3

Can someone please tell me why I am getting this error message? Obviously it is some kind of conversion that I am missing

expected IV length of 16 but was 24

To call it I use

String encrypted = "E5ADDEB05D9D7B3925B7DE16B560D87C";
String sKey = "3985661DD71D591665BD39476636486B";
String sIv = "75E5FBB56AA78D05D246078A782553E1";
String decrypted = decrypt2(encrypted, sKey, sIv);
Log.i("--------------------------------> ", decrypted);

this is the procedure

public static String decrypt2(final String EncryptedMessageBase64,
                              final String symKeyHex,
                              final String sIvHex) {

    final byte[] symKeyData = Base64.decode((symKeyHex),Base64.DEFAULT);
    final byte[] byIvData = Base64.decode((sIvHex), Base64.DEFAULT);
    final byte[] EncryptedMessage = Base64.decode(EncryptedMessageBase64, Base64.DEFAULT);

    try
    {

        final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        final int blockSize = cipher.getBlockSize();

        final SecretKeySpec symKey = new SecretKeySpec(symKeyData, "AES");
        Log.i("### iv size -------->", String.valueOf(blockSize));
        Log.i("### symKeyHex -------->", symKeyHex);
        Log.i("### sIvHex -------->", sIvHex);
        Log.i("### blockSize -------->", String.valueOf(blockSize));

        final IvParameterSpec iv = new IvParameterSpec(byIvData);

        final byte[] encryptedMessage = new byte[EncryptedMessage.length];

        cipher.init(Cipher.DECRYPT_MODE, symKey, iv);

This is the output

### iv size -------->: 16
### symKeyHex -------->: 3985661DD71D591665BD39476636486B
### sIvHex -------->: 75E5FBB56AA78D05D246078A782553E1
### blockSize -------->: 16
error: expected IV length of 16 but was 24
Paolo Forgia
  • 6,572
  • 8
  • 46
  • 58
flashc5
  • 307
  • 1
  • 6
  • 16

1 Answers1

2

You are doing Base64 decoding on the key and IV but they are hex encoded, you need to do hex decoding to binary.

symKeyHex and sIvHex are very clearly hex encoded values and EncryptedMessageBase64 is clearly Base64 encoded.

Depending on the libraries you have included in your project one possibility is:

final byte[] symKeyData = (byte[]) new Hex().decode(symKeyHex);
final byte[] byIvData   = (byte[]) new Hex().decode(sIvHex);

More: Base64 encoding represents 3 binary bytes as 4 ASCII characters. Hexadecimal encoding represents 1 binary byte as 2 ASCII characters.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • Also can you tell me if that is AES 256bit? I th ought it was but you have me thinking now that its actually a 16char key – flashc5 Aug 28 '17 at 18:55
  • 1
    I would take it as a 128-bit (16-byte, not char) key which is completely secure. – zaph Aug 28 '17 at 19:53
  • Thanks again, do you know if doubling that key from 16byte to 32byte makes it 256 bit encryption? Is it that easy? – flashc5 Aug 28 '17 at 20:59
  • Essentially yes but there is no added security in doing so, neither a 128 nor 256 bit key is vulnerable in any way. OK, it can make the developer feel more mainly but that is about it. If you were to use the same key with just a different encoding to create a 256-bit key there would be no more security because it is the same key. See [Why most people use 256 bit encryption instead of 128 bit?](https://security.stackexchange.com/a/19762/5121) – zaph Aug 28 '17 at 21:24
  • @flashc5 Here is information on extending a 128-bit to 256-bit key that becomes less secure :[Does AES-128 have the same strength as AES-256 with a padded key?](https://crypto.stackexchange.com/a/15606/4747) *Padding that is non 0 has the same problems.* – zaph Aug 28 '17 at 21:56