I'm currently running into problems decrypting my data. The base64 of the encoded string is being stored in the database. So, I'm printing out the encoded string and then trying to run it back through with "DECRYPT" instead of "ENCRYPT". However, I never get a value that the Decrypter method likes, it always gives me an error about parameters or the value not being 16 bytes.
public class crypto {
public static void main(String [] args) {
String s = args[0];
String s1 = args[1];
String ivkey = "thisisasecretkey";
byte[] ivraw = ivkey.getBytes();
SecretKeySpec skeySpec = new SecretKeySpec(ivraw, "AES");
if (s.equalsIgnoreCase("ENCRYPT")) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(s1.getBytes());
System.out.println(new String(Base64.encodeBase64(encrypted)));
} catch (Exception e) {
throw new RuntimeException(e);
}
} else {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(s1.getBytes());
System.out.println(new String(Base64.decodeBase64(encrypted)));
} catch (Exception e) {
e.printStackTrace();
}
}
return;
};
}
command:crypto "ENCRYPT" "password"
output: 5eQvSzPG1TE2AybgCmeV6A==
command:crytpo "DECRYPT" "5eQvSzPG1TE2AybgCmeV6A=="
output: java.security.InvalidKeyException: Parameters missing
I'm aware of the security flaws, that's not what I'm asking about and I would prefer answers/comments not get cluttered with best practices.
You should do base 64 decoding, and you should do that before decrypting.
You are not including the initialization vector (IV).
AES in CBC mode has both a 16 byte IV and the 16 byte symmetric key.
String IV = "AAAAAAAAAAAAAAAA"; // generate this randomly
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(IV.getBytes()));
byte[] encrypted = cipher.doFinal(s.getBytes());
Edit: as it turns out, encryption does not require a IV to be provided (as owlstead pointed out), but decryption does. The best bet would be to be explicit and use IV in both encryption and decryption. Change your decryption function to include the IV, and you will run into the other error in your code that owlstead pointed out.
Related
How would I go about this? I have code encrypting a file using AES/CBC/PKCS5Padding in Java and as I understand form this picture:
Partial decryption should be possible having part of ciphertext used by preceding block and the key. I have not found any examples of this, though. Any help?
The decrypting code is as fallows:
//skip the IV (ivSize is 16 here) - IV was pretended to the stream during encryption
data.skip(ivSize);
//skip n blocks
int n = 2;
System.out.println("skipped: " + data.skip(n*16));
byte[] iv = new byte[ivSize];
//use next 16 bytes as IV
data.read(iv);
// Hashing key.
MessageDigest digest = MessageDigest.getInstance("SHA-256");
digest.update(encryptionKey.getBytes(StandardCharsets.UTF_8));
byte[] keyBytes = new byte[16];
System.arraycopy(digest.digest(), 0, keyBytes, 0, keyBytes.length);
Cipher cipher;
try {
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
} catch (GeneralSecurityException e) {
throw new IOException(e);
}
CipherInputStream cis = new CipherInputStream(data, cipher);
try {
ByteStreams.copy(ByteStreams.limit(cis, limit), output);
} catch (IOException exception) {
// starting with java 8 the JVM wraps an IOException around a GeneralSecurityException
// it should be safe to swallow a GeneralSecurityException
if (!(exception.getCause() instanceof GeneralSecurityException)) {
throw exception;
}
log.warning(exception.getMessage());
} finally {
cis.close();
}
Yes it is possible.
You need to choose the "part" on a block boundary, a length that is a block size multiple and use the previous block as the IV. For AES the block size is 16-bytes.
If the "part" includes the last block specify the correct padding, otherwise specify no padding NoPadding: AES/CBC/NoPadding in this instance. This will eliminate a padding error. Only there last block is has/is padding.
Cipher must be instantiated with the correct padding option depending if it is the last block of the entire encrypted data or not.
See: PKCS#7 padding (sometimes called PKCS#5 in error) which is the most common padding.
Please excuse the hackjob! Still new at coding and was utilizing a lot of sys outs to troubleshoot, and this is my first post at StackOverflow. Thank you for the help!
So I've been working on trying to encrypt String objects using the javax.crypto.Cipher API, and I have found some success, but only when it is using the same instance of the Cipher object. However, for the purposes of my project, I am encrypting text (String) to and decrypting text from a text file, and will not be accessing the same Cipher object every time.
I believe the issue is not from converting between the byte arrays and Strings, since the Base64 encoder seems to have taken care of that problem. The output of the byte arrays are identical pre-encoding and post-decoding, so that should isolate it as an issue during the decryption phase. What can be done so that my decryptPW method can use a different Cipher instance (with the same arguments passed) and not trigger a BadPaddingException?
private static String encryptPW(String pw){
byte[] pwBytes = pw.getBytes();
byte[] keyBytes = "0123456789abcdef".getBytes();
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
try {
Cipher ciph = Cipher.getInstance("AES/CBC/PKCS5Padding");
ciph.init(Cipher.ENCRYPT_MODE, keySpec);
byte[] encryptedBytes = ciph.doFinal(pwBytes);
pw = Base64.getEncoder().encodeToString(ciph.doFinal(pwBytes));
for (byte b : encryptedBytes){
System.out.print(b);
}
System.out.println();
} catch (Exception e){
e.printStackTrace();
}
return pw;
}
private static String decryptPW(String pw){
byte[] pwBytes = Base64.getDecoder().decode(pw.getBytes());
for (byte b : pwBytes){
System.out.print(b);
}
System.out.println();
byte[] keyBytes = "0123456789abcdef".getBytes();
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
try {
Cipher ciph = Cipher.getInstance("AES/CBC/PKCS5Padding");
ciph.init(Cipher.DECRYPT_MODE, keySpec, ciph.getParameters());
pw = new String(ciph.doFinal(pwBytes));
} catch (Exception e){
e.printStackTrace();
}
return pw;
}
Again, thank you!
As you use CBC mode, you need to save the random Initialization Vector (IV) from the encryption cipher and provide it to the decryption cipher.
You can get it from the encryption cipher after init like:
ciph.init(Cipher.ENCRYPT_MODE, keySpec);
byte[] iv = ciph.getIV();
And provide it to the decrypt cipher with something like:
ciph.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv));
You need to come up with a method of saving the IV. A common way is to prefix the encrypted data with the IV, so it's available when you need to initialize your decrypt cipher. It don't need to be secret.
This is a continuation from my question yesterday:
Android Java AES Encryption
I am currently testing AES encryption on Android. In my previous question I am able to encrypt and decrypt a string using Cipher c = Cipher.getInstance("AES");
I was informed in the replies that I should specify the IV, encryption mode and padding to prevent any potential issues in the future since no specification means the program will use the system's default value. So I changed my code to c = Cipher.getInstance("AES/CBC/PKCS5Padding");
But now my code no longer works, and it will return a NullPointerException.
My code:
byte[] a = encryptFIN128AES("pls");
String b = decryptFIN128AES(a);
Log.e("AES_Test", "b = " + b);
/**
* Encrypts a string with AES (128 bit key)
* #param fin
* #return the AES encrypted string
*/
private byte[] encryptFIN128AES(String fin) {
SecretKeySpec sks = null;
try {
sks = new SecretKeySpec(generateKey(PASSPHRASE, SALT.getBytes(StandardCharsets.UTF_8)).getEncoded(), "AES");
} catch (Exception e) {
Log.e("encryptFIN128AES", "AES key generation error");
}
// Encode the original data with AES
byte[] encodedBytes = null;
try {
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, sks);
encodedBytes = c.doFinal(fin.getBytes(StandardCharsets.UTF_8));
} catch (Exception e) {
Log.e("encryptFIN128AES", "AES encryption error");
}
return encodedBytes;
}
/**
* Decrypts a string with AES (128 bit key)
* #param encodedBytes
* #return the decrypted String
*/
private String decryptFIN128AES(byte[] encodedBytes) {
SecretKeySpec sks = null;
try {
sks = new SecretKeySpec(generateKey(PASSPHRASE, SALT.getBytes(StandardCharsets.UTF_8)).getEncoded(), "AES");
} catch (Exception e) {
Log.e("decryptFIN128AES", "AES key generation error");
}
// Decode the encoded data with AES
byte[] decodedBytes = null;
try {
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
c.init(Cipher.DECRYPT_MODE, sks);
decodedBytes = c.doFinal(encodedBytes);
} catch (Exception e) {
Log.e("decryptFIN128AES", "AES decryption error");
}
//return Base64.encodeToString(decodedBytes, Base64.DEFAULT);
return new String(decodedBytes, StandardCharsets.UTF_8);
}
/**
* Build private key from a passpharase/PIN (incl. key derivation (Uses PBKDF2))
* #param passphraseOrPin
* #param salt
* #return The generated SecretKey (Used for AES-encryption, key size specified in outputKeyLength)
*/
public static SecretKey generateKey(char[] passphraseOrPin, byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException {
// Number of PBKDF2 hardening rounds to use. Larger values increase
// computation time. You should select a value that causes computation
// to take >100ms.
final int iterations = 1000;
// Generate a 256-bit key
final int outputKeyLength = 128;
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec keySpec = new PBEKeySpec(passphraseOrPin, salt, iterations, outputKeyLength);
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
return secretKey;
}
Output:
E/decryptFIN128AES: AES decryption error
E/AndroidRuntime: FATAL EXCEPTION: Thread-176
Process: testapp.ttyi.nfcapp, PID: 2920
java.lang.NullPointerException: Attempt to get length of null array
at java.lang.String.<init>(String.java:371)
at testapp.ttyi.nfcapp.DisplayQRActivity.decryptFIN128AES(DisplayQRActivity.java:254)
at testapp.ttyi.nfcapp.DisplayQRActivity.access$100(DisplayQRActivity.java:29)
at testapp.ttyi.nfcapp.DisplayQRActivity$1.run(DisplayQRActivity.java:77)
at java.lang.Thread.run(Thread.java:818)
testapp.ttyi.nfcapp.DisplayQRActivity.decryptFIN128AES(DisplayQRActivity.java:254) points to the last line of decryptFIN128AES, which is:
return new String(decodedBytes, StandardCharsets.UTF_8);
I understand that the NullPointerException occurs because something went wrong with the decryption process. Since it must have went into the catch case and thus decodedBytes remains as NULL and thus causes the error when I want to return decodedBytes. So now my question is: Why does this happen and how can I fix this?
Your help is much appreciated.
Many thanks to #Thomas W for your help. I changed the catch to throw and now I can see the actual error has something to do with BadPaddingException: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt
After some googling I found the solution is the lack of IV argument in my c.init. Previously I was using "AES" in which Java defaults to "AES/ECB/PKCS5Padding" and that works fine without IV.
(Source: Android: Encrypt a string with AES 256bit Encryption with iv and secret key)
But once I changed to "AES/CBC/PKCS5Padding" Java will have issues without a declared IV. Therefore by changing c.init(Cipher.ENCRYPT_MODE, sks); and c.init(Cipher.DECRYPT_MODE, sks); to
c.init(Cipher.ENCRYPT_MODE, sks, new IvParameterSpec(new byte[16])); and
c.init(Cipher.DECRYPT_MODE, sks, new IvParameterSpec(new byte[16])); fixed the issue.
Now my program can encrypt and decrypt properly.
I am doing encryption and decryption of data as follows but getting error
protected Cipher aes_Gen_with_Key(byte[] key)
{
Cipher cipher=null;
try
{
byte[] key_hash = (key).toString().getBytes("UTF-8");
key_hash = Arrays.copyOf(key_hash, 32); // use only first 256 bit
SecretKeySpec secretKeySpec = new SecretKeySpec(key_hash, "AES");
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
} catch (Exception e) {
System.out.println("Error Occured");
}
return cipher;
}
protected Cipher aes_Dec_with_Key(byte[] key,byte[] iv)
{
Cipher cipher=null;
try
{
byte[] key_hash = (key).toString().getBytes("UTF-8");
key_hash = Arrays.copyOf(key_hash, 32); // use only first 256 bit
SecretKeySpec secretKeySpec = new SecretKeySpec(key_hash, "AES");
cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE,secretKeySpec,new IvParameterSpec(iv));
}
catch (Exception e) {
System.out.println(e);
}
return cipher;
}
With above 2 functions I am getting ciphers with which I am doing encryption and decryption, but getting javax.crypto.BadPaddingException: Given final block not properly padded as error. Length of decryption byte array is 752 and IV at decryption is 16 byte long. Can any one suggest?
Here are few more relevant code blocks.
Apologies for invalid use java naming conventions
// Key Class
import java.io.Serializable;
#SuppressWarnings("serial")
public class Key implements Serializable{
byte[] gsmodp_hash=null;
byte[] iv_pass=null;
byte[] Nonce_Enc=null;
byte[] iv_non=null;
public Key() {
}
public Key(byte[] gsmodp_hash,byte[] iv_pass,byte[] Nonce_Enc,byte[] iv_non) {
this.gsmodp_hash=gsmodp_hash;
this.iv_pass=iv_pass;
this.Nonce_Enc=Nonce_Enc;
this.iv_non=iv_non;
}
}
// Client side code
JSONObject auth_step_obj=new JSONObject();
try {
BigInteger gsmodp=get_modu_frm_server(receivePacket);
BigInteger R2=get_R2_frm_server(receivePacket);
BigInteger N2=get_N2_frm_server(receivePacket);
N2=crypto.dec_NonceG(N2);
BigInteger a=crypto.get_RandLong();
BigInteger gamodp= crypto.dh_GenerationG(a, crypto.g, crypto.p);
BigInteger key=crypto.dh_GenerationG(a, gsmodp, crypto.p);
// Got hash of g^abmodp
byte[] dhkey=crypto.sha256G(key.toString());
key=null;
//Mixing passwords
SecretKey secretkey=(SecretKey) userCredentials.get("password");
byte[] mixed_hash=crypto.passwordMixerG(R2, secretkey.getEncoded());
//Working Fine Till now
// Getting Cipher for encrypting gsmodp using password and nonce
Cipher cipher_password=crypto.aes_Gen_with_Key(mixed_hash);
Cipher cipher_key=crypto.aes_Gen_with_Key(dhkey);
// Generating quantities for JSON Object
byte[] gsmodp_hash=cipher_password.doFinal(gamodp.toString().getBytes());
byte[] gsmodp_hash_iv=cipher_password.getIV();
byte[] nonce_enc=cipher_key.doFinal(N2.toString().getBytes());
byte[] nonce_enc_iv=cipher_key.getIV();
Key authetication_parameters=new Key(gsmodp_hash,gsmodp_hash_iv,nonce_enc,nonce_enc_iv);
auth_step_obj.put("obj",authetication_parameters);
} catch (Exception e) {
// TODO Auto-generated catch block
System.out.println("Hi:sec_DH_Step");
}
// This sends JSONObject to calling method which generates UDP packet and sends to server
return auth_step_obj;
}
// Server side code
// Once packet received on server following happens
ds.receive(receivePacket);
SecretKey userKey=cryptoObj.get_from_KeyStoreG(user_name);
// Adding R2 and userKey byte by byte
byte[] mixed_hash=cryptoObj.passwordMixerG(R2, userKey.getEncoded());
JSONObject authentication_nonce=new JSONObject();
authentication_nonce=cryptoObj.readRecievedPacket(receivePacket);
Key obj=(Key)authentication_nonce.get("obj");
Cipher cipher=cryptoObj.aes_Dec_with_Key(mixed_hash,obj.iv_pass);
// I am getting error on do final
System.out.println(new String(cipher.doFinal(obj.gsmodp_hash)));
The code you presented works just fine. The error must lie in the code you haven't shared with us (i.e. the code that actually uses the Cipher objects).
I wrote the code below to test your question code:
public static void main(String[] args) throws Exception {
Random random = new Random();
byte[] key = new byte[32];
random.nextBytes(key);
byte[] plaintext = new byte[100];
random.nextBytes(plaintext);
Cipher enc = aes_Gen_with_Key(key);
byte[] ciphertext = enc.doFinal(plaintext);
byte[] iv = enc.getIV();
Cipher dec = aes_Dec_with_Key(key, iv);
byte[] recoveredPlaintext = dec.doFinal(ciphertext);
System.out.println(Arrays.equals(plaintext, recoveredPlaintext));
}
Note, I made your two methods static. You should do the same, as they don't use any instance variables.
I have function that crypts string:
BASE64Decoder decoder = new BASE64Decoder();
BASE64Encoder encoder = new BASE64Encoder();
public String encryptValueWithBlowfish(String data, String secretKey) {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
try {
SecretKeySpec key = new SecretKeySpec(decoder.decodeBuffer(secretKey), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish/CBC/NoPadding", "BC");
String iv = "\0\0\0\0\0\0\0\0";
IvParameterSpec ivs = new IvParameterSpec(iv.getBytes());
cipher.init(Cipher.ENCRYPT_MODE, key, ivs);
MessageDigest sha = MessageDigest.getInstance("SHA-1");
return encoder.encode(sha.digest(cipher.doFinal(decoder.decodeBuffer(data))));
} catch (Exception e) {
lg.info("Failed to encryptValueWithBlowfish: " + e.getMessage());
return "";
}
}
Line cipher.init(Cipher.ENCRYPT_MODE, key, ivs); rises exception "Unsupported keysize or algorithm parameters". This code forks fine in another Linux machine. Parameters passed in both cases are the same. I'm not strong in crypto things. What might be wrong?
What might be wrong?
Well, you're using the default character encoding here: iv.getBytes() - that's never a good start. Perhaps the two different machines have different default encodings.
If you want to create a byte array of all-zeroes and a particular size, why not just use:
IvParameterSpec ivs = new IvParameterSpec(new byte[8]);
Or use 16 if you wanted a 16 byte IV.
It's not clear what decoder is here - but you use it twice and again, if that's using the default character encoding it could vary by machine.