I have a weird problem...
Basing my solution on Decrypting a hardcoded file as byte[]
So, I wrote a small Cypher class to help out with crypting/decrypting... It used to mock-up a key hardcoded at some place and another pre-crypted key stored somewhere else. But that's somewhat irrelevant atm.
the crypting process went like this:
- retrieve the hardcoded byte array
- use it to decrypt key2
- use key2 to decrypt data
- use key1 to further decrypt data
- have decrypted data
I was storing the crypted data as a hex-string, used these two functions to get in-out of there
private static String byteArrayToHexString(byte[] b)
{
StringBuffer sb = new StringBuffer(b.length * 2);
for (int i = 0; i < b.length; i++)
{
int v = b[i] & 0xff;
if (v < 16)
{
sb.append('0');
}
sb.append(Integer.toHexString(v));
}
return sb.toString().toUpperCase();
}
private static byte[] hexStringToByteArray(String s)
{
byte[] b = new byte[s.length() / 2];
for (int i = 0; i < b.length; i++)
{
int index = i * 2;
int v = Integer.parseInt(s.substring(index, index + 2), 16); //THIS LINE
b[i] = (byte) v;
}
return b;
}
That worked flawlessly; in fact it worked so good that I implemented it in my real project. The project failed to run due to the fact that i didn't thoroughly test.
Turns out it crypts/decrypts pretty much all files OK except one - that one doesn't want to decrypt.
I have pinpointed the issue however - THIS line throws an IllegalNumberFormat exception; at some point i got acquainted with this http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6259307 as well. I would and can revert to this method if someone describes a way to bypass a case when a string of length 2 is converted to four bytes which throw an IllegalNumberFormatException.
So, I figured that since I cannot decode a file (and obviously cannot share it here for you guys to try out) I needed to transform it somehow to make it transport-safe. Enter the Base64Coder class which encodes to base64 strings...
That seemed to have introduced a new issue - padding was getting effed up.
The question is simple - what am I doing wrong? I need to conform to this data and it has to be able to crypt/decrypt properly and equally. I'd like a proposal on the most light-weight solution possible with least copy/pasting... pseudocode won't do the trick here.
Here's what I'm doing now....
public static char[] encrypt2(byte[] value) throws GeneralSecurityException, IOException
{
SecretKeySpec key1 = getSecretKeySpec(true);
System.err.println("encrypt():" + key1.toString());
Cipher cipher = Cipher.getInstance(CRYPTOSYS);
cipher.init(Cipher.ENCRYPT_MODE, key1, cipher.getParameters());
byte[] encrypted = cipher.doFinal(value);
SecretKeySpec key2 = getSecretKeySpec(false);
cipher = Cipher.getInstance(CRYPTOSYS);
cipher.init(Cipher.ENCRYPT_MODE, key2, cipher.getParameters());
byte[] encrypted2 = cipher.doFinal(encrypted);
return Base64Coder.encode(encrypted2);
}
public static byte[] decrypt2(char[] message) throws GeneralSecurityException, IOException
{
SecretKeySpec key1 = getSecretKeySpec(false);
System.err.println("decrypt():" + key1.toString());
Cipher cipher = Cipher.getInstance(CRYPTOSYS);
cipher.init(Cipher.DECRYPT_MODE, key1);
byte[] decrypted = cipher.doFinal(Base64Coder.decode(message));
SecretKeySpec key2 = getSecretKeySpec(true);
cipher = Cipher.getInstance(CRYPTOSYS);
cipher.init(Cipher.DECRYPT_MODE, key2);
byte[] decrypted2 = cipher.doFinal(decrypted);
return decrypted2;
}
Note that keys are currently fully-exposed (hardcoded) for testing purposes.
Here's my test-case
public static void main(String... args) throws Exception
{
// byte[] data = "hello".getBytes();
File PEM = new File(PATH_TO_FILES + SOURCE_PEM);
File DER = new File(PATH_TO_FILES + SOURCE_DER);
File cryptoPEM = new File(PATH_TO_FILES + "cryptopem");
File cryptoDER = new File(PATH_TO_FILES + "cryptoder");
byte[] cryptokey = encryptA(ASSET_KEY);
System.out.println(new String(cryptokey));
//pem key
System.out.println("PEM");
byte[] data = getBytesFromFile(PEM);
char[] crypted = encrypt2(data);
// FileOutputStream fos = new FileOutputStream(cryptoPEM);
FileWriter fw = new FileWriter(cryptoPEM);
fw.write(crypted);
fw.flush();
//der key
System.out.println("DER");
data = getBytesFromFile(DER);
crypted = encrypt2(data);
fw = new FileWriter(cryptoDER);
fw.write(crypted);
fw.flush();
//opentext
System.out.println("checking PEM...");
crypted = Base64Coder.encode(getBytesFromFile(cryptoPEM));
byte[] decrypted = decrypt2(crypted, false);
byte[] decryptedData = decrypted;
if (!Arrays.equals(getBytesFromFile(PEM), decryptedData)) { throw new Exception("PEM Data was not decrypted successfully"); }
System.out.println("checking DER...");
crypted = Base64Coder.encode(getBytesFromFile(cryptoDER));
decrypted = decrypt2(crypted, false);
decryptedData = decrypted;
if (!Arrays.equals(getBytesFromFile(DER), decryptedData)) { throw new Exception("DER Data was not decrypted successfully"); }
}
And I'm getting an InvalidBlockSizeException now.... Please, someone shed some light on this, I just want this to work...
Replacing 'key2' for an IV to be later used in a "AES/CBC/PKCS5Padding" is an option I'm considering right now. Essentially nothing will change except the second step of encrypting. Theoretically and metodically I'd keep things the same - unless of course a better solution is described.
At the end I'd like to point out that this is a programmer question, not a IT security-student question so proper code is valued more than a theoretical response that covers unlikely fringe cases.
EDIT:
well, I can't give you the numbers that cause the IllegalNumberFormatException because I lost the code from this morning. I can't seem to replicate the issue so I guess trying to figure that part is of no use.
Here's the output from the sample test:
encrypt(): javax.crypto.spec.SecretKeySpec@15dd7
5@??_?G?j??!?c;D?i?lR?z?j
PEM
encrypt(): javax.crypto.spec.SecretKeySpec@15dd7
DER
encrypt(): javax.crypto.spec.SecretKeySpec@15dd7
checking PEM...
decrypt(): javax.crypto.spec.SecretKeySpec@15c78
Exception in thread "main" javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
which means that Base64 is kinda messing it up...
See Question&Answers more detail:
os