Java - InvalidKeyException when using AES/CBC/NoPadding

Question

When I switched Cipher.getInstance("AES") to Cipher.getInstance("AES/CBC/NoPadding") I started getting this error:

    12:18:20 [SEVERE] java.security.InvalidKeyException: No installed provider supports this key: javax.crypto.spec.SecretKeySpec
    12:18:20 [SEVERE]     at javax.crypto.Cipher.chooseProvider(Cipher.java:878)
    12:18:20 [SEVERE]     at javax.crypto.Cipher.init(Cipher.java:1213)
    12:18:20 [SEVERE]     at javax.crypto.Cipher.init(Cipher.java:1153)
    12:18:20 [SEVERE]     at net.azidea.bungee.netty.packet.codec.Encryption.decrypt(Encryption.java:52)
    12:18:20 [SEVERE]     at net.azidea.bungee.netty.packet.codec.PacketDecrypter.decode(PacketDecrypter.java:20)
    12:18:20 [SEVERE]     at net.azidea.bungee.netty.packet.codec.PacketDecrypter.decode(PacketDecrypter.java:12)
    12:18:20 [SEVERE]     at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:89)
    12:18:20 [SEVERE]     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)
    12:18:20 [SEVERE]     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)
    12:18:20 [SEVERE]     at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:161)
    12:18:20 [SEVERE]     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)
    12:18:20 [SEVERE]     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)
    12:18:20 [SEVERE]     at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
    12:18:20 [SEVERE]     at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:333)
    12:18:20 [SEVERE]     at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:319)
    12:18:20 [SEVERE]     at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:787)
    12:18:20 [SEVERE]     at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:130)
    12:18:20 [SEVERE]     at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:511)
    12:18:20 [SEVERE]     at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:468)
    12:18:20 [SEVERE]     at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:382)
    12:18:20 [SEVERE]     at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:354)
    12:18:20 [SEVERE]     at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:116)
    12:18:20 [SEVERE]     at io.netty.util.concurrent.DefaultThreadFactory$DefaultRunnableDecorator.run(DefaultThreadFactory.java:137)
    12:18:20 [SEVERE]     at java.lang.Thread.run(Thread.java:745)

when decrypting. It worked fine with just AES (without the "CBC/NoPadding" part). I changed this because not all of my packets are a multiple of 16 bytes.

The output of key.getAlgorithm() is "AES".

Decryption

public static ByteBuf decrypt(ByteBuf encrypted)
{
    try
    {
        cipher.init(Cipher.DECRYPT_MODE, key);
        return Unpooled.copiedBuffer(cipher.doFinal(NettyUtils.toArray(encrypted)));
    }
    catch(Exception e)
    {
        e.printStackTrace();
        System.out.println("[Netty] Error decrypting packet.");
    }

    return null;
}

Cipher

private static Cipher cipher;
private static SecretKeySpec key;

static
{
    try
    {
        key = new SecretKeySpec(NettyServer.getSecretKey(), "AES");
        cipher = Cipher.getInstance("AES/CBC/NoPadding");
    }
    catch(Exception e)
    {
        e.printStackTrace();
    }
}

possible duplicate of [Java AES: No installed provider supports this key: javax.crypto.spec.SecretKeySpec](http://stackoverflow.com/questions/8362262/java-aes-no-installed-provider-supports-this-key-javax-crypto-spec-secretkeysp) — seenukarthi, Aug 18 '15 at 16:25
Or did you get the error just by trying to create the key? Also why did you switch to AES/CBC/NoPadding? — Turtle, Aug 18 '15 at 16:33
Please show the output of `key.getAlgorithm` just before `cipher.init(Cipher.DECRYPT_MODE, key);`. — Maarten Bodewes, Aug 19 '15 at 08:20
That would be **key**`.getAlgorithm()` please (sorry, for the delay, don't do crypto in my Kajak, busy eating brambles and stuff). — Maarten Bodewes, Aug 19 '15 at 20:38
What kind of runtime (Java version) are you on? What does your `java.security` file look like? What does `key.getClass().getName` print out? Sorry about the many questions, but this is basically debugging from a distance. — Maarten Bodewes, Aug 20 '15 at 11:07

score 0 · Accepted Answer · answered Aug 20 '15 at 14:37

0

Specifying an IvParameterSpec fixed the problem.

answered Aug 20 '15 at 14:37

XLordalX

584
1
7
25

Uh, so without the IV you get the above exception on the Oracle VM? That's not good. I'll try and validate. Specifying the exact runtime is still pretty important. – Maarten Bodewes Aug 21 '15 at 20:03

Java - InvalidKeyException when using AES/CBC/NoPadding

1 Answers1