-1

I am developing a code in Java, in which when a user enters the key, the Initialization Vector and the ciphertext, the program returns the deciphered text, according to the AES / CBC / PKCS5Padding Mode. This code is NOT working, and I would like someone to help me correct it, or to present a better code, please. This Key, this Initialization Vector and this ciphertext were got from this website: https://www.di-mgt.com.au/properpassword.html That is, the plain text must return a simple "Hello World" message. If you know of any Java code that does this, can you please post?

My code, which is experiencing a NullPointerException error:

package encryptdecryptvideo;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
//import javax.crypto.*;

public class EncryptDecryptVideo {

    byte[] input;
    String inputString;
    byte[] keyBytes = "9008873522F55634679EF64CC25E73354".getBytes();
    byte[] ivBytes = "B8A112A270D9634EFF3818F6CCBDF5EC".getBytes();
    
    SecretKeySpec key = new SecretKeySpec(keyBytes, "DES");
    IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
    Cipher cipher;
    byte[] cipherText = "625F094A1FB1677521B6014321A807EC".getBytes();
    int ctLength;
   
    public static void main(String args[]) throws InvalidKeyException, InvalidAlgorithmParameterException, ShortBufferException, IllegalBlockSizeException, BadPaddingException {
    EncryptDecryptVideo decryptionobject = new EncryptDecryptVideo();
    decryptionobject.decrypt();
    }
    public void decrypt() throws InvalidKeyException, InvalidAlgorithmParameterException, ShortBufferException, IllegalBlockSizeException, BadPaddingException {
       
            cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
            
            byte[] plainText = new byte[cipher.getOutputSize(ctLength)];
      
            int ptLength = cipher.update(cipherText, 0, ctLength, plainText);
            
            ptLength+= cipher.doFinal(plainText, ptLength);
            
            System.out.println("Plain: "+new String(plainText));
    }
}```
John
  • 49
  • 7

1 Answers1

2

Some points that are obvious without deep in further:

First: there is no Cipher instantiation like ("AES/CBC/PKCS5Padding").

Second: Your "SecretKeySpec" will transform the input to a DES-key (and not "AES" as you are asking for in the title).

Third: the "cipher.doFinal" call usually returns a byte array and not any integer value.

Fourth: All of your input data seem to be a hexstring that should be converted to a byte array by something like "hexStringToByteArray" and not by ".getBytes" directly.

Fifth: the webpage you linked to does not use the "password" as direct input to the cipher but performs a password derivation (like PBKDF2) that needs to get replicated in Java code as well.

Sixth: please do not use "DES" anymore as it is broken and UNSECURE.

My recommendation is to use another source for your encryption/decryption than https://www.di-mgt.com.au/properpassword.html.

Michael Fehr
  • 5,827
  • 2
  • 19
  • 40
  • Thank you very much for your answer, Michael Fehr. I have some questions, please: 1. There is instantiation like "AES/CBC/PKCS5Padding" as shown on this page: https://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html 2. OK. Fixed. 3. In other code I did, this line normally worked. 4. I tryed to change from ".getBytes" to "hexStringToByteArray", but it caused an error. 5. OK. 6. OK, thank you very much. I am just learning. – John Sep 26 '20 at 17:35
  • 3. Please, why IDE did not inform an error on this code line? – John Sep 26 '20 at 17:42
  • 2
    Seventh: ctlength needs to be set to the length of ciphertext. Eighth: only ptlength bytes of the plaintext buffer are valid, but you print more than that. (Cipher.getOutputSize() is an upper bound, not required to be exact, and for decrypt with padding it CANNOT be exact.) That webpage, for all its other flaws, does says to handle ciphertext as hex or b64 not directly as a 'string', and although it doesn't say the same for IV, which it should, it does model doing so. Michael: even without seeing the getInstance, JCE never takes a DES key of 32bytes=256bits OR 32hex=128bits, or an IV ditto. – dave_thompson_085 Sep 26 '20 at 19:16
  • @dave_thompson_085: as I wrote I was too lazy to dig deeper and didn't check any lengths and you are right about DES-keylengths and IV :-) – Michael Fehr Sep 26 '20 at 20:14
  • 1
    @John: for "hexStringToByteArray" kindly see this answer on SO: https://stackoverflow.com/a/140861/8166854 – Michael Fehr Sep 26 '20 at 20:16