jQuery in Action, 2nd edition*
The moose likes Java in General and the fly likes String encryption/decryption - 'block not properly padded' error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Java in General
Bookmark "String encryption/decryption - Watch "String encryption/decryption - New topic
Author

String encryption/decryption - 'block not properly padded' error

Kevin P Smith
Ranch Hand

Joined: Feb 18, 2005
Posts: 362
I have two simple methods that encrypt and decrypt Strings. Now the ENCRYPT seems to be wokring OK, but the DECRYPT is giving me the following error...

Error:


Now I have this working ages ago and have only just gone back to it because I need it for an App I'm working on, I think the problem is to do with the retrieved String that is going into the Decrypter.
Here is the code for the two methods...

Encrypter


Decrypter


Any help greatly appreciated, many thanks!

KS
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41173
    
  45
return new String(bytes);

This is the problem. Encrypted data is binary - it can't be converted to a String this easily. If you need a string representation of encrypted data, use something like base-64 encoding. The Apache Commons Codec library has an implementation of that.


Ping & DNS - my free Android networking tools app
Kevin P Smith
Ranch Hand

Joined: Feb 18, 2005
Posts: 362
Even with this



Instead of this



I still get this


and

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41173
    
  45
return new String(base64.encode(bytes));

Make sure the same encoding is used for creating the string, and then later for getting the byte[] back from it.

Looking at the code more closely, it seems that you are using two different keys for encryption and decryption. That wouldn't work.
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18546
    
  40

Looking at the code more closely, it seems that you are using two different keys for encryption and decryption. That wouldn't work.


Agreed. It looks like....

The encrypter generates a random key for encryption. It also doesn't save the key anywhere. This mean that it will encrypt it different everytime, and there is no way to get the key for decryption.

The decrypter also generates a random key for decryption. And unless it generates a key that happen to match the random key generated during encryption, it would not decrypt correctly.

Henry


Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
Kevin P Smith
Ranch Hand

Joined: Feb 18, 2005
Posts: 362
OK, would you be able to show me a quick example of how the decrypter gets the same key as the encrypter?

Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41173
    
  45
SecretKey implements Serializable, so you can store it any way you want.

Or, for a cross-language compatible way, SecretKey.getEncoded() gets you the byte[] that makes up the key. If you store that somewhere, you can recreate the key later using "new SecretKeySpec(byte[], String)".
Kevin P Smith
Ranch Hand

Joined: Feb 18, 2005
Posts: 362
Just so I understand, if I was to generate a SecretKey and store it to a file so that my Decrypt class could read it later... If I was to then run the Encrypt code agai, would it not over-write the old Secretkey and therefore make any data encrypted by the first Encrypt 'lost', as it's SecretKey would now be gone?
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18546
    
  40

Keith Seller wrote:Just so I understand, if I was to generate a SecretKey and store it to a file so that my Decrypt class could read it later... If I was to then run the Encrypt code agai, would it not over-write the old Secretkey and therefore make any data encrypted by the first Encrypt 'lost', as it's SecretKey would now be gone?


Well. thats up to you.... As written, you generate a new key with every encrypt, so you will need to store it in a way that the decrypt can find the matching key. Personally, I would recommend have the key generation, and storage completely separated -- and have both the encrypt and decrypt get the key from this location.

Henry
Kevin P Smith
Ranch Hand

Joined: Feb 18, 2005
Posts: 362
Got it!

I basically have a seperate method that creates a file on the server called secretkey.dat which contains the generatedKey.

Now each time the doEncryption() and doDecryption() methods run, they check to see if this file exists. If it does they read the key from the file for the encryption, that way all my encrypted adat is using the same key and therefore decryption works!

 
 
subject: String encryption/decryption - 'block not properly padded' error
 
Similar Threads
EJB3.0 & calling remote interface.
Web app IllegalStateException: getOutputStream()..
Crypto needed for decrypting text
Help with decrypting my data (javax.crypto)
AES Encryption Service