8

I followed this tutorial for encrypting and decrypting simple strings in android/java:

https://stackoverflow.com/questions/4319496/how-to-encrypt-and-decrypt-data-in-java I made a Cryptography class:

public class Cryptography {

    public static SecretKey generateKey() throws NoSuchAlgorithmException {
        MessageDigest digest = MessageDigest.getInstance("SHA");
        digest.update("BhLKTyLoP YroUsRQT".getBytes());
        return new SecretKeySpec(digest.digest(), 0, 16, "AES");
    }

    public static byte[] encrypt(String message, SecretKey key) throws NoSuchAlgorithmException, BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException, InvalidKeyException, UnsupportedEncodingException {
        Cipher aes = Cipher.getInstance("AES/ECB/PKCS5Padding");
        aes.init(Cipher.ENCRYPT_MODE, key);
        return aes.doFinal(message.getBytes());
    }

    public static String decrypt(byte[] cipherText, SecretKey key) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher aes = Cipher.getInstance("AES/ECB/PKCS5Padding");
        aes.init(Cipher.DECRYPT_MODE, key);
        return new String(aes.doFinal(cipherText));
    }

}

I was able to encrypt method and gave me this:

Encrypted username: [B@52aff408 
Encrypted password: [B@52aff6d8

However, when I use decrypt:

SecretKey secret = Cryptography.generateKey();
Log.d("encryption", "Decrypted username: " + Cryptography.decrypt(encryptedUsername.getBytes(),secret)
                                + " Decrypted password: " +  Cryptography.decrypt(encyptedPassword.getBytes(),secret));

It gives me the error:

03-25 15:22:23.461    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ java.lang.RuntimeException: error:0606506D:digital envelope routines:EVP_DecryptFinal_ex:wrong final block length
03-25 15:22:23.461    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.NativeCrypto.EVP_CipherFinal_ex(Native Method)
03-25 15:22:23.461    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.OpenSSLCipher.doFinalInternal(OpenSSLCipher.java:398)
03-25 15:22:23.461    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at org.apache.harmony.xnet.provider.jsse.OpenSSLCipher.engineDoFinal(OpenSSLCipher.java:434)
03-25 15:22:23.461    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at javax.crypto.Cipher.doFinal(Cipher.java:1111)
03-25 15:22:23.461    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at com.sblive.utils.Cryptography.decrypt(Cryptography.java:28)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at com.sblive.aufschoolbliz.GradeBookFragment$2.onClick(GradeBookFragment.java:99)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at android.view.View.performClick(View.java:4240)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at android.view.View$PerformClick.run(View.java:17721)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at android.os.Handler.handleCallback(Handler.java:730)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at android.os.Handler.dispatchMessage(Handler.java:92)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at android.os.Looper.loop(Looper.java:137)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at android.app.ActivityThread.main(ActivityThread.java:5103)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at java.lang.reflect.Method.invokeNative(Native Method)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at java.lang.reflect.Method.invoke(Method.java:525)
03-25 15:22:23.465    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:737)
03-25 15:22:23.469    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:553)
03-25 15:22:23.469    2073-2073/com.sblive.aufschoolbliz W/System.err﹕ at dalvik.system.NativeStart.main(Native Method)
Community
  • 1
  • 1
dgzz
  • 2,929
  • 6
  • 34
  • 56
  • ECB mode is usually only safe to use if the message is smaller or equal to 16 bytes. As soon as the message becomes larger than 16 bytes, then the mode leaks information. Try CBC mode instead. – jww Mar 25 '14 at 08:04
  • changed it but it doesn't work.. – dgzz Mar 25 '14 at 08:09
  • 1
    Seems like `encryptedUsername` and `encyptedPassword` are strings and you are trying to treat them as a holders for byte arrays. You should store the encrypted data as a `byte[]` and pass it around as `byte[]`. Or at least convert to Base64 and back appropriately. – Oleg Estekhin Mar 25 '14 at 08:34
  • "...changed it but it doesn't work" - be sure to use a random IV generated by `SecureRandom` for each encryption. Otherwise, all message use the NULL IV and leak information again. See `IvParameterSpec` in the Java docs. – jww Mar 25 '14 at 08:58
  • If your version of Java supports it, you should also consider using `GCM` mode. Not only does it encrypt, it also provides authenticity assurances. With GCM mode, you get bit rot and tampering detection for nearly free. I say "nearly free" because the auth tag causes some additional plain text expansion. – jww Mar 25 '14 at 09:03
  • tried base64 and it did work, thanks! – dgzz Mar 25 '14 at 09:26

1 Answers1

3

Encrypted username: [B@52aff408

Encrypted password: [B@52aff6d8

These are too small. Assuming the plain text message was fewer than 16 bytes, then these should be exactly 16 bytes because of PKCS padding.

You have an encoding problem somewhere. Probably an embedded null that slices off the end of the cipher text when interpreted as a string...

As a matter of fact, they look like pointers being printed....

jww
  • 97,681
  • 90
  • 411
  • 885
  • oh yes, I was using String.valueOf when I'm storing it to shared preferences. However, I'm now getting unknown characters for the encryption, something like this: "�)��J;]�w.6�t" – dgzz Mar 25 '14 at 08:26
  • 1
    "now getting unknown characters for the encryption..." - you probably need a different strategy for the way you handle the raw bytes. Especially if you are trying to treat them like printable strings. You could Hex/Base32/Base64 encode them (and decode) them as required. – jww Mar 25 '14 at 08:54