I'm encrypting data with 128bit AES (by this example) and writing it into file. If incorrect key is entered when decrypting it i get java.io.StreamCorruptedException which i use to inform user that their key is incorrect.
Is there better (less ambiguous) way to check that user inputed incorrect key?
If you are willing to add a MAC (such as HMAC) or a checksum of the encrypted data to the file, you can distinguish between corrupted data and an invalid key/passphrase. Such a "tag" should probably be added as the first bytes of the file so that they can be read and then used to verify the remaining data. This verification should be done before passing the data to decryption.
Note that a malicious user may change the ciphertext and checksum in such a way that this will still verify correctly, but produce a wrong plaintext. Even if you use HMAC, a malicious user may reverse engineer you application to get the key for the HMAC and change the ciphertexts at will. But this depends on your attack model.
