AES-128 CBC decryption

Question

I have written this code in java in order to decrypt a ciphertext. I have the key. Everything seems correct to me but I have the problem that I'm gonna explain.
Here is my code:

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class AES_CBC {

    public static void main(String[] args) throws Exception {

    byte[] keyBytes = new byte[] { 14, (byte) 0x0b, (byte) 0x41,
            (byte) 0xb2, (byte) 0x2a, (byte) 0x29, (byte) 0xbe,
            (byte) 0xb4, (byte) 0x06, (byte) 0x1b, (byte) 0xda,
            (byte) 0x66, (byte) 0xb6, (byte) 0x74, (byte) 0x7e, (byte) 0x14 };

    byte[] ivBytes = new byte[] { (byte) 0x4c, (byte) 0xa0, (byte) 0x0f,
            (byte) 0xf4, (byte) 0xc8, (byte) 0x98, (byte) 0xd6,
            (byte) 0x1e, (byte) 0x1e, (byte) 0xdb, (byte) 0xf1,
            (byte) 0x80, (byte) 0x06, (byte) 0x18, (byte) 0xfb, (byte) 0x28 };

    SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
    IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);

    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

    byte[] cipherText = new byte[] { (byte) 0x28, (byte) 0xa2, (byte) 0x26,
            (byte) 0xd1, (byte) 0x60, (byte) 0xda, (byte) 0xd0,
            (byte) 0x78, (byte) 0x83, (byte) 0xd0, (byte) 0x4e,
            (byte) 0x00, (byte) 0x8a, (byte) 0x78, (byte) 0x97,
            (byte) 0xee, (byte) 0x2e, (byte) 0x4b, (byte) 0x74,
            (byte) 0x65, (byte) 0xd5, (byte) 0x29, (byte) 0x0d,
            (byte) 0x0c, (byte) 0x0e, (byte) 0x6c, (byte) 0x68,
            (byte) 0x22, (byte) 0x23, (byte) 0x6e, (byte) 0x1d,
            (byte) 0xaa, (byte) 0xfb, (byte) 0x94, (byte) 0xff,
            (byte) 0xe0, (byte) 0xc5, (byte) 0xda, (byte) 0x05,
            (byte) 0xd9, (byte) 0x47, (byte) 0x6b, (byte) 0xe0,
            (byte) 0x28, (byte) 0xad, (byte) 0x7c, (byte) 0x1d, (byte) 0x81 };

    cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
    byte[] original = cipher.doFinal(cipherText);
    String plaintext = new String(original);
    System.out.println(plaintext);
}
}

I get the error below:

    Exception in thread "main" javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:969)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:831)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
    at javax.crypto.Cipher.doFinal(Cipher.java:2097)
    at AES_CTR.main(AES_CBC.java:39)

What is going wrong? I know the problem is somehow related to the padding but I don't the exact solution. I just have one ciphertext, IV, and the key.

Kayaman · Accepted Answer · 2014-07-16T21:56:44.070

0

Your first keyByte is wrong, it should be 0x14 instead of 14. The padding bytes are therefore incorrectly deciphered and the block is deemed to be incorrectly padded.

Refer to cipher options for possible cipher options.

edited Jul 16 '14 at 21:56

answered Jul 16 '14 at 13:13

Kayaman

72,141
5
83
121

2

Java uses PKCS5Padding name to refer to padding scheme which is not limited to the 8 bytes block sizes. In essence, the algorithm is PKCS7 padding with somewhat unfortunate name. – Oleg Estekhin Jul 16 '14 at 13:50
@OlegEstekhin Okay, but in this particular case the padding isn't `PKCS5` or `PKCS7`, it's `ISO10126`. – Kayaman Jul 16 '14 at 13:53
1

You are wrong. The last block ends with eight 0x08 bytes. This *is* PKCS5/PKCS7 padding. ISO10126 would have ended with one 0x80 and seven 0x00. – Oleg Estekhin Jul 16 '14 at 14:10
@Oleg I don't know what you're seeing, there is neither eight 0x08 bytes, nor a single 0x80 and seven 0x00. Also I tested this on my computer, so you better get a grip on yourself. – Kayaman Jul 16 '14 at 14:13
You better learn how to decrypt the last block of cipher text as if it was intermediate block. Decrypting the last 16 bytes of the cipher text in question will result in a block of data where PKCS5/7 padding is obvious. – Oleg Estekhin Jul 16 '14 at 14:17
Ahhhh, now I see what you're talking about. See my comment about the key being wrong. However, using ISO10126 padding will also decipher it correctly, without throwing an exception. – Kayaman Jul 16 '14 at 14:21
2

I mixed up ISO10126 with ISO/IEC 7816-4. ISO10126 pads with [(length-1) x (random bytes),length] of padding, PKCS5/7 pads with [length x length], so ISO10126 can indeed accept PKCS5/7 padding without a problem. But still this cipher text uses PKCS5/7 padding =). – Oleg Estekhin Jul 16 '14 at 14:32
Confirmed Oleg's meaning about the padding. Kayaman, telling somebody "to get a grip" is not acceptable, *especially* if you are wrong. – Maarten Bodewes Jul 16 '14 at 21:39
@owlstead But the issue wasn't the padding, it was the wrong key. I tried another padding (after I had changed the key), and since ISO10126 doesn't do any checking on the padding bytes, it worked. He was right about the padding, but my answer still stands. – Kayaman Jul 16 '14 at 21:50
OK, I'll downvote it then, as it contains incorrect information, which you seem unwilling to change. – Maarten Bodewes Jul 16 '14 at 21:52
Oh I can edit the post, don't get your knickers on a twist, since you didn't even participate in this question. – Kayaman Jul 16 '14 at 21:55

AES-128 CBC decryption

1 Answers1