How to decrypt aes-256-cbc in Java

Question

I have encrypted the string in php. Decrypted successfully from php and node.js. In addition, it must be decrypted by java.

Help me an example of decrypting from java?

PHP Encrypt code

/* encrypt */
$encryption_method = 'aes-256-cbc';
$secretHash = "d95acd54c6a821ff32c52825b931c194";
$iv_size = openssl_cipher_iv_length($encryption_method);
$iv = openssl_random_pseudo_bytes($iv_size);

//encrypt
$encryptedMessage = openssl_encrypt($new_token, $encryption_method, $secretHash, 0, $iv);

//Concatenate iv with data
$ciphertext = bin2hex($iv).$encryptedMessage;

/* decrypt the cipher */
$iv_size = openssl_cipher_iv_length($encryptionMethod);
$iv = hex2bin(substr($encryptedMessageWithIv, 0, $iv_size * 2));

$decryptedMessage = openssl_decrypt(substr($encryptedMessageWithIv, $iv_size * 2), $encryptionMethod, $secretHash, 0, $iv);

Ankur · Answer 1 · 2018-08-27T09:55:57.030

Below is the encryption and decryption process for a string using AES algorithm.

 private static final String key = "aesEncryptionKey";
    private static final String initVector = "encryptionIntVec";

    public static String encrypt(String value) {
        try {
            IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
            SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");

            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
            cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);

            byte[] encrypted = cipher.doFinal(value.getBytes());
            return Base64.encodeBase64String(encrypted);
        } catch (Exception ex) {
            ex.printStackTrace();
        }
        return null;
    }

public static String decrypt(String encrypted) {
    try {
        IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
        SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");

        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
        cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
        byte[] original = cipher.doFinal(Base64.decodeBase64(encrypted));

        return new String(original);
    } catch (Exception ex) {
        ex.printStackTrace();
    }

    return null;
}

In case init vector is not known, try using below code segment.

public byte[] decrypt(String encryptedString) throws DataLengthException, InvalidCipherTextException {

        byte[] input = encryptedString.getBytes("UTF-8");
        CBCBlockCipher cbcBlockCipher = new CBCBlockCipher(new AESEngine());
        SecureRandom random = new SecureRandom();;
        KeyParameter key = new KeyParameter("$secretHash".getBytes());// your key string
        BlockCipherPadding blockCipherPadding = new PKCS7Padding();;
        PaddedBufferedBlockCipher pbbc = new PaddedBufferedBlockCipher(cbcBlockCipher, blockCipherPadding);

        int blockSize = cbcBlockCipher.getBlockSize(); // Make sure this block size is same as that used while encrypting the string.
        int inputOffset = 0;
        int inputLength = input.length;
        int outputOffset = 0;

        byte[] initializationVector = new byte[blockSize];

        System.arraycopy(input, 0, initializationVector, 0, blockSize);
        inputOffset += blockSize;
        inputLength -= blockSize;

        pbbc.init(encrypt, new ParametersWithIV(key, initializationVector));
        byte[] output = new byte[pbbc.getOutputSize(inputLength) + outputOffset];

        int outputLength = outputOffset + pbbc.processBytes(input, inputOffset, inputLength, output, outputOffset);

        outputLength += pbbc.doFinal(output, outputLength);

        return Arrays.copyOf(output, outputLength);
    }

Thank you for your reply. What I need is a separate way to use initVector because it's in the encrypt string. initVector is not a static string because it creates an initVector in your php code. Can you help me with this? — Th Yoon, Aug 27 '18 at 06:43
@ThYoon, i have made an edit to the answer, hopefully this should solve your problem. — Ankur, Aug 27 '18 at 09:58

hugoalexandremf · Answer 2 · 2022-03-05T20:33:52.270

Just in case it helps someone in the future: encryption with AES/CBC/PKCS5PADDING along with the generation of a dynamic IV that is appended to the final ciphertext in Java can be done through the following code:

Encryption (JAVA)

public String encryptPlainText(String plainText) {
      String cipherText = "";
      try {
           String keyString = "examplesecretkeyexamplesecretkey";

           //Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy
           Security.setProperty("crypto.policy", "unlimited");

           Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
           SecretKeySpec keyspec = new SecretKeySpec(keyString.getBytes(), "AES");

           byte[] v = new byte[16];
           new SecureRandom().nextBytes(v);
           IvParameterSpec iv = new IvParameterSpec(v);

           cipher.init(Cipher.ENCRYPT_MODE, keyspec, iv);
           byte[] cipherTextByteArray = cipher.doFinal(plainText.getBytes());

           //appending iv to ciphertext without any additional libraries to handle the concatenation of the two byte arrays
           byte[] ivWithCipherTextByteArray = new byte[v.length + cipherTextByteArray.length];
           System.arraycopy(v, 0, ivWithCipherTextByteArray, 0, v.length);
           System.arraycopy(cipherTextByteArray, 0, ivWithCipherTextByteArray, v.length, cipherTextByteArray.length);

           cipherText = new String(Base64.getEncoder().encode(ivWithCipherTextByteArray));
      } catch (Exception e) {
           LOG.info("Exception", e);
      }

      return cipherText;
 }

Decryption of the cipherText obtained with the code above can be implemented in the following way:

Decryption (JAVA)

public static String decryptCipherText(String cipherText) {
      String plainText="";
      try {
           String keyString = "examplesecretkeyexamplesecretkey";

           Security.setProperty("crypto.policy", "unlimited");

           Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
           SecretKeySpec keyspec = new SecretKeySpec(keyString.getBytes(), "AES");

           byte[] cipherTextByteArray = Base64.getDecoder().decode(cipherText);

           //initialize the IvParameterSpec with the first 16 bytes of the cipherText
           IvParameterSpec iv = new IvParameterSpec(Arrays.copyOfRange(cipherTextByteArray, 0, 16));

           //cipherText to decrypt is now the original one with the first 16 bytes removed (the IV used above)
           cipherTextByteArray = Arrays.copyOfRange(cipherTextByteArray, 16, cipherTextByteArray.length);

           cipher.init(Cipher.DECRYPT_MODE, keyspec, iv);
           plainText = new String(cipher.doFinal(cipherTextByteArray));
      } catch (Exception e) {
           LOG.info("Exception", e);
      }

      return plainText;
 }

How to decrypt aes-256-cbc in Java

2 Answers2

Linked