Encrypt text to AES/CBC/PKCS7Padding

Question

I am developing a web application to encrypt some texts with java 6.

The encrypted that I have to do is a AES (Rijndael) in CBC mode with PKCS7 padding and a 128-bit key.

I saw an article that explains how to encrypt in the same way I have to do, but with PKCS5 padding.

The link of the article is here:

https://bit502.wordpress.com/2014/06/27/codigo-java-encriptar-y-desencriptar-texto-usando-el-algoritmo-aes-con-cifrado-por-bloques-cbc-de-128-bits/

I change

private final static String cI = "AES/CBC/PKCS5Padding";

To

private final static String cI = "AES/CBC/PKCS7Padding";

But Java couldn't find a provider for this.

Could someone tell me how I have to do?

Try and use an up to date JRE when creating security sensitive data. Using AES-256 doesn't mean much if your system is vulnerable. — Maarten Bodewes, Mar 25 '15 at 23:59

score 29 · Accepted Answer · edited Apr 13 '17 at 12:48

29

Java only provides PKCS#5 padding, but it is the same as PKCS#7 padding. See this question on Crypto.SE:

What is the difference between PKCS#5 padding and PKCS#7 padding

They are interchangeable for the common block ciphers like AES and DES.

edited Apr 13 '17 at 12:48

Community

1
1

answered Mar 24 '15 at 13:37

Artjom B.

61,146
24
125
222

1

It's not the same: PKCS7 padding "allows block sizes up to 255 bytes in size" unlike "8 bytes" for PKCS5. – arviman Sep 10 '18 at 11:30
7

I should rephrase. PKCS5 padding is not valid for AES, but Java still provides it which means that Java is lying and is actually using PKCS7 padding in which case `PKCS5Padding` and `PKCS7Padding` are the same for all intends and purposes. – Artjom B. Sep 10 '18 at 21:30

score 7 · Answer 2 · answered May 08 '17 at 22:56

Try this method

String KEY_AES = "**************";
public String encrypt(String value) {
        try {
            byte[] key = KEY_AES.getBytes("UTF-8");
            byte[] ivs = KEY_AES.getBytes("UTF-8");
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
            SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
            AlgorithmParameterSpec paramSpec = new IvParameterSpec(ivs);
            cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, paramSpec);
            return Base64.encodeToString(cipher.doFinal(value.getBytes("UTF-8")), Base64.DEFAULT);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

The IV must be unpredictable when used with CBC mode. If the key is hard-coded and the key bytes are used as IV, then the IV is pretty much predictable. The IV is not a secret value. You can generate it randomly and send it along with the ciphertext to the receiver. Usually, this is done by prepending the IV to the ciphertext. The receiver then slices the IV off and uses it directly. — Artjom B., Feb 02 '18 at 17:17

score 2 · Answer 3 · edited May 23 '17 at 12:26

2

The Java specification list a number of encryption modes (and paddings) that needs to be supported. PKCS7Padding is not included.

These are the AES/CBC modes any Java implementation must support.

AES/CBC/NoPadding (128 bit key)
AES/CBC/PKCS5Padding (128 bit key)

(See this answer for more information)

Bouncy Castle does however have what you need.

edited May 23 '17 at 12:26

Community

1
1

answered Mar 24 '15 at 12:45

Sani Huttunen

23,620
6
72
79

Encrypt text to AES/CBC/PKCS7Padding

3 Answers3

Linked