*
The moose likes Security and the fly likes AES SecretKeySpec object varies in two instances with same passphrase. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "AES SecretKeySpec object varies in two instances with same passphrase." Watch "AES SecretKeySpec object varies in two instances with same passphrase." New topic
Author

AES SecretKeySpec object varies in two instances with same passphrase.

Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
Hi Experts,

I wrote a Linux application, a part of which will encrypt and decrypt a string using AES encryption. Given below is the SecretKeySpec creation method for the same. The application works perfectly and writes an encrypted string to a file. During decryption it correctly decrypts this string and use it in the application.



The issue:
Now i am writing a standalone java class to decrypt the encrypted string using the same pass phrase and code. So i wrote the decryption code standalone and provided it with same pass phrase and encrypted string as inputs. But it kept on failing with this error.

javax.crypto.BadPaddingException: Given final block not properly padded

I noticed that the issue was because the SecretKeySpec was different in the application and in my standalone class even though the pass phrase and code is same. I confirmed it using the hash value of SecretKeySpec object.

I am confused as to why this is happening as everything is same in the application jar and in the new standalone java file. Any help will be appreciated to understand this issue.

Thanks,

Arun
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41070
    
  43
How are you storing the encrypted message? This error frequently occurs if the encrypted data is treated as string data somewhere along the way; but it's binary data, and needs to be treated as such.


Ping & DNS - my free Android networking tools app
Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
Thanks for the reply.

I am storing the encrypted string in hexadecimal format and also confirmed that the error is not due to format issue. The code is working perfectly in the application.

the issue arises only when i try to make decryption a standalone java class. So simply, the SecretKeySpec generated should be same always for same pass phrase and code. But it differs in the application and in the standalone code.

Arun
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41070
    
  43
the error is not due to format issue

I wouldn't be too sure about that. String.toCharArray uses the platform default encoding, which makes the code platform-dependent. This is a bug waiting to happen.
Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
I will try in that direction. but still the application and the standalone code are running on the same machine. So i am not sure if that is an issue.

while i am at it, can anyone explain why SecretKeySpec instances are different in the application and standalone code?

If this could help:
The string i encrypt using a standalone java encryption code can be decrypted by the standalone decryption code. It is failing only when i try to decrypt the string encrypted by the application.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41070
    
  43
What is the difference between "the standalone decryption code" and "decrypt the string encrypted by the application"?
Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
The standalone java code is just the decryption code part of the application altered to run independently.

The encryption/decryption is just a part of the application which actually does file encryption. The encryption/decryption code is actually for securing the password used for file encryption.

So when the application save the password in encrypted form in a file, i will copy it and give it as input to the standalone decryption code which will try to decrypt it using the same pass phrase the application used.
Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
i cant think of any reason why the keyspec should be different in thse two. but it is. The only difference is, the stand alone file is run in linux command line and the application run just like any other linux java application.
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
This code fragment is pretty messed up conceptually, although I cannot explain why it would return different results for different runs. You are trying to do all the transformation from password to key yourself. Let the PBE ciphers do the work for you. Look at the PBE examples in the Sun JCE guide and go from there.


Nice to meet you.
Arun Suresh
Greenhorn

Joined: Sep 02, 2008
Posts: 18
Thanks. I will work on improving the keyspec generation. Anyway, this issue is weird and i will keep trying to solve it and will update you guys if i find the root cause.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: AES SecretKeySpec object varies in two instances with same passphrase.
 
Similar Threads
AES Encryption/Decrypton
AES decryption - InvalidKeyException: Parameters missing
AES SecretKeySpec object varies in two instances with same passphrase.
How to use AES DECRYPT_MODE?
AES Encryption Service