Decrypting the .net encrypted text in Java

Question

I am trying to decrypt string which is encrypted in C#(.Net) using the same key but I am getting Excpetion as below.

C# code

 //Decrypting a string
String key = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
                //Encrypting a string
        public static string passwordEncrypt(string inText, string key)
        {
            byte[] bytesBuff = Encoding.Unicode.GetBytes(inText);
            using (Aes aes = Aes.Create())
            {
                Rfc2898DeriveBytes crypto = new Rfc2898DeriveBytes(key, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
                aes.Key = crypto.GetBytes(32);
                aes.IV = crypto.GetBytes(16);
                using (MemoryStream mStream = new MemoryStream())
                {
                    using (CryptoStream cStream = new CryptoStream(mStream, aes.CreateEncryptor(), CryptoStreamMode.Write))
                    {
                        cStream.Write(bytesBuff, 0, bytesBuff.Length);
                        cStream.Close();
                    }
                    inText = Convert.ToBase64String(mStream.ToArray());
                }
            }
            return inText;
        }

Java Code

final static String key = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";

final static byte[] ivBytes = new byte[] { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00 };
public static String decryptData(String base64Text) {
        String plainText = "";
        try {
            byte[] keyBytes = key.getBytes("UTF-8");
            try {
                // byte[] cipherData = decrypt(ivBytes, keyBytes,
                // Base64.decode(base64Text.getBytes("UTF-8"), Base64.DEFAULT));
                byte[] cipherData = decrypt(ivBytes, keyBytes,
                        Base64.getDecoder().decode(base64Text.getBytes("UTF-8")));
                plainText = new String(cipherData, "UTF-8");
            } catch (NoSuchAlgorithmException e) {
                e.printStackTrace();
            } catch (NoSuchPaddingException e) {
                e.printStackTrace();
            } catch (InvalidKeyException e) {
                e.printStackTrace();
            } catch (InvalidAlgorithmParameterException e) {
                e.printStackTrace();
            } catch (IllegalBlockSizeException e) {
                e.printStackTrace();
            } catch (BadPaddingException e) {
                e.printStackTrace();
            }
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        }
        return plainText;
    }

Exception I am getting:

java.security.InvalidKeyException: Invalid AES key length: 36 bytes
    at com.sun.crypto.provider.AESCrypt.init(AESCrypt.java:87)
    at com.sun.crypto.provider.CipherBlockChaining.init(CipherBlockChaining.java:95)
    at com.sun.crypto.provider.CipherCore.init(CipherCore.java:591)
    at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:346)
    at javax.crypto.Cipher.implInit(Cipher.java:809)
    at javax.crypto.Cipher.chooseProvider(Cipher.java:867)
    at javax.crypto.Cipher.init(Cipher.java:1399)
    at javax.crypto.Cipher.init(Cipher.java:1330)
    at com.trinity.report.loginAuth.AES256Cipher.encrypt(AES256Cipher.java:27)
    at com.trinity.report.loginAuth.AES256Cipher.encryptData(AES256Cipher.java:52)
    at com.trinity.report.loginAuth.AES256Cipher.main(AES256Cipher.java:107)

The same key is used for Encrpyting.

Sample Key: 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ

Encrypted String: zSdnqGp9B1BjMsvzvAeYvEidAgUrI%2ByrOGf%2BGVn9tzo%3D

Plain Text: testthree

Please Help. Thanks in Advance.

Well, [AES supports 128, 192 and 256 bit keys](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) which is 16, 24 or 32 bytes. Your key has a length of 36 bytes so it is invalid. Citation ffrom the [specification](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf) introduction: "This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 128 bits, _using cipher keys with lengths of 128, 192, and 256 bits._" (emphasis by me) — Thomas, Apr 01 '21 at 09:19
In the .NET code you take your key and transform it via `Rfc2898DeriveBytes` to get the key 32 bytes) and IV. But in the Java code you are using your key and iV directly (and the former has the wrong length). Start without the `Rfc2898DeriveBytes` just setting a fixed key in both cases of the right length. — Richard, Apr 01 '21 at 09:22
Re C# code (which is dissimilar to the Java decryption code): setting an IV value derived from the password doesn't seme like a good idea since it will be the same every time for the same password. See the comment on AES-CBC with resued IV [here](https://security.stackexchange.com/a/1097/146130). — ProgrammingLlama, Apr 01 '21 at 09:25
[`Rfc2898DeriveBytes`](https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rfc2898derivebytes?view=net-5.0) implements PBKDF2, using HMACSHA1 by default. In Java this corresponds to `PBKDF2WithHmacSHA1`, see [here](https://stackoverflow.com/q/19348501/9014097). With this, key and IV must be derived from the password (`key`) and the salt (0x49, 0x76...). Note that a static salt (as in the C# code) is insecure. — Topaco, Apr 01 '21 at 09:34

Decrypting the .net encrypted text in Java

0 Answers0