0

I am getting java.lang.IllegalArgumentException: Null input buffer exception while i am calling decode input string function. here is my function

public String decodeInputString(String inputString) throws NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException {
        byte[] salt = "MyKey".getBytes();
        SecretKey secretKey = new SecretKeySpec(salt, 0, 16, "AES");
        byte[] encryptedTextByte = Base64.decode(inputString);
        cipher = Cipher.getInstance("AES");
        cipher.init(Cipher.DECRYPT_MODE, secretKey);
        byte[] decryptedByte = cipher.doFinal(encryptedTextByte);
        String decryptedText = new String(decryptedByte);
        return decryptedText;

}

while i am calling decodeInputString("s8aCvIy4pcgc Y Gu/MSAw==") i am getting java.lang.IllegalArgumentException: Null input buffer exception.

Shamseer PC
  • 787
  • 2
  • 9
  • 20
  • Your ciphertext doesn't have a valid Base64 encoding. There must consist of a multiple of 4 characters excluding white space where the last two characters might be padding characters `=`. How did you generate that ciphertext? Perhaps the spaces should be `+` characters. Are you sending it through HTTP (i.e. URL)? – Artjom B. Mar 28 '17 at 18:01
  • i used this code to generate the ciphertext – Shamseer PC Mar 28 '17 at 18:05
  • Yes, i am sending it through url – Shamseer PC Mar 28 '17 at 18:09
  • the url that i got will look like this s8aCvIy4pcgc%2BY%2BGu%2FMSAw%3D%3D%0A – Shamseer PC Mar 28 '17 at 18:10
  • @ArtjomB. I updated my question with the function that i used for creating cipher text – Shamseer PC Mar 28 '17 at 18:14
  • I see, but as I said. The interesting part is how you encode and decode the ciphertext to and from the URL. The `%2B` in your ciphertext are `+` characters (you can look it up in an ASCII table), but for some reason they are treated as spaces. – Artjom B. Mar 28 '17 at 18:16
  • Thanks @ArtjomB.I fixed that issue by passing the input via request body instead of sending it via url that solve my issue..you are great... :) – Shamseer PC Mar 28 '17 at 18:32
  • General advice: **Always use a fully qualified Cipher string.** `Cipher.getInstance("AES");` may result in different ciphers depending on the default security provider. It most likely results in `"AES/ECB/PKCS5Padding"`, but it doesn't have to be. If it changes, you'll lose compatibility between different JVMs. For reference: [Java default Crypto/AES behavior](http://stackoverflow.com/q/6258047/1816580) – Artjom B. Mar 28 '17 at 18:33
  • **Never use [ECB mode](http://crypto.stackexchange.com/q/14487/13022)**. It's deterministic and therefore not semantically secure. You should at the very least use a randomized mode like [CBC](http://crypto.stackexchange.com/q/22260/13022) or [CTR](http://crypto.stackexchange.com/a/2378/13022). It is better to authenticate your ciphertexts so that attacks like a [padding oracle attack](http://crypto.stackexchange.com/q/18185/13022) are not possible. This can be done with authenticated modes like GCM or EAX, or with an [encrypt-then-MAC](http://crypto.stackexchange.com/q/202/13022) scheme. – Artjom B. Mar 28 '17 at 18:33

0 Answers0