0

Hello everyone i have string encrypted in PHP by openssl_encrypt with algorithm 'aes-256-cbc'

Key: C4E30455853D4949A8E91B2C366BE9DE

Vector: 5686044872102713

Encrypted string: ak9YSTd6RXU5TENocUxQUGxieVhpZ3VqSlFiQUdndGZrbVJvbEliTGZjZz0=

And here is my Java function for decrypt:

public static String Decrypt_AES_FromBase64(String AEncryptedText, String AKey32Bytes, String AVectorNum16Bytes) {
        try { 
            byte[] vEncryptedBytes = Base64.getDecoder().decode(AEncryptedText);

            Key SecretKey = new SecretKeySpec(AKey32Bytes.getBytes(), "AES");
            IvParameterSpec vSpec = new IvParameterSpec(AVectorNum16Bytes.getBytes());

            Cipher vCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            vCipher.init(Cipher.DECRYPT_MODE, SecretKey, vSpec);

            return new String(vCipher.doFinal(vEncryptedBytes));
        } catch (Exception e) {
                Common.mContext.getLogger().log(e.toString());
            return "";
        }
    }

When i try to decrypt i have error:

javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher

Can somebody tell what the wrong?

Improve this question
4
  • Not the highlighted problem but AKey32Bytes.getBytes() converts the characters into their character codes but you probably want to convert if from hexadecimal digits to binary: In Java, how do I convert a hex string to a byte? There is some ambiguity about what to do with 5686044872102713. Commented Dec 5, 2017 at 15:18
  • I have changed to IvParameterSpec vSpec = new IvParameterSpec(DatatypeConverter.parseHexBinary(AVectorNum16Bytes)); And now i have new error: "Wrong IV length: must be 16 bytes long" Commented Dec 5, 2017 at 15:28
  • 2
    The encrypted string is double Base64 encoded, there is no reason for that. Commented Dec 5, 2017 at 15:39
  • Probably the IV is not hex (there are no a-f characters) and an AES IV must be 16-bytes. An IV should instead be random bytes per encryption, just prefix the encrypted data with the IV for use in decryption, it does not need to be secret. Commented Dec 5, 2017 at 15:40

1 Answer 1

Reset to default
2

The encrypted string AKey32Bytes is double Base64 encoded.

Instead of AKey32Bytes.getBytes() you need to double Base64 decode the encrypted data to binary.

Encrypted string:
ak9YSTd6RXU5TENocUxQUGxieVhpZ3VqSlFiQUdndGZrbVJvbEliTGZjZz0=

After one Base64 decode:
jOXI7zEu9LChqLPPlbyXigujJQbAGgtfkmRolIbLfcg=

After a second Base64 decode (displayed in hex because it is not binary):
8CE5C8EF312EF4B0A1A8B3CF95BC978A0BA32506C01A0B5F9264689486CB7DC8

That is what needs to be provided to the decryption function.

The decrypted result is:
(in hex) 257531362A2179704B40577255516272
(in ASCII): "%u16*!ypK@WrUQbr" (all valid ASCII characters)

Note: there is a full block of PKCS#7 padding (in hex): 10101010101010101010101010101010

As much as it pains me to say this, from the correct padding I can assume the decryption was successful.

See Cryptomathic AES CALCULATOR

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.