Cipher.java:908)
The GCM auth tag length is not related to the IV length. The standard for AES-GCM is actually 12-bytes IV and 128 bits GCM tag, see RFC 5288, Section 3.
Example:
String input = "abcdef";
byte[] key = new byte[16];
(new SecureRandom()).nextBytes(key);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"));
byte[] ciphertext = cipher.doFinal(input.getBytes());
byte[] iv = cipher.getIV();
GCMParameterSpec gcmspec = cipher.getParameters().getParameterSpec(GCMParameterSpec.class);
System.out.println("ciphertext: " + ciphertext.length + ", IV: " + iv.length + ", tLen: " + gcmspec.getTLen());
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new GCMParameterSpec(128, iv));
byte[] plaintext = cipher.doFinal(ciphertext);
System.out.println("plaintext : " + new String(plaintext));
Prints:
ciphertext: 22, IV: 12, tLen: 128
plaintext : abcdef
Try changing GCMParameterSpec(ivSize * 8, iv) to GCMParameterSpec(128, iv).
Though the issue could also be outside, i.e. the ciphertext could be badly encoded or cut off somewhere. Check cipherText.length.
java.security.InvalidAlgorithmParameterException: Caller-provided IV not permitted
That is a limitation of the Android crypto implementation; it wants to generate the IV itself during encryption.
Related
Encryption done in java using AES and wanted to decrypt in Python, but the result is empty in python (no errors).
See the code before marking as duplicate. I want to detect problem in my code.
java encryption code:
public static String encrypt(String plainText) throws Exception {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
SecretKey secretKey = keyGenerator.generateKey();
String keyStr = Base64.encodeToString(secretKey.getEncoded(), Base64.NO_WRAP);
byte[] initVector = new byte[16];
(new Random()).nextBytes(initVector);
IvParameterSpec iv = new IvParameterSpec(initVector);
SecretKeySpec skeySpec = new SecretKeySpec(secretKey.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] plainTextByte = plainText.getBytes();
byte[] encryptedByte = cipher.doFinal(plainTextByte);
byte[] messagebytes = new byte[initVector.length + encryptedByte.length];
System.arraycopy(initVector, 0, messagebytes, 0, 16);
System.arraycopy(encryptedByte, 0, messagebytes, 16, encryptedByte.length);
return Base64.encodeToString(messagebytes, Base64.NO_WRAP);
}
Python code
def decrypt(key, message):
"""
Input encrypted bytes, return decrypted bytes, using iv and key
"""
byte_array = message.encode("UTF-8")
iv = byte_array[0:16] # extract the 16-byte initialization vector
messagebytes = byte_array[16:] # encrypted message is the bit after the iv
cipher = AES.new(key.encode("UTF-8"), AES.MODE_CBC, iv)
decrypted_padded = cipher.decrypt(messagebytes)
decrypted = unpad(decrypted_padded)
return decrypted.decode("UTF-8");
I see that the Java is explicitly encoding the string as Base 64 at return Base64.encodeToString(messagebytes, Base64.NO_WRAP);
But i see that you are again encoding in python byte_array = message.encode("UTF-8") where in you will have to decode the encrypted message
# Standard Base64 Decoding
decodedBytes = base64.b64decode(encodedStr)
decodedStr = str(decodedBytes, "utf-8")
And only then Decrypt the decoded message.
Currently having issues with the decryption of an AES hash.
When i encrypt using AES256 i get the following result (After base64 encoding)
07sKQfb9dN86XAMxFmVKHQAAAAAAAAAAAAAAAAAAAAA=
I believe my issue is with the AAAAAAAA etc. for some reason I think anyway the padding isn't being removed during decryption.
My code
public String encrypt(String key, String initVector, String value) throws Exception {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"), 0, initVector.getBytes().length);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), 0, key.getBytes().length, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] encrypted = new byte[32];
cipher.doFinal(value.getBytes(), 0, value.getBytes().length, encrypted, 0);
System.out.println("Base64: " + Base64.encode(encrypted));
System.out.println("Hex: " + bytesToHex(encrypted));
return Base64.encode(encrypted);
}
public String decrypt(String key, String initVector, String encrypted) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"), 0, initVector.getBytes().length);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), 0, key.getBytes().length, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] decrypted = new byte[64];
cipher.doFinal(Base64.decode(encrypted), 0, Base64.decode(encrypted).length, decrypted, 0);
return new String(decrypted);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
What i am expecting when i encode base64 07sKQfb9dN86XAMxFmVKHQ=
String i am encrypting: Test
Secret key: password12345678password12345678
byte[] decrypted = new byte[64];
you created a 64 byte array but the decrypted value may be shorter (Java doesn't use zero string terminator unlike C does). So you should not make assumption over the parameter length
try using
encrypted = cipher.doFinal(value.getBytes());
and
decrypted = cipher.doFinal(Base64.decode(encrypted));
I Have an AES encryption and decrypt both in java and nodejs (cryptojs).
but when I tried to encrypt and decrypt in both have different result.
This is my java code :
import java.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
public class enc {
public static void main(String[] args){
String key = "1234567890123456"; // 128 bit key: must 16 character
String initVector = "1234567890123456"; // 16 bytes IV : must 16 character
System.out.println("Key : "+key);
System.out.println("Init Vector : "+initVector);
String encrypted = encryptAES(key, initVector, "Hello World");
System.out.println("encrypted : "+encrypted);
}
public static String encryptAES(String key, String initVector, String value) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] encrypted = cipher.doFinal(value.getBytes());
return Base64.encodeBase64String(encrypted);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
public static String decryptAES(String key, String initVector, String encrypted) {
try {
IvParameterSpec iv = new IvParameterSpec(
initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] original = cipher.doFinal(Base64.decodeBase64(encrypted));
return new String(original);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
}
and java result :
Key : 1234567890123456
Init Vector : 1234567890123456
encrypted : ZyODokM33Io1ZKIA8h7owA==
decrypted : Hello World
My Nodejs using crypto js :
var CryptoJS = require("crypto-js");
var atob = require('atob');
var btoa = require('btoa');
var message = "Hello World";
var key = "1234567890123456";
var iv = "1234567890123456";
console.log("Key : "+key);
console.log("Init Vector : "+iv);
key = CryptoJS.enc.Base64.parse(key);
iv = CryptoJS.enc.Base64.parse(iv);
var chiperData = CryptoJS.AES.encrypt(message, key, { iv: iv });
console.log('encrypted : ',chiperData.toString());
var data = CryptoJS.AES.decrypt(chiperData, key, { iv: iv });
console.log('decrypted : ',hex2a(data.toString()));
// Convert hex string to ASCII.
// Thanks to https://stackoverflow.com/questions/11889329/word-array-to-string
function hex2a(hex) {
var str = '';
for (var i = 0; i < hex.length; i += 2)
str += String.fromCharCode(parseInt(hex.substr(i, 2), 16));
return str;
}
and the result :
Key : 1234567890123456
Init Vector : 1234567890123456
encrypted : tHtu5jUs0ZotjjJIHgy0eQ==
decrypted : Hello World
as you can see encrypted in java and cryptojs is different. ZyODokM33Io1ZKIA8h7owA== and tHtu5jUs0ZotjjJIHgy0eQ==
Where is my code wrong? and how to solve this case?
so they have same encruption so can decrypt each other encrypted string
thanks
This is a typical problem that occurs due to the mismatch of encodings. For example, here, it seems like the problem lies in the following lines:
key = CryptoJS.enc.Base64.parse(key);
iv = CryptoJS.enc.Base64.parse(iv);
Here you are treating key and iv as Base64 encoded string, where previously (in Java) you treated them as UTF-8 encoded string.
If you want the same result as Java you should change it to,
key = CryptoJS.enc.Utf8.parse(key);
iv = CryptoJS.enc.Utf8.parse(iv);
Edit:
As #erickson suggested, you can also change your Java implementation as well so that it interprets your key and iv as Base64.
I have a code in Java in which encryption has been done as follows:
String encrypted = "mPgzvJKbSFgP6nRRHNlTufscZiChL2KUYaNeSF27+Dg=";
String key = "9d6ea4d3e6f8c4f8";
String salt = "1c5dd32d7ba54bdd";
String transform = "AES/CBC/ISO10126PADDING";
IvParameterSpec ivspec = new IvParameterSpec(salt.getBytes());
SecretKey secretKey = new SecretKeySpec(key.getBytes(), "AES");
Cipher cipher = Cipher.getInstance(transform);
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivspec);
byte[] encryptedBytes = DatatypeConverter.parseBase64Binary(encrypted); // hash to byte[]
byte[] data = cipher.doFinal(encryptedBytes);
System.out.println(new String(data));
Now, I need to decrypt it in javascript. The code I wrote is:
var key = '9d6ea4d3e6f8c4f8';
var iv = '1c5dd32d7ba54bdd';
var options = {iv: iv, mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Iso10126};
alert("key + " + key);
alert("iv + " + iv);
var encrypted = 'mPgzvJKbSFgP6nRRHNlTufscZiChL2KUYaNeSF27+Dg=';
alert("encrypted + " + encrypted);
alert("encrypted.toString() = " + encrypted.toString());
var decrypyted = CryptoJS.AES.decrypt(encrypted.toString(), key, options );//error in this line.
alert(decrypyted);
alert(decrypyted.toString(CryptoJS.enc.Utf8));
The encryption is working properly and when I try decrypting the encrypted string using javascript, I am getting an error. The JS stops working once I execute the decrypt function. Any idea what am I doing wrong?
I have a password string in my android application. I need to the send the password through the .net web service (i.e. end with .aspx) using the SOAP web service. Before sending the password i need to encrypt the password with AES 128 encryption with the custom key and IV.
They have a encrypt/decrypt tool in .net with the custom key and Iv. The tool ask a custom key with 16 digit and IV 8 digit. If give the string it generate the encrypting string. example
Example:
Key : 1234567812345678
IV : 12345678
String : android
Encrypted string : oZu5E7GgZ83Z3yoK4y8Utg==
I didn't have any idea how to do this in android. Need help.
A complete example may help you:
The encrypt/decrypt functions, using IV
public static byte[] encrypt(byte[] data, byte[] key, byte[] ivs) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
byte[] finalIvs = new byte[16];
int len = ivs.length > 16 ? 16 : ivs.length;
System.arraycopy(ivs, 0, finalIvs, 0, len);
IvParameterSpec ivps = new IvParameterSpec(finalIvs);
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivps);
return cipher.doFinal(data);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static byte[] decrypt(byte[] data, byte[] key, byte[] ivs) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
byte[] finalIvs = new byte[16];
int len = ivs.length > 16 ? 16 : ivs.length;
System.arraycopy(ivs, 0, finalIvs, 0, len);
IvParameterSpec ivps = new IvParameterSpec(finalIvs);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivps);
return cipher.doFinal(data);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
You can use it as below :
String dataToEncryptDecrypt = "android";
String encryptionDecryptionKey = "1234567812345678";
String ivs = "12345678";
byte[] encryptedData = encrypt(dataToEncryptDecrypt.getBytes(), encryptionDecryptionKey.getBytes(),
ivs.getBytes());
// here you will get the encrypted bytes. Now you can use Base64 encoding on these bytes, before sending to your web-service
byte[] decryptedData = decrypt(encryptedData, encryptionDecryptionKey.getBytes(), ivs.getBytes());
System.out.println(new String(decryptedData));
I don't know the details of AES algorithm in use(ie mode & padding method), bit it should be roughly like this:
public static byte[] encrypt(byte[] data, byte[] key) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/ZeroBytePadding");
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
byte[] empty = new byte[16]; // For better security you should use a random 16 byte key!!!
IvParameterSpec ivps = new IvParameterSpec(empty);
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivps);
return cipher.doFinal(data);
} catch (Exception e) {
// ...
}
return null;
}
Function above could be used like this:
String data = "android";
String key = "1234567812345678";
byte encrypted = encrypt(data.getbytes("UTF-8"), key.getbytes("UTF-8"));