Decryption Java JAVA Encryption

Question

Decryption Java JAVA Encryption

My application has the following encryption function:

public static String encrypt(String key, String value) { try { IvParameterSpec iv = new IvParameterSpec(key.substring(0, 16).getBytes("UTF-8")); SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); byte[] encrypted = cipher.doFinal(value.getBytes("UTF-8")); return Base64.encodeBase64String(encrypted); } catch (Exception ex) { ex.printStackTrace(); } return null; }

And in PHP, the encrypted message is decoded using openssl_decrypt() with AES-128-CBC set as the encryption method.

However, decryption does not always respond to what I get from the server, because it cannot recognize the encryption method.

I have no control over the server, so I can’t change anything for this purpose only in my Java application.

I tried different modes like AES/CBC/NoPadding but get an exception

 Input Length Not Multiple of 16 bytes

Now I know that there is nothing wrong with encryption because I can encrypt and decrypt in my java application when using AES/CBC/PKCS5Padding it just fails when publishing to the server.

The key is the md5 hash.

This is a sample of the data I need to encrypt:

 { "merchant_id": "EXX-00000001", "user_id": "000000000001", "code": "000200", "details": { "acc_no": "1234691007924321", "exp": "07/19", "name": "MICHAEL XXXXXX", "type": "VIS" } }

It is assumed that only the "detail" value is encrypted. The code should be an md5 hash. The resulting hash should then be used as the key for AES encryption. It is assumed that IV will be the first 16 characters of the hash. When the encryption is complete, the result should be encoded in base64 and sent to the server.

+5

java php encryption jax-rs

user3718908 Aug 12 '17 at 11:02

source share

1 answer

Christos lytras · Accepted Answer · 2017-08-17T18:58:02+0000

Trying to reverse this, I got an error

java.security.InvalidKeyException: illegal key size

in line

 cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);

To make it work, I changed the SecretKeySpec byte SecretKeySpec from key.getBytes("UTF-8") to key.substring(0, 16).getBytes("UTF-8") and used it like this:

  String md5Key= "e510a13edeea112b57683d724d5d70a6"; String detailsData = "{\n" + " \"acc_no\": \"1234691007924321\",\n" + " \"exp\": \"07/19\",\n" + " \"name\": \"MICHAEL XXXXXX\",\n" + " \"type\": \"VIS\"\n" + " }"; System.out.println(encrypt(md5Key, detailsData));

I got this conclusion:

 iufp4Rl+x/yTO7hSQBH7uU63sXAyzxgLequ3+JkFYZFz3PWwhxDC87TEC+bZ4rirgZVasrkLE1ehWWRGFV42Z29vAok+TMdwOvOettELUD3g8W2F40OyjMg4ItYkiZM+2W6Q2zf6t4sLzM6/AYqmAy1dKjPJcCQaFcnqK6mUFcM=

To decrypt this in PHP, I used the following code, which uses the first 16 characters of key to use as initializer key and iv as follows:

 $enc_data = 'iufp4Rl+x/yTO7hSQBH7uU63sXAyzxgLequ3+JkFYZFz3PWwhxDC87TEC+bZ4rirgZVasrkLE1ehWWRGFV42Z29vAok+TMdwOvOettELUD3g8W2F40OyjMg4ItYkiZM+2W6Q2zf6t4sLzM6/AYqmAy1dKjPJcCQaFcnqK6mUFcM='; $key = 'e510a13edeea112b57683d724d5d70a6'; $key16 = substr($key, 0, 16); $key16Hex = unpack('H*', $key16); print openssl_decrypt($enc_data, "AES-128-CBC", $key16, 0, hex2bin($key16Hex[1])); yTO7hSQBH7uU63sXAyzxgLequ3 + JkFYZFz3PWwhxDC87TEC + bZ4rirgZVasrkLE1ehWWRGFV42Z29vAok + TMdwOvOettELUD3g8W2F40OyjMg4ItYkiZM + 2W6Q2zf6t4sLzM6 / AYqmAy1dKjPJcCQaFcnqK6mUFcM ='; $enc_data = 'iufp4Rl+x/yTO7hSQBH7uU63sXAyzxgLequ3+JkFYZFz3PWwhxDC87TEC+bZ4rirgZVasrkLE1ehWWRGFV42Z29vAok+TMdwOvOettELUD3g8W2F40OyjMg4ItYkiZM+2W6Q2zf6t4sLzM6/AYqmAy1dKjPJcCQaFcnqK6mUFcM='; $key = 'e510a13edeea112b57683d724d5d70a6'; $key16 = substr($key, 0, 16); $key16Hex = unpack('H*', $key16); print openssl_decrypt($enc_data, "AES-128-CBC", $key16, 0, hex2bin($key16Hex[1]));

And, of course, I got JSON data that I encrypted using Java:

 { "acc_no": "1234691007924321", "exp": "07/19", "name": "MICHAEL XXXXXX", "type": "VIS" }

It is strange that you will not get an error in this line:

 SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");

because i am using jdk 1.8 with

 import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base64;

Decryption Java JAVA Encryption

More articles: