AES 128 encryption in Android and .Net with custom key and IV

Question

I have a password string in my android application. I need to the send the password through the .net web service (i.e. end with .aspx) using the SOAP web service. Before sending the password i need to encrypt the password with AES 128 encryption with the custom key and IV.

They have a encrypt/decrypt tool in .net with the custom key and Iv. The tool ask a custom key with 16 digit and IV 8 digit. If give the string it generate the encrypting string. example

Example:

Key : 1234567812345678
IV : 12345678
String : android
Encrypted string : oZu5E7GgZ83Z3yoK4y8Utg==

I didn't have any idea how to do this in android. Need help.

http://www.coderanch.com/t/432039/Security/create-SecretKey-AES-Encryption-based — Jeff Bootsholz, Nov 27 '12 at 07:32

score 10 · Accepted Answer · answered Nov 27 '12 at 09:53

A complete example may help you:

The encrypt/decrypt functions, using IV

public static byte[] encrypt(byte[] data, byte[] key, byte[] ivs) {
    try {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
        byte[] finalIvs = new byte[16];
        int len = ivs.length > 16 ? 16 : ivs.length;
        System.arraycopy(ivs, 0, finalIvs, 0, len);
        IvParameterSpec ivps = new IvParameterSpec(finalIvs);
        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivps);
        return cipher.doFinal(data);
    } catch (Exception e) {
        e.printStackTrace();
    }

    return null;
}

public static byte[] decrypt(byte[] data, byte[] key, byte[] ivs) {
    try {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
        byte[] finalIvs = new byte[16];
        int len = ivs.length > 16 ? 16 : ivs.length;
        System.arraycopy(ivs, 0, finalIvs, 0, len);
        IvParameterSpec ivps = new IvParameterSpec(finalIvs);
        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivps);
        return cipher.doFinal(data);
    } catch (Exception e) {
        e.printStackTrace();
    }

    return null;
}

You can use it as below :

    String dataToEncryptDecrypt = "android";
    String encryptionDecryptionKey = "1234567812345678";
    String ivs = "12345678";

    byte[] encryptedData = encrypt(dataToEncryptDecrypt.getBytes(), encryptionDecryptionKey.getBytes(),
            ivs.getBytes());
    // here you will get the encrypted bytes. Now you can use Base64 encoding on these bytes, before sending to your web-service

    byte[] decryptedData = decrypt(encryptedData, encryptionDecryptionKey.getBytes(), ivs.getBytes());
    System.out.println(new String(decryptedData));

Great! and I got the answer in bytes. Now i need to convert it to Base64. So need to use the Base64Encoder. But if i use it its importing the package "sun.misc.BASE64Encoder". But we should not use sun package because http://www.oracle.com/technetwork/java/faq-sun-packages-142232.html How can i solve this? — Rajesh Rajaram, Nov 27 '12 at 10:09
since you are using Android, you can use `Base64` class itself, if the API level is 8 or more. http://developer.android.com/reference/android/util/Base64.html — sunil, Nov 27 '12 at 10:27
Yes i got its working. Thnks a lot. Need one more help, my output is different from there output. So in this case were will be the error. The length of the output are same. I'm very near to answer. — Rajesh Rajaram, Nov 27 '12 at 10:51
can anyone tell what is the equivalent code in PHP language for this? — Talk2Nit, May 03 '19 at 08:56

score 3 · Answer 2 · answered Nov 27 '12 at 08:58

I don't know the details of AES algorithm in use(ie mode & padding method), bit it should be roughly like this:

public static byte[] encrypt(byte[] data, byte[] key) {
try {
    Cipher cipher = Cipher.getInstance("AES/CBC/ZeroBytePadding");
    SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
    byte[] empty = new byte[16]; // For better security you should use a random 16 byte key!!!
    IvParameterSpec ivps = new IvParameterSpec(empty);
    cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivps);
    return cipher.doFinal(data);
} catch (Exception e) {
    // ...
}

return null;
}

Function above could be used like this:

String data = "android";
String key = "1234567812345678";
byte encrypted  = encrypt(data.getbytes("UTF-8"), key.getbytes("UTF-8"));

AES 128 encryption in Android and .Net with custom key and IV

2 Answers2

Linked