Question about AES / CBC / PKCS5Padding Decryption in the Java Programming Language

303 views Asked by At

I am developing a code in Java, in which when a user enters the key, the Initialization Vector and the ciphertext, the program returns the deciphered text, according to the AES / CBC / PKCS5Padding Mode. This code is NOT working, and I would like someone to help me correct it, or to present a better code, please. This Key, this Initialization Vector and this ciphertext were got from this website: https://www.di-mgt.com.au/properpassword.html That is, the plain text must return a simple "Hello World" message. If you know of any Java code that does this, can you please post?

My code, which is experiencing a NullPointerException error:

package encryptdecryptvideo;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
//import javax.crypto.*;

public class EncryptDecryptVideo {

    byte[] input;
    String inputString;
    byte[] keyBytes = "9008873522F55634679EF64CC25E73354".getBytes();
    byte[] ivBytes = "B8A112A270D9634EFF3818F6CCBDF5EC".getBytes();
    
    SecretKeySpec key = new SecretKeySpec(keyBytes, "DES");
    IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
    Cipher cipher;
    byte[] cipherText = "625F094A1FB1677521B6014321A807EC".getBytes();
    int ctLength;
   
    public static void main(String args[]) throws InvalidKeyException, InvalidAlgorithmParameterException, ShortBufferException, IllegalBlockSizeException, BadPaddingException {
    EncryptDecryptVideo decryptionobject = new EncryptDecryptVideo();
    decryptionobject.decrypt();
    }
    public void decrypt() throws InvalidKeyException, InvalidAlgorithmParameterException, ShortBufferException, IllegalBlockSizeException, BadPaddingException {
       
            cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
            
            byte[] plainText = new byte[cipher.getOutputSize(ctLength)];
      
            int ptLength = cipher.update(cipherText, 0, ctLength, plainText);
            
            ptLength+= cipher.doFinal(plainText, ptLength);
            
            System.out.println("Plain: "+new String(plainText));
    }
}```
1

There are 1 answers

5
Michael Fehr On

Some points that are obvious without deep in further:

First: there is no Cipher instantiation like ("AES/CBC/PKCS5Padding").

Second: Your "SecretKeySpec" will transform the input to a DES-key (and not "AES" as you are asking for in the title).

Third: the "cipher.doFinal" call usually returns a byte array and not any integer value.

Fourth: All of your input data seem to be a hexstring that should be converted to a byte array by something like "hexStringToByteArray" and not by ".getBytes" directly.

Fifth: the webpage you linked to does not use the "password" as direct input to the cipher but performs a password derivation (like PBKDF2) that needs to get replicated in Java code as well.

Sixth: please do not use "DES" anymore as it is broken and UNSECURE.

My recommendation is to use another source for your encryption/decryption than https://www.di-mgt.com.au/properpassword.html.