Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Problems with decrypting

843811Aug 21 2008 — edited Aug 21 2008
I have used the following java class [*Figure 1*] to manage my web application's encryption and decryption facilities... and normally i encryppts serial numbers which auo generated by MySql databse.

My problems is it will give a bad padding error everytime number 1, 11, 22, ... is decrypted.... All the code fragments i use to encrypt and decryt will be illustrated below.... Please help me to find an aswer for this problem. It is a terrible problem for me and actualy im new to java programing too....

Figure 1

*
*
package erelations.util;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

public class CryptographyUtil
{  
private static final String KEY = "rdeaeranda";

public static String encrypt(String text) throws Exception
{
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");        
//setup key
byte[] keyBytes= new byte[16];
byte[] b= KEY.getBytes("UTF-8");
int len= b.length; 
if (len > keyBytes.length) len = keyBytes.length;
System.arraycopy(b, 0, keyBytes, 0, len);
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
//the below may make this less secure, hard code byte array the IV in both java and .net clients
IvParameterSpec ivSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.ENCRYPT_MODE,keySpec,ivSpec);
byte [] results = cipher.doFinal(text.getBytes("UTF-8"));
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(results);
}

public static String decrypt(String text) throws Exception 
{
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");             
//setup key
byte[] keyBytes= new byte[16];
byte[] b= KEY.getBytes("UTF-8");
int len= b.length; 
if (len > keyBytes.length) len = keyBytes.length;
System.arraycopy(b, 0, keyBytes, 0, len);
SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.DECRYPT_MODE,keySpec,ivSpec);
BASE64Decoder decoder = new BASE64Decoder();
byte [] results = cipher.doFinal(decoder.decodeBuffer(text));
return new String(results,"UTF-8");
}
} 

*
*

Figure 2 - Encryption done in JSP files

*
*

<%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %>
<%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %>
<%@ taglib uri="/WEB-INF/struts-logic.tld" prefix="logic" %>
<%@ taglib uri="/WEB-INF/functions.tld" prefix="el" %>
<logic:present name="list_accounts">

<logic:iterate id="mylist" name="list_accounts">
<tr align="left">

<td width="150px" style="padding-left:5px;"><a href="SMAccountDetails.do?dispatch=getAcountDetails&acc=${el:encrypt(mylist.accuSerial)}" class="labelLink" style="text-decoration:none">${el:getUserFullName(mylist.accuOwner,comid)}</a></td>

<td width="250px" style="padding-left:5px;"><a href="SMAccountDetails.do?dispatch=getAcountDetails&acc=${el:encrypt(mylist.accuSerial)}" class="labelLink" style="text-decoration:none">${mylist.accuName}</a></td>

<td width="150px" style="padding-left:5px;"><a href="SMAccountDetails.do?dispatch=getAcountDetails&acc=${el:encrypt(mylist.accuSerial)}" class="labelLink" style="text-decoration:none">${mylist.accuTelephone}</a></td>

</tr>

</logic:iterate> 
</logic:present> 

*
*

Figure 3 - Get query string value and try to decrypt

*
*
int iAccountSerial = Integer.parseInt(CryptographyUtil.decrypt(request.getParameter("acc").trim()));*
*

Figure 4 - Bad Padding error

*{color:#ff0000}Please note that this error occurred only when trying to decrypt the number 1, 11, 22, ... and other same format..*
*{color}*{color:#ff0000}{color:#000000} 
{color}{color}*exception* 

javax.servlet.ServletException: javax.crypto.BadPaddingException: Given final block not properly padded
org.apache.struts.action.RequestProcessor.processException(RequestProcessor.java:535)
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:433)
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
*root cause* 

javax.crypto.BadPaddingException: Given final block not properly padded
com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA12275)
javax.crypto.Cipher.doFinal(DashoA12275)
erelations.util.CryptographyUtil.decrypt(CryptographyUtil.java:50)
erelations.salesforce.action.AccountDynaActon.getAcountDetails(AccountDynaActon.java:238)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:585)
org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:270)
org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:187)
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196)
org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)

{color:#ff0000}{color:#000000}
Please help me........... Thanx in advanced...
{color}{color}
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 18 2008
Added on Aug 21 2008
#cryptography
6 comments
656 views