0

I have a third party API where I have to send data in JSON in encrypted form. The data in JSON looks like this:

{
    "encryptedKey": "rltP+oNBMx26wSpmvKZ91iL=",
    "encryptedData": "u5o+ON08CNGLwvt8OUmHXFPAzfk3uPILANA="
}

Note: The data in json values is trimmed to just show example.

I am using Java11HttpClient to send this request to the given endpoint. The request with all encrypted values get processed well and I get a desired result that looks like same as request(Response is again in key value paired JSON and values are encrypted).

{
    "encryptedKey": "rltP+oNmvKZ91iL=",
    "encryptedData": "u5ot8OUmHXFPAzfk3uPILANA="
}

I have to decrypt this JSON "encryptedKey" again to get actual content. The decryption is done using "RSA/ECB/PKCS1Padding". So when I pass this String of encryptedKey to decrypt code it gives me BadPaddingException.

javax.crypto.BadPaddingException: Decryption error
        at java.base/sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:378)
        at java.base/sun.security.rsa.RSAPadding.unpad(RSAPadding.java:290)
        at java.base/com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:366)
        at java.base/com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:392)
        at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2202)

I am using this code:

HttpRequest request = HttpRequest.newBuilder().POST(BodyPublishers.ofString(requestPayload))
                .uri(URI.create(url))
                .header("Content-Type", "application/json")
                .header("Accept", "application/json")
                .headers(buildHeaders(headers).toArray(String[]::new)).build();

HttpResponse response = httpClient.send(request, HttpResponse.BodyHandlers.ofString(StandardCharsets.UTF_8));

This above code works well for request and give me a response in structure same as expected. But the problem seems to be lying in the process of deserialization of response in String.

Option 2: When I pick the encrypted request generated from code, same request if added as a payload in Postman, I get similar response. Now if I decrypt that encrypted key from Postman response, using same codebase it gives me a valid data without padding Exception.

Need suggestion on the ways to send such request and process the response data with some library in Spring or Java11 etc.

I have tried Unirest, Java11HttpClient and OkHttp so far but same results.

Thanks in advance.

gpsingh
  • 11
  • 3
  • The "BadPaddingException" directs me to your decryption function that is not shown in your question. Kindly add the code - did the 3rd party use YOUR public key to encrypt and you use your private key for decryption? – Michael Fehr Oct 15 '20 at 18:54
  • yes, third party use public key to encrypt. As I mentioned the response is okay on Postman, but during deserialization somewhere in code it messes up that encoding thing. – gpsingh Oct 16 '20 at 14:43
  • If you want help then - please - edit your question and add the decryption code. – Michael Fehr Oct 16 '20 at 15:18
  • please read the whole description, I mentioned that, if the request with encrypted values in JSON is sent from postman, it gives a similar and expected JSON with encrypted values under same keys. Now I decrypt that content from response it works with same code which doesn't work when I use any java bases request options mentioned in post. – gpsingh Oct 17 '20 at 09:40

0 Answers0