0

Android code 

String apiResponse = "EcUZvMif

Method:

protected void decryptDataWithAES(String apiResponse, String key) {
        try {
            es(StandardCharsets.UTF_8);


            byte[] decodedResult = Base64.decode(apiResponse, Base64.NO_WRAP);

           terSpec = new IvParameterSpec(first16ByteArray);

            SecretKeySpec skey = new SecretKeySpec(byteArray, "AES");

            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(DECRYPT_MODE, skey, ivParameterSpec);

            String decryptString = new String(cipher.doFinal(byteArray), StandardCharsets.UTF_8);
            showLog("JSON: " + decryptString);

        } catch (Exception e) {
            e.printStackTrace();

        }
    }

Exception: javax.crypto.BadPaddingException: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT

[wefopwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwefpwfpkpewfpkoewfkowf ewfwefwef]bhdfuiyh

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
Pooja Singh
  • 149
  • 2
  • 10

2 Answers2

1

You are trying to decrypt the "key", I think you need to decrypt the apiResponse

Also you need the exact same IV the message was encrypted with, otherwise you won't be able to decrypt

Lena Bru
  • 13,521
  • 11
  • 61
  • 126
0

Here is a static method to decrypt using AES with secretKey

private final static String AES_PADDING = "AES/ECB/PKCS5PADDING"; //this need to be same as DECRYPTION 
private String secretKey = "Your secret key"; //your secret key

//DecryptString
@SuppressLint("GetInstance")
public static String AESDecryptionString(String encryptedStringData) {
    Cipher decipher = null;
    byte[] encryptedString = encryptedStringData.getBytes(StandardCharsets.ISO_8859_1);
    String returnData = encryptedStringData;
    try {
        decipher = Cipher.getInstance(AES_PADDING);
    } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
        e.printStackTrace();
    }
    byte[] decryption;
    try {
        assert decipher != null;
        decipher.init(Cipher.DECRYPT_MODE, secretKey);
        decryption = decipher.doFinal(encryptedString);
        returnData = new String(decryption);
    } catch (InvalidKeyException | IllegalBlockSizeException | BadPaddingException e) {
        e.printStackTrace();
    }
    return returnData;
}

You can also use my library to encrypt/decrypt string using AES

Rahul Gaur
  • 1,661
  • 1
  • 13
  • 29
  • Hi, Thanks for help, but just trying to understand, There is some modification in my situation. I've to pass IV which is getting some different way, that I did in my question, and skey also – Pooja Singh Feb 24 '20 at 07:25
  • have you looked at this [answer](https://stackoverflow.com/a/33458564/7948109)? – Rahul Gaur Feb 24 '20 at 07:33
  • for me file operation is not required I think – Pooja Singh Feb 24 '20 at 07:36
  • Bad padding exception means, encryption padding and decryption padding is different; `Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");` this padding is not matching with padding of decryption – Rahul Gaur Feb 24 '20 at 08:12
  • **Warning** The above code shows such a bad understanding of and wide disregard of encryption practices that I should warn users not to use it **or the library associated with it**. – Maarten Bodewes Feb 24 '20 at 09:48
  • Please tell me my mistake, so I can fix it, I m still learning – Rahul Gaur Feb 24 '20 at 09:49
  • "I m still learning" **You start learning before you start advertising and distributing security related code.** Do free a course on Cryptography at Coursera. Now we're talking about it, does your code even compile? The `secretKey` handling looks suspicious. – Maarten Bodewes Feb 24 '20 at 09:51
  • Yes it does compile and `secretKey` in the example above is just for example. I use 16 char random alfa-numeric String, is `secretKey` stolen from user's device also my problem? if yes please tell me I will update my code – Rahul Gaur Feb 24 '20 at 09:58
  • @MaartenBodewes I found AES encryption/decryption on SOF and modified it so it will suit my needs, is this [answer](https://stackoverflow.com/a/40175319/7948109) wrong? Please also take a look at [this method](https://pastebin.com/9LJXKuAd), this is how I create `secretKey` of 16char as suggested for AES – Rahul Gaur Feb 24 '20 at 11:08
  • The first answer is absolutely not secure. It uses ECB and confused a key consisting of characters with one that consists of unpredictable *byte values*. The other one doesn't even use `SecureRandom`. Besides that, `getAlphaNumericString` is a horrid name, where is the indication of randomness *at all*? – Maarten Bodewes Feb 24 '20 at 11:52
  • @MaartenBodewes can we discuss on [chat](https://chat.stackoverflow.com/rooms/208402/discussion-on-aes) if you are not busy? and also comments are not for discussing – Rahul Gaur Feb 24 '20 at 12:06
  • Hi, can you please solve? https://stackoverflow.com/questions/60429082/how-can-i-observe-api-call-based-on-user-submit-button-and-at-same-time-getvalue – Pooja Singh Feb 27 '20 at 10:30