0

I'm trying encrypt data with JSEncrypt (v 2.3.1) then server decrypt data (Java). Most of time it works, but sometime backend throw BadPaddingException.

I found on stack it may be duplicated with this question: JSEncrypt(js) encrypt, but python cannot decrypt but seem it not same exception.

I googled and I found the issue: JSEncrypt#encrypt creates sporadically invalid ciphertexts. But when I tried reproduced issue follow the github link, backend code still decrypt data. Could anyone give some suggestions ?

JS code:

function encryptInput(input,key){
    var encrypt = new JSEncrypt();
    encrypt.setPublicKey(key);
    var encrypted = encrypt.encrypt(input);
    return encrypted;  
}

Java code:

public String decryptWeb(String cipherText, String privateKey){
    try{
    // Remove the first and last lines
    privateKey = privateKey.replace("-----BEGIN PRIVATE KEY-----", "");
    privateKey = privateKey.replace("-----END PRIVATE KEY-----", "");

    // Base64 decode data
    byte[] encoded = Base64.decodeBase64(privateKey);

    KeyFactory kf = KeyFactory.getInstance("RSA");
    RSAPrivateKey privateKey = (RSAPrivateKey) kf.generatePrivate(new PKCS8EncodedKeySpec(encoded));

    Cipher cipher = Cipher.getInstance("RSA");
    cipher.init(Cipher.DECRYPT_MODE, privateKey);
    return new String(cipher.doFinal(Base64.decodeBase64(cipherText)), "UTF-8");    // exception throw here
    }catch(Exception ex){
        LOG.error("decrypt",ex);
        return "";
    }
}

Exception:

decrypt - decrypt
javax.crypto.BadPaddingException: Decryption error
    at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
    at sun.security.rsa.RSAPadding.unpad(Unknown Source)
    at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363)
    at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:389)
    at javax.crypto.Cipher.doFinal(Cipher.java:2164)
    at com.util.Decryptor.decrypt(Decryptor.java:161)
Ca Pham Van
  • 316
  • 1
  • 3
  • 12
  • This is what you would get if you use e.g. the wrong public / private key combination. It has nothing to do with the ciphertext length issue, although that's such a basic mistake that any library with an open issue on that should be avoided. – Maarten Bodewes Jun 07 '21 at 08:29
  • @MaartenBodewes Most of the time it works. sometime it throws Bad Padding Exception. I can not reproduce because it happen on the production and it not log the ciphertext also. – Ca Pham Van Jun 07 '21 at 10:00
  • If it happens on "production" then you need to setup a test environment anyway, so you can reproduce the issue. Otherwise something is really missing. – Maarten Bodewes Jun 07 '21 at 10:17
  • I also tried on test environment but can not reproduce the bug.I also try to generate 30k encrypt strings from prod public key and try to decrypt on java. But not luck :(. There is no exception – Ca Pham Van Jun 07 '21 at 10:33
  • This unlikely to be the problem here but `Cipher cipher = Cipher.getInstance("RSA");` is not good practice. Always specify the full *algorithm/mode/padding* transformation to `Cipher.getInstance(...)`. Otherwise you end up relying on defaults which may be different on different platforms. – President James K. Polk Jun 07 '21 at 12:10
  • @CaPhamVan, did you find a way to solve this? – Aifos Si Prahs Dec 22 '22 at 10:26
  • The padding that JSEncrypt applies doesn't match with the padding that Java library tries to decrypt with. – Aifos Si Prahs Dec 26 '22 at 10:43

0 Answers0