Specify Cipher.getInstance() arguments?

Question

I'm using the following in an android app and a standalone java app:

private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception {
    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
    byte[] encrypted = cipher.doFinal(clear);
    ...

I get different encrypted strings on android vs my standalone java app (both using the same code and key). I get the same exception (javax.crypto.BadPaddingException: Blocktype mismatch: 0) as in this question:

RSA Encryption: Difference between Java and Android

And the suggested solution is to specify the padding strategy like:

Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");

but I'm using "AES", not "RSA", and am not sure how to specify the padding in combination with AES. How would I construct the string passed to Cipher.getInstance() in that case? I gave this a try:

Cipher cipher = Cipher.getInstance("AES/PKCS1Padding");

but get an exception about that being invalid.

Thanks

try this Cipher cipher= Cipher.getInstance("AES/CBC/ISO10126Padding", "JsafeJCE"); — ρяσѕρєя K, Jul 01 '12 at 06:03
Blast didn't work: java.security.NoSuchProviderException: No such provider: JsafeJCE — user291701, Jul 01 '12 at 12:15
It sounds like you are trying to write crypto code by throwing random bits of code at the wall and hoping something sticks. By using the low-level APIs you are presumed to understand things like the difference between symmetric and asymmetric cryptography, differences between block cipher modes, and padding schemes, IVs, and so on. You don't seem to understand any of those. Maybe that is where you should start. — President James K. Polk, Jul 01 '12 at 19:28

score 6 · Answer 1 · answered Nov 08 '13 at 16:56

6

Another 'short answer', but I believe AES-GCM is more secure that CBC mode and been around for a couple of years however if you want to use in Android you'll need to include spongycastle

Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");

answered Nov 08 '13 at 16:56

scottyab

23,621
16
94
105

java.security.NoSuchAlgorithmException: AES/GCM/NoPadding SecretKeyFactory not available I am getting this error – alphaguy Apr 30 '20 at 05:54

score 3 · Answer 2 · answered Feb 04 '13 at 21:57

3

Short answer:

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

Long Answer

answered Feb 04 '13 at 21:57

preds

656
6
7

In my case, I was calling a cipher.update when it should have been cipher.doFinal. – user1811107 May 18 '14 at 16:56

score 2 · Answer 3 · answered Feb 24 '17 at 09:34

This is how I did it:

keyGenerator.init(new
                KeyGenParameterSpec.Builder(KEY_NAME,
                KeyProperties.PURPOSE_ENCRYPT |
                        KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                .setUserAuthenticationRequired(true)
                .setEncryptionPaddings(
                        KeyProperties.ENCRYPTION_PADDING_PKCS7)
                .build());

cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_CBC + "/" + KeyProperties.ENCRYPTION_PADDING_PKCS7);

Specify Cipher.getInstance() arguments?

3 Answers3