All geek questions in one place

Why does AES decryption java return extra characters?

Excuse me for bad English. I use mcrypt, which I get from here is MCrypt for php and java . in my android application, I need php and java to communicate securely, so I get the above AES. the problem is when php sends encrypted data, java can decrypt it, but some extra characters are included.

JAVA Code

import java.security.NoSuchAlgorithmException; import javax.crypto.Cipher; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; public class MCrypt { private String iv = "fedcba9876543210";//Dummy iv (CHANGE IT!) private IvParameterSpec ivspec; private SecretKeySpec keyspec; private Cipher cipher; private String SecretKey = "0123456789abcdef";//Dummy secretKey (CHANGE IT!) public MCrypt() { ivspec = new IvParameterSpec(iv.getBytes()); keyspec = new SecretKeySpec(SecretKey.getBytes(), "AES"); try { cipher = Cipher.getInstance("AES/CBC/NoPadding"); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchPaddingException e) { // TODO Auto-generated catch block e.printStackTrace(); } } public byte[] encrypt(String text) throws Exception { if(text == null || text.length() == 0) throw new Exception("Empty string"); byte[] encrypted = null; try { cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec); encrypted = cipher.doFinal(padString(text).getBytes()); } catch (Exception e) { throw new Exception("[encrypt] " + e.getMessage()); } return encrypted; } public byte[] decrypt(String code) throws Exception { if(code == null || code.length() == 0) throw new Exception("Empty string"); byte[] decrypted = null; try { cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec); decrypted = cipher.doFinal(hexToBytes(code)); } catch (Exception e) { throw new Exception("[decrypt] " + e.getMessage()); } return decrypted; } public static String bytesToHex(byte[] data) { if (data==null) { return null; } int len = data.length; String str = ""; for (int i=0; i<len; i++) { if ((data[i]&0xFF)<16) str = str + "0" + java.lang.Integer.toHexString(data[i]&0xFF); else str = str + java.lang.Integer.toHexString(data[i]&0xFF); } return str; } public static byte[] hexToBytes(String str) { if (str==null) { return null; } else if (str.length() < 2) { return null; } else { int len = str.length() / 2; byte[] buffer = new byte[len]; for (int i=0; i<len; i++) { buffer[i] = (byte) Integer.parseInt(str.substring(i*2,i*2+2),16); } return buffer; } } private static String padString(String source) { char paddingChar = ' '; int size = 16; int x = source.length() % size; int padLength = size - x; for (int i = 0; i < padLength; i++) { source += paddingChar; } return source; } }

PHP code

  <?php class MCrypt { private $iv = 'fedcba9876543210'; #Same as in JAVA private $key = '0123456789abcdef'; #Same as in JAVA function __construct() { } function encrypt($str) { //$key = $this->hex2bin($key); $iv = $this->iv; $td = mcrypt_module_open('rijndael-128', '', 'cbc', $iv); mcrypt_generic_init($td, $this->key, $iv); $encrypted = mcrypt_generic($td, $str); mcrypt_generic_deinit($td); mcrypt_module_close($td); return bin2hex($encrypted); } function decrypt($code) { //$key = $this->hex2bin($key); $code = $this->hex2bin($code); $iv = $this->iv; $td = mcrypt_module_open('rijndael-128', '', 'cbc', $iv); mcrypt_generic_init($td, $this->key, $iv); $decrypted = mdecrypt_generic($td, $code); mcrypt_generic_deinit($td); mcrypt_module_close($td); return utf8_encode(trim($decrypted)); } protected function hex2bin($hexdata) { $bindata = ''; for ($i = 0; $i < strlen($hexdata); $i += 2) { $bindata .= chr(hexdec(substr($hexdata, $i, 2))); } return $bindata; } }

therefore the script is a java-sending data (plain text) in JSON format for PHP, php extracts the data, encrypts them, and finally, an echo in JSON format

Php call:

 <?php $data =json_decode(file_get_contents('php://input'), true); $data=$data["request"]; require_once "encryption.php"; $etool=new MCrypt(); $data=$etool->encrypt($data); $array=array('data'=>$data); echo json_encode($array);

JAVA Code:

  //sb is StringBuilder JSONObject j=new JSONObject(sb.toString()); encryption etool=new encryption(); result=j.get("data").toString(); result= new String(etool.decrypt( result )); Log.d("success remote ",result );

result:

Example

and if I use the Farsi / Arabic word, it gets worse

like this-> درود

In addition, I checked other questions, but I could not get an answer.

AES encryption, extra garbage characters in the decrypted file and
PHP MCRYPT encrypt / decrypt returns invisible weird characters?

Thank you in advance!

+5
source share
2 answers

AES encrypts in blocks of 16 bytes. If your input is not a multiple of 16 bytes, an additional circuit is needed. Since you did not specify an add-on option for Mcrypt , it uses "zero padding."

In Java code , you specify "NoPadding" when you instantiate your Cipher:

  cipher = Cipher.getInstance("AES/CBC/NoPadding");

So, Java believes that the addition made by php is part of the encrypted data.

You just need to make sure your php and Java code uses the same padding scheme.

+3
source

I think this is binary data that cannot be displayed. Have you tried using base64 to convert it to a regular string before sending it to a php script?

In a php script, you do the following to decode a base64 string.

 $data=base64_decode($data["request"])
+1
source

Source: https://habr.com/ru/post/1242338/

More articles:


All Articles