7

I'm trying to encrypt some data in a Python program and save it out, then decrypt that data in a Java program. In Python, I'm encrypting it like this:

from Crypto.Cipher import AES
KEY = '12345678901234567890123456789012'

def encrypt(data):
    cipher = AES.new(KEY, AES.MODE_CFB)
    return cipher.encrypt(data)

And in Java, I'm decrypting it like this:

import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;

public class Encryption {
    private static byte[] KEY = { '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2', '3', '4', '5', '6', '7',
        '8', '9', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '1', '2' };

    public static byte[] decrypt(byte[] data) throws NoSuchAlgorithmException, NoSuchPaddingException,
            InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher c = Cipher.getInstance("AES/CFB/NoPadding");
        Key key = new SecretKeySpec(KEY, "AES");
        c.init(Cipher.DECRYPT_MODE, key);
        return c.doFinal(data);
    }
}

But I get Exception in thread "main" java.security.InvalidKeyException: Illegal key size or default parameters. Clearly, I'm doing something wrong. But what?

Chris B.
  • 85,731
  • 25
  • 98
  • 139
  • 2
    do you have the proper jars to allow for higher strength encryption? By default java does not allow for strong keys. Your error has nothing to do with the python end of things and everything to do with the key you are trying to use. http://stackoverflow.com/questions/2568841/aes-encryption-java-invalid-key-length check out the answer by Mohamed Mansour – Mike McMahon May 03 '12 at 23:50
  • try this with a small simple key, see if it still happens. – Mike McMahon May 03 '12 at 23:50

3 Answers3

6

The reason you have a problem is because the security policy limits your key size to 128-bit and you are attempting to use a 256-bit key (need Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files).

Look at this discussion and you'll probably notice you have a similar problem. I actually had the same problem on my machine. After updating the security policy, I was able to run your code. Also, I think you should make the following change c.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(new byte[16])); You are missing the initialization vector for the CFB mode. If the decrypted value is not correct, check the way you initialize the keys.

user845279
  • 2,794
  • 1
  • 20
  • 38
4

I would strongly recommend using a cross-language crypto API for this. I am a big fan of Keyczar, and it just so happens to have Java and Python libraries. The API is about as simple as:

public String encrypt(String data)
public String decrypt(String data)

in both Java and Python.

Matt Ball
  • 354,903
  • 100
  • 647
  • 710
  • 1
    I don't see any way in KeyCzar to turn a string into a key. Do you have to write your own classes to do this? The documentation seems to assume you create local files, and there's no mention of key exchange. – Chris B. May 07 '12 at 23:50
  • 1
    The point is that KeyCzar manages the keys for you. Why do you see a need to turn a string into a key? Are you trying to use an existing key with KeyCzar? – Matt Ball May 08 '12 at 00:07
  • I surrendered trying to use KeyCzar in Android App. Even I want to convert String to Key. – Deepak Mar 21 '18 at 21:00
1
  • Python 2 string literals like 'abc' and "abc" are ASCII.
  • Python 2 string literals like u'abc' and u"abc" are unicode.
  • Python 3 string literals like 'abc' and "abc" are unicode.
  • Python 3 string literals like b'abc' and b"abc" are a bytes type.

Java uses unicode by default, similar to Python 3.

For interlanguage, interoperable crypto, you might check out https://code.google.com/p/keyczar/ . There are simple examples of its use on that page.

user1277476
  • 2,871
  • 12
  • 10
  • 2
    _"Java uses unicode by default"_ is rather misleading. Internally, Java stores strings as UTF-16, but the "default" encoding that Java assumes is entirely platform-dependent. – Matt Ball May 03 '12 at 23:48