Decryption returning wrong value

Hi,

I am trying to decrypt a value using a key stored in a keystore. It's not throwing any exceptions but the "decrypted" value is wrong.

It's spitting out things like: [B@1befab0

This is what I've got.

import java.io.File;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.Security;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import org.bouncycastle134.jce.provider.BouncyCastleProvider;

import org.apache.commons.codec.binary.Base64;

public class Main {

public static void main(String[] args) throws Exception {
		String password = "REDACTED";
		String alias = "myAlias";
		String encryptedStuff = "REDACTED";
		Security.addProvider(new BouncyCastleProvider());

// Get the KeyStore
		String keystorePath = "REDACTED";
		KeyStore keystore=KeyStore.getInstance("jceks");
		keystore.load(new FileInputStream(new File(keystorePath)),password.toCharArray());
		
		// Get SecretKey
		Key key=keystore.getKey(alias,password.toCharArray());
		
		// Create an RC4 decryption cipher
		SecretKey Skey = new SecretKeySpec(key.getEncoded(), "RC4");
		Cipher cipher = Cipher.getInstance("RC4", "CAMCryptoBC");
		cipher.init(2, Skey);

// Decode the encryptedStuff 
		byte[] decoded = Base64.decodeBase64(encryptedStuff);
		
		// Decrypt the encryptedSTuff
		byte[] decrypted = cipher.doFinal(decoded);
		
		// Display the freaking decrypted stuff!!
		System.out.println(decrypted.toString());
	}
}

Any ideas?

After banging on this for some time, I'm still getting basically the same result with significantly different code.

public class Main {

public static void main(String[] args) throws Exception {
		String password = "REDACTED";
		String alias = "myAlias";
		String encryptedStuff = "REDACTED";

// Decode the encryptedStuff 
		byte[] decodedData = Base64.decodeBase64(encryptedStuff);
		
		// Get the content
		ASN1InputStream dis = new ASN1InputStream(new ByteArrayInputStream(decodedData));
		DERObject pkcs = dis.readObject();
		ContentInfo contentInfo = ContentInfo.getInstance(pkcs);
		DERSequence encDataWrapper = (DERSequence)contentInfo.getContent();
		EncryptedContentInfo info = EncryptedContentInfo.getInstance(encDataWrapper.getObjectAt(1));
		
		MessageDigest md = null;
		try {
			md = MessageDigest.getInstance("SHA1");
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		}
		
		int digestLen = md.getDigestLength();
		byte[] encrContent = info.getEncryptedContent().getOctets();
		byte[] contentOnly =  new byte[encrContent.length - digestLen];
		Security.addProvider(new BouncyCastleProvider());

// Get the KeyStore
		String keystorePath = "REDACTED";
		KeyStore keystore=KeyStore.getInstance("jceks");
		keystore.load(new FileInputStream(new File(keystorePath)),password.toCharArray());
		
		// Get SecretKey
		Key key=keystore.getKey(alias,password.toCharArray());
		
		// Create an RC4 decryption cipher
		SecretKey Skey = new SecretKeySpec(key.getEncoded(), "RC4");
		Cipher cipher = Cipher.getInstance("RC4", "CAMCryptoBC");
		cipher.init(2, Skey);
		
		byte[] decryptedData = null;
		try
		{
			decryptedData = cipher.doFinal(contentOnly);
		}
		catch (Exception e)	{
			e.printStackTrace();
		}

byte[] ptheader = { 0, 67, 65, 77, 0 };
		int pos = ptheader.length;
		int randomdatalen = decryptedData[(pos++)];
		
		if ((randomdatalen > 0) && (randomdatalen < 32)) {
			int nonplaintextpartlen = 7 + randomdatalen;
			int plaintextlen = decryptedData.length - nonplaintextpartlen;
			byte[] actualplaintext = new byte[plaintextlen];
			System.arraycopy(decryptedData, nonplaintextpartlen, actualplaintext, 0, plaintextlen);
			decryptedData = actualplaintext;
		} 
		
		// Display the decrypted stuff
		System.out.println(decryptedData);
		dis.close();
		
		// Expect something like REDACTED
	}
}

Outputs: [B@10ef90c

There's somethign fundamental I'm missing here...

Ok yup it was fundamental, duh, I was printing a byte[]. lol

But unfortunately the problem is not truly solved. By using the following I converted the byte[] to a String and printed it, but I'm still getting the wrong values.

Now it's outputting:

???L ?A??=?@+?A?h?B???F?
be??????4?????6w???>(???i?&?>?{d?ib)+?es?m??E'??4 T/?????_?
i]??v<\???g?RN?d?/?}?N?+w+a??L???-?8???a??eS???6?*?

Well, that's just the standard way of outputting an array of bytes. The code you've written uses the toString() method of an object to convert it to a String for display, but since arrays don't implement that method, you get the default toString() method of the Object class. Which produces something which starts with the class name ("[B" for byte array) followed by something which sort of represents the object's address. This isn't particularly useful if you expected it to tell you something about the array's contents, because it doesn't do that.

If you want something more meaningful (e.g. something which actually tells you what bytes are in the array) then you'll have to write that code yourself. Or if perhaps you meant to convert that byte array to a String, on the grounds that it actually encodes some text, then

would be the way to do that.

Ah, I see you've already figured out what I was saying.

But I don't understand your code. It looks like you're encrypting something and producing an array of bytes, but then when you decrypt you don't decrypt the whole thing, you try to decrypt only part of it. I'm no security expert but I wouldn't expect that to work.

Although it's possible I didn't understand what you were trying to do (see the part about not being an expert).

Although I'm not encrypting anything, I am doing a Base64 decode before decrypting. Then I believe the value translates to a DERObject that encapsulates the actual content. I try to extract the content, decrypt it, and display it.

Well, if line 6 (un-redacted) is supposed to represent encrypted data in some way, then yes, it must have had something done to it to convert the raw bytes into readable text. Perhaps that was Base-64 encoding, but I don't think that has anything to do with the actual process which produced that encrypted data.

I guess that Base-64 is the most likely thing to have been used, but you'd have to check with whoever gave you that encrypted data.

Here's the un-redacted encrypted value ...

MIHuBgkqhkiG9w0BBwaggeAwgd0CAQAwgdcGCSqGSIb3DQEHATAKBggqhkiG9w0DBICBvcs6iLO2VGfU7KzJmpU0y5lBsRYAs1tOdZKW6fmJ4XXQUgUyl7rcYUGSa5hu+XfbAFGRHwdLS4LSClP34srZ8aF8KtxXxdYbvxZ7s5xjnleHN8GBneh1ocoofaXLWmoFUa/WS47oQXGY80jSJ/Dm1B28Pt+VerKQtkr8sTRoSwtXWf5RuspfCGFvMddea2xuO5PX+14A+/8VfYuCRjjxMOMWE5suKfBunQICws86QkewfqxbTmOVKsB7kgXKag==

The "==" at the end indicates that it is indeed base-64 encoded.

After days of sticking with it... here is the solution. The problem was apparently confusion between Base64 from two different packages.

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.MessageDigest;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.cms.EncryptedContentInfo;
import org.bouncycastle.asn1.pkcs.ContentInfo;

public class Main {

public static void main(String[] args) throws Exception {
		String encryptedStuff = "MIHuBgkqhkiG9w0BBwaggeAwgd0CAQAwgdcGCSqGSIb3DQEHATAKBggqhkiG9w0DBICBvcs6iLO2VGfU7KzJmpU0y5lBsRYAs1tOdZKW6fmJ4XXQUgUyl7rcYUGSa5hu+XfbAFGRHwdLS4LSClP34srZ8aF8KtxXxdYbvxZ7s5xjnleHN8GBneh1ocoofaXLWmoFUa/WS47oQXGY80jSJ/Dm1B28Pt+VerKQtkr8sTRoSwtXWf5RuspfCGFvMddea2xuO5PX+14A+/8VfYuCRjjxMOMWE5suKfBunQICws86QkewfqxbTmOVKsB7kgXKag==";
		byte[] contentOnly = null;
	    byte[] cskDigestOnly = null;
	    MessageDigest md = null;
	    KeyStore cskKeyStore;
	    String keyStorePwd = "REDACTED";

// Decode the encryptedStuff 
		byte[] decodedData = org.apache.commons.codec.binary.Base64.decodeBase64(encryptedStuff);
		
		// Get the content
		ASN1InputStream dis = new ASN1InputStream(new ByteArrayInputStream(decodedData));
		ASN1Primitive pkcs = dis.readObject();
		
		// Get content data
	    ContentInfo contentInfo = ContentInfo.getInstance(pkcs);
	    DERSequence encDataWrapper = (DERSequence)contentInfo.getContent();
	    EncryptedContentInfo info = EncryptedContentInfo.getInstance(encDataWrapper.getObjectAt(1));
	    
	    // Get MessageDigest length
	    md = MessageDigest.getInstance("SHA1");
	    int digestLen = md.getDigestLength();
	    
	    // Get the content out of the encrypted octets
	    byte[] encrContent = info.getEncryptedContent().getOctets();
	    ByteArrayInputStream bais = new ByteArrayInputStream(encrContent);
	    try
	    {
	      cskDigestOnly = new byte[digestLen];
	      bais.read(cskDigestOnly, 0, digestLen);

contentOnly = new byte[encrContent.length - digestLen];
	      bais.read(contentOnly);
	    } catch (IOException e) {
	      e.printStackTrace();
	    }
	    
	    // Setup the KeyStore
		FileInputStream ksStream = null;
		String cskPath = "REDACTED";
		ksStream = new FileInputStream(cskPath);
		cskKeyStore = KeyStore.getInstance("JCEKS");
        cskKeyStore.load(ksStream, keyStorePwd.toCharArray());
        
        // Get CSK Key
        Key csk = cskKeyStore.getKey("csk", keyStorePwd.toCharArray());
        
        // Digest CSK
        md = MessageDigest.getInstance("SHA1");
        md.update(csk.getEncoded());
        byte[] cskDigest = md.digest();
        
        // Determine the Key to use for Deciphering
        SecretKey theKey = null;
        if (cskDigest.length == cskDigestOnly.length) {
	        boolean digestsMatch = true;

for (int c = 0; c < cskDigestOnly.length; c++) {
	          if (cskDigest[c] != cskDigestOnly[c]) {
	            digestsMatch = false;
	            break;
	          }
	        }

if (digestsMatch) {
	        	theKey = (SecretKey) csk;
	        }
	      }

String requiredCSKAlias = new String(org.bouncycastle.util.encoders.Base64.encode(cskDigestOnly));

try {
	    	theKey = (SecretKey) cskKeyStore.getKey(requiredCSKAlias, keyStorePwd.toCharArray());
	    } catch (Exception e) {
	    	e.printStackTrace();
	    }
	    
	    // Generate Cipher
	    Cipher cipher = null;
	    @SuppressWarnings("deprecation")
		String algId = info.getContentEncryptionAlgorithm().getObjectId().getId();
	    try {
	    	if (algId.equals("1.2.840.113549.3.4")) {
	    		cipher = Cipher.getInstance("RC4");
		        SecretKey key = new SecretKeySpec(theKey.getEncoded(), "RC4");
		        cipher.init(2, key);
		      }
	    } catch (Exception e) {
	    	e.printStackTrace();
	    }	    
	    
	    // Weird mutations
	    byte[] decryptedData = null;
	    try
	    {
	    	decryptedData = cipher.doFinal(contentOnly);
	    }
	    catch (Exception e)
	    {
	    	e.printStackTrace();
	    }
	    byte[] ptheader = { 0, 67, 65, 77, 0 };

boolean match = true;
	    if (decryptedData.length != 0) {
	      for (int i = 0; i < ptheader.length; i++) {
	        if (decryptedData[i] != ptheader[i]) {
	          match = false;
	          break;
	        }
	      }
	    }
	    else {
	      match = false;
	    }

if (match)
	    {
	      int pos = ptheader.length;
	      int version = decryptedData[(pos++)];

if (version > 1)
	      {
	        System.out.println("Wrong version");
	      }

int randomdatalen = decryptedData[(pos++)];

if ((randomdatalen > 0) && (randomdatalen < 32))
	      {
	        int nonplaintextpartlen = 7 + randomdatalen;

int plaintextlen = decryptedData.length - nonplaintextpartlen;

byte[] actualplaintext = new byte[plaintextlen];
	        System.arraycopy(decryptedData, nonplaintextpartlen, actualplaintext, 0, plaintextlen);

decryptedData = actualplaintext;
	      }
	      else {
	        System.out.println("Internal error");
	      }
	    }

String output = new String(decryptedData, "UTF-8"); 
		System.out.println(output);
		dis.close();
	}

}