AES GCM encryption and decryption in JAVA

Question

I am trying to implement AES/GCM/NoPadding encryption and decryption in JAVA .. the key used is a shared key from the public key of the receiver and the private key of the sender (ECDH).. encryption works well (with and without iv). However, I am unable to decrypt...

I get the exception: javax.crypto.BadPaddingException: mac check in GCM failed

public static String encryptString(SecretKey key, String plainText) throws NoSuchProviderException, NoSuchAlgorithmException, NoSuchPaddingException, UnsupportedEncodingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {

        //IvParameterSpec ivSpec = new IvParameterSpec(iv);
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");//AES/ECB/PKCS5Padding //"AES/GCM/NoPadding", "BC"
        byte[] plainTextBytes = plainText.getBytes("UTF-8");
        byte[] cipherText;

        //cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);

        cipher.init(Cipher.ENCRYPT_MODE, key);
        return new String(Base64.getEncoder().encode(cipher.doFinal(plainTextBytes)));
      }



           public static String decryptString(SecretKey key, String 
          cipherText) throws NoSuchProviderException, 
          NoSuchAlgorithmException, NoSuchPaddingException, 
          InvalidKeyException, InvalidAlgorithmParameterException, 
          IllegalBlockSizeException, BadPaddingException, 
          UnsupportedEncodingException, ShortBufferException {


        Key decryptionKey = new SecretKeySpec(key.getEncoded(),
                key.getAlgorithm());
       IvParameterSpec ivSpec = new IvParameterSpec(ivString.getBytes("UTF-8"));
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");//AES/GCM/NoPadding", "BC");

        cipher.init(Cipher.DECRYPT_MODE, decryptionKey, ivSpec);
        return new String (Base64.getEncoder().encode(cipher.doFinal(Base64.getDecoder().decode(cipherText.getBytes()))));

    }

Why do your encode your decrypted String with base64 again? It might be a problem caused by the Base64 encoder. Which imports do you have in your class? — michip96, May 22 '17 at 08:42
I've voted the question down as the code doesn't even compile. — Maarten Bodewes, May 22 '17 at 22:08

score 2 · Answer 1 · answered May 22 '17 at 17:08

2

You must use exactly the same IV for encryption and decryption of the same ciphertext and it must be different for each encryption that produces different ciphertexts. The IV is not secret, so you can send it along with the ciphertext. Usually, it is simply prepended to the ciphertext and sliced off before decryption.

answered May 22 '17 at 17:08

Artjom B.

61,146
24
125
222

That may not be the full answer, but it's a start. I don't know how the authentication tag is handled for GCM mode in Java. – Artjom B. May 22 '17 at 17:09
It's deemed part of the ciphertext and it will therefore throw an instance of (a class derived from) `BadPaddingException`. This is ugly as hell and is one of the worst design decisions for AEAD ciphers. Then again, for some godforsaken reason, it has been standardized in [RFC 5116](https://tools.ietf.org/html/rfc5116) - showing that bad practices do get standardized as well. – Maarten Bodewes May 22 '17 at 20:59

score 0 · Answer 2 · answered May 26 '17 at 17:06

0

You need to supply an instance of GCMParameterSpec (which includes the IV) for both of the Cipher.init calls. As has already been pointed out, the IV has to be the same for both encryption and decryption, and must be unique.

answered May 26 '17 at 17:06

BSM

1

AES GCM encryption and decryption in JAVA

2 Answers2

Linked