2

I am encrypting the password string using below OpenSSL command -

echo "HELLO" |openssl enc -aes-256-cbc -e -a -pass pass:C:\aes-keystore.jck -iv 629E2E1500B6BA687A385D410D5B08E3 > C:\encrypt.dat

Encrypted output is - U2FsdGVkX1/DhOl5VPwVmcXZGyT0CpXIjO0uUAuBW9Q=

And then decrypt the encrypted string using below OpenSSL command-

openssl enc -aes-256-cbc -d -a -pass pass:C:\aes-keystore.jck -iv 629E2E1500B6BA687A385D410D5B08E3 -in C:\decrypt.dat

Decrypted output is -HELLO

I have to decrypt the text generated using OpenSSL command using Java code.

I am using below java code to decrypt the code -

public static String decryptKey(String dataForDecryption) {

        Cipher cipher;
        byte[] decryptedData = null;
        final byte[] initVector = javax.xml.bind.DatatypeConverter.parseHexBinary("629E2E1500B6BA687A385D410D5B08E3");
        try {
            if (dataForDecryption != null) {
                Key key = getKeyFromKeyStore(); //This method will return the key from keystore.
                cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                SecretKey secKey = new SecretKeySpec(key.getEncoded(), ENCRYPTION_TYPE);

                cipher.init(Cipher.DECRYPT_MODE, secKey, new IvParameterSpec(initVector, 0, cipher.getBlockSize()));
                decryptedData = cipher.doFinal(Base64.decodeBase64(dataForDecryption.getBytes()));
            }
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException
                | BadPaddingException e) {
            LOG.error("Error getting in decrypting the ASE Key:");
            throw new IllegalArgumentException("Decryption failed ::" + e);
        } catch (InvalidAlgorithmParameterException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        return new String(decryptedData);

}

I am getting below Error -

java.lang.IllegalArgumentException: Decryption failed ::javax.crypto.BadPaddingException: Given final block not properly padded

Please help to fix this issue. Thanks in advance.

jww
  • 97,681
  • 90
  • 411
  • 885
Amit Jadhav
  • 83
  • 1
  • 10
  • Your key is wrong. – President James K. Polk Sep 26 '17 at 14:58
  • take a look at this thread https://stackoverflow.com/questions/30697121/decrypting-aes-256-cbc-using-bouncycastle – Jurgen De Landsheer Sep 26 '17 at 15:40
  • 2
    The idea that you can just input a Java keystore format into openssl and then expect things to work is wrong. I'm not sure if this is ignorance or malice but fully explaining how to implement OpenSSL compatible encryption is too broad, in my opinion. And yes, my previous answer linked to by @JurgenDeLandsheer is certainly applicable here, but your problems do not end there. – Maarten Bodewes Sep 26 '17 at 17:10
  • Usually [`EVP_BytesToKey`](http://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3)) is one of the issues. See [Java equivalent of C++ encryption](http://stackoverflow.com/q/12920740/608639), [How to use OpenSSL generated keys in Java?](http://security.stackexchange.com/q/9600/29925), [Java openssl encryption / decryption key generation](http://stackoverflow.com/q/34502705/608639), [Password to key function compatible with OpenSSL commands?](http://stackoverflow.com/q/9488919), [How to decrypt file in Java encrypted with openssl command using AES?](http://stackoverflow.com/q/11783062), etc. – jww Sep 27 '17 at 10:55
  • @Maarten - Should this be closed as a duplicate? If I am parsing things correctly, it looks like [How to decrypt file in Java encrypted with openssl command using AES?](https://stackoverflow.com/q/11783062/608639) is the match. – jww Sep 27 '17 at 10:58
  • @jww Yeah, that sounds like a good idea... – Maarten Bodewes Sep 27 '17 at 14:24

0 Answers0