I wrote a Linux application, a part of which will encrypt and decrypt a string using AES encryption. Given below is the SecretKeySpec creation method for the same. The application works perfectly and writes an encrypted string to a file. During decryption it correctly decrypts this string and use it in the application.
Now i am writing a standalone java class to decrypt the encrypted string using the same pass phrase and code. So i wrote the decryption code standalone and provided it with same pass phrase and encrypted string as inputs. But it kept on failing with this error.
javax.crypto.BadPaddingException: Given final block not properly padded
I noticed that the issue was because the SecretKeySpec was different in the application and in my standalone class even though the pass phrase and code is same. I confirmed it using the hash value of SecretKeySpec object.
I am confused as to why this is happening as everything is same in the application jar and in the new standalone java file. Any help will be appreciated to understand this issue.
I am storing the encrypted string in hexadecimal format and also confirmed that the error is not due to format issue. The code is working perfectly in the application.
the issue arises only when i try to make decryption a standalone java class. So simply, the SecretKeySpec generated should be same always for same pass phrase and code. But it differs in the application and in the standalone code.
I will try in that direction. but still the application and the standalone code are running on the same machine. So i am not sure if that is an issue.
while i am at it, can anyone explain why SecretKeySpec instances are different in the application and standalone code?
If this could help:
The string i encrypt using a standalone java encryption code can be decrypted by the standalone decryption code. It is failing only when i try to decrypt the string encrypted by the application.
The standalone java code is just the decryption code part of the application altered to run independently.
The encryption/decryption is just a part of the application which actually does file encryption. The encryption/decryption code is actually for securing the password used for file encryption.
So when the application save the password in encrypted form in a file, i will copy it and give it as input to the standalone decryption code which will try to decrypt it using the same pass phrase the application used.
i cant think of any reason why the keyspec should be different in thse two. but it is. The only difference is, the stand alone file is run in linux command line and the application run just like any other linux java application.
This code fragment is pretty messed up conceptually, although I cannot explain why it would return different results for different runs. You are trying to do all the transformation from password to key yourself. Let the PBE ciphers do the work for you. Look at the PBE examples in the Sun JCE guide and go from there.