1

I'm using IBM SDK Java Technology Edition and the code below: 

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");      
SecureRandom random = SecureRandom.getInstance("IBMSecureRandom", "IBMJCE");        
random.setSeed(longToBytes(System.currentTimeMillis()));
keyGen.initialize(512, random);

KeyPair pairTytus = keyGen.generateKeyPair();
KeyPair pairRomek = keyGen.generateKeyPair();
KeyPair pairAtomek = keyGen.generateKeyPair();

// Making a wrap-key for private keys; based on password.
byte[] key = ("password").getBytes("UTF-8");
MessageDigest sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
key = Arrays.copyOf(key, 16); // use only first 128 bit

SecretKeySpec secretKeySpec = new SecretKeySpec(key, "MARS");

Cipher c1 = Cipher.getInstance("MARS/ECB/NoPadding");
c1.init(Cipher.WRAP_MODE, secretKeySpec);

c1.wrap(pairTytus.getPrivate());

While running the application I'm getting this exception:

Exception in thread "main" javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes.

I read somewhere it has something to do with using "NoPadding", but MARS doesn't implement any padding in this library. Any thoughts how to avoid this exception?

I need to use both MARS and ECB in this place.

Matt
  • 14,906
  • 27
  • 99
  • 149
user3581955
  • 77
  • 5
  • 1
    Have you tried to use padding like `PKCS5Padding` or `PKCS7Padding`? – Artjom B. Apr 24 '16 at 13:34
  • RSA 512 is too small a key size, seeding a PRNG as you currently do is highly doubtful practice, your key derivation from the password is extremely vulnerable, ECB is not secure for wrapping structured keys, and MARS is a AES finalist - so not as well studied as AES itself. In other word, I don't even see a line of code that is not vulnerable in some kind of fashion. What's the point of this exercise, showing how not to perform security? – Maarten Bodewes Apr 27 '16 at 08:51

0 Answers0