2

I am currently writing a program in Java that will accept strings from PHP and either encrypt or decrypt them depending on need. The mechanism of encryption is AES-256 and I am using the BouncyCastle API to do it. To ensure that there are fewer problems in transferring the data back and forth, I use Base64 to encode the strings. The problem I am experiencing is that randomly, I cannot decrypt a string-some string can be decrypted ok, others cannot. I found a great article here at stackoverflow I thought could help here.

But I could not really see how it could fit my circumstances (I am not an encryption expert). Here's my current code. Thanks for your help.

class AES {

private final BlockCipher AESCipher = new AESEngine();

private PaddedBufferedBlockCipher pbbc;
private KeyParameter key;

AES()
{
    init();
}

private void init()
{
    try
    {
        KeyGenerator kg = KeyGenerator.getInstance("AES");
        kg.init(256);
        SecretKey sk = kg.generateKey();
        key=new KeyParameter(sk.getEncoded());
        pbbc=new PaddedBufferedBlockCipher(AESCipher, new PKCS7Padding());
    }
    catch (Exception e)
    {
        //Take care of later
    }
}

private byte[] processing(byte[] input, boolean encrypt)
        throws DataLengthException, InvalidCipherTextException {

    pbbc.init(encrypt, key);

    byte[] output = new byte[pbbc.getOutputSize(input.length)];
    int bytesWrittenOut = pbbc.processBytes(
        input, 0, input.length, output, 0);

    pbbc.doFinal(output, bytesWrittenOut);

    return output;

}

private byte[] _encrypt(byte[] input)
        throws DataLengthException, InvalidCipherTextException {
    return processing(input, true);
}

private byte[] _decrypt(byte[] input)
        throws DataLengthException, InvalidCipherTextException {
    return processing(input, false);
}

public String Encrypt(String input)
{
    try
    {
        byte[] ba = input.getBytes("UTF-8");

        byte[] encr = _encrypt(ba);

        byte[] encryptedByteValue = new Base64().encode(encr);

        String encryptedValue = new String(encryptedByteValue);

        return encryptedValue;//+" and decrypted is "+Decrypt(encryptedValue);
    }
    catch (Exception e)
    {
        return "ENCRYPT_ERROR "+e.getMessage();
    }
}


public String Decrypt(String input)
{
    try
    {
        byte[] decodedValue = new Base64().decode(input.getBytes());

        byte[] retr = _decrypt(decodedValue);

        return new String(retr, "UTF-8").replaceAll("\\u0000", "");
    }
    catch (Exception e)
    {
        return "DECRYPT_ERROR "+e.getMessage();
    }
}
Community
  • 1
  • 1
user1749013
  • 83
  • 2
  • 5

1 Answers1

2

I figured out what the problem is, and it was two fold. This is what I wound up doing:

1) I was using cURL to communicate strings between Java and PHP and encoding encrypted text as Base64. Since the plus sign is valid in Base64 and not handled by cURL (at least by older versions), I would have mangled strings, thus leading to the error. I switched to hex encoding.

2) I had to remove carriage return (\r\n) characters from strings that went into the Java layer.

Hope this helps someone.

user1749013
  • 83
  • 2
  • 5