Facing issue with AES encryption as the key generated using UUID is not able to encrypt the payload

Question

My dev team is using Asymmetric encryption (AES128 for payload encryption and RSA for key encryption) for the requests in Angular .

For secret key generation they are using UUID version 4. format -f8066eb3-ed31-4d9e-886a-3fc4b3714b47

Looking for an equivalent java code on asymmetric encryption for automating these APIs using REST.

Facing issue with AES encryption as the key generated using UUID uuid = UUID.randomUUID() is not able to encrypt the payload, It’s giving the error - Illegal base64 character 2d.

Tried with the below code

'''public static void main(String[] args) throws Exception {

    String plainText = "{\"id\":\"a0m1U000001uHYqQAM\"}";

    // Generate public and private keys using RSA
    Map<String, Object> keys = getRSAKeys();
    PrivateKey privateKey = (PrivateKey) keys.get("private");
    PublicKey publicKey = (PublicKey) keys.get("public");

    // First create an AES Key
    UUID uuid = UUID.randomUUID();  
    String secretAESKeyString = uuid.toString();

    // Encrypt our data with AES key
    String encryptedText = encryptTextUsingAES(plainText, secretAESKeyString);

    // Encrypt AES Key with RSA Public Key

    String encryptedAESKeyString = encryptAESKey(secretAESKeyString, publicKey);

    // First decrypt the AES Key with RSA private key
    String decryptedAESKeyString = decryptAESKey(encryptedAESKeyString, privateKey);

    // Now decrypt data using the decrypted AES key!
    String decryptedText = decryptTextUsingAES(encryptedText, decryptedAESKeyString);

    System.out.println("Input: \n" + plainText);
    System.out.println("AES Key: \n" + secretAESKeyString);
    System.out.println("decrypted: \n" + decryptedText);

}

// Encrypt text using AES key
public static String encryptTextUsingAES(String plainText, String aesKeyString) throws Exception {
    byte[] decodedKey = Base64.getDecoder().decode(aesKeyString);
    SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");

    // AES defaults to AES/ECB/PKCS5Padding in Java 7
    Cipher aesCipher = Cipher.getInstance("AES");
    aesCipher.init(Cipher.ENCRYPT_MODE, originalKey);
    byte[] byteCipherText = aesCipher.doFinal(plainText.getBytes());
    return Base64.getEncoder().encodeToString(byteCipherText);
}

// Decrypt text using AES key
public static String decryptTextUsingAES(String encryptedText, String aesKeyString) throws Exception {

    byte[] decodedKey = Base64.getDecoder().decode(aesKeyString);
    SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");

    // AES defaults to AES/ECB/PKCS5Padding in Java 7
    Cipher aesCipher = Cipher.getInstance("AES");
    aesCipher.init(Cipher.DECRYPT_MODE, originalKey);
    byte[] bytePlainText = aesCipher.doFinal(Base64.getDecoder().decode(encryptedText));
    return new String(bytePlainText);
}

// Get RSA keys. Uses key size of 2048.
private static Map<String, Object> getRSAKeys() throws Exception {
    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
    keyPairGenerator.initialize(2048);
    KeyPair keyPair = keyPairGenerator.generateKeyPair();
    PrivateKey privateKey = keyPair.getPrivate();
    PublicKey publicKey = keyPair.getPublic();

    Map<String, Object> keys = new HashMap<String, Object>();
    keys.put("private", privateKey);
    keys.put("public", publicKey);
    return keys;
}

// Decrypt AES Key using RSA private key
private static String decryptAESKey(String encryptedAESKey, PrivateKey privateKey) throws Exception {
    Cipher cipher = Cipher.getInstance("RSA");
    cipher.init(Cipher.DECRYPT_MODE, privateKey);
    return new String(cipher.doFinal(Base64.getDecoder().decode(encryptedAESKey)));
}

// Encrypt AES Key using RSA public key
private static String encryptAESKey(String plainAESKey, PublicKey publicKey) throws Exception {
    Cipher cipher = Cipher.getInstance("RSA");
    cipher.init(Cipher.ENCRYPT_MODE, publicKey);
    return Base64.getEncoder().encodeToString(cipher.doFinal(plainAESKey.getBytes()));
}

Seeing the below error:

Exception in thread "main" java.lang.IllegalArgumentException: Illegal base64 character 2d

Answer 1

The string aesKeyString is not a base64 encoded string so the call to decode is failing.

public static String encryptTextUsingAES(String plainText, String aesKeyString) throws Exception {
    byte[] decodedKey = Base64.getDecoder().decode(aesKeyString);

I don't think there's a good reason to use a UUID for an AES key. There are several answers such as this one that show how to generate a random AES key.