Android AES decryption and data from iOS:javax.crypto.BadPaddingException: pad block corrupted -


i tried decrypt backup on android sent ios, , exception javax.crypto.badpaddingexception: pad block corrupted showed @ method dofinal.

public  string decrypt(byte[] ciphertext, secretkey key, byte [] initialvector) throws exception {     cipher cipher = cipher.getinstance("aes/cbc/pkcs7padding");     ivparameterspec ivparameterspec = new ivparameterspec(initialvector);     cipher.init(cipher.decrypt_mode, key, ivparameterspec);     ciphertext = cipher.dofinal(ciphertext);      return new string(ciphertext, "utf-8"); }

the key , initialvector sent ios in base64 string. related code:

public static byte[] decodewebsafe(string s) throws base64decoderexception {     byte[] bytes = s.getbytes();     return decodewebsafe(bytes, 0, bytes.length); }  byte[] iv = base64.decodewebsafe(enciv); byte[] salt = base64.decodewebsafe(encsalt); byte[] data = base64.decodewebsafe(encdata); secretkey key = security.getexistingkey(password, salt); string original = aes.decrypt(data, key, iv);

and security.getexistingkey:

public static secretkey getexistingkey(string password, byte[] salt) throws exception{     secretkey key= null;     keyspec keyspec = new pbekeyspec(password.tochararray(), salt, 10000, 256);     secretkeyfactory keyfactory = secretkeyfactory.getinstance("pbkdf2withhmacsha1");      byte[] keybytes=new byte[32];      keybytes = keyfactory.generatesecret(keyspec).getencoded();     key= new secretkeyspec(keybytes, "aes");      return key; }

thx solutions.

p.s.this how set encryption in ios:

cccryptorstatus cryptstatus = cccrypt(kccencrypt, kccalgorithmaes128, kccoptionpkcs7padding, self.encryptionkey.bytes, kcckeysizeaes128, self.encryptioniv.bytes, [rawdata bytes], datalength,  /* input */buffer, buffersize, /* output */&numbytesencrypted);

the key , iv derivation method:

(nsdata *)keyforpassword:(nsstring *)password salt:(nsdata *)salt { nsmutabledata * derivedkey = [nsmutabledata datawithlength:kcckeysizeaes128];  int result = cckeyderivationpbkdf(kccpbkdf2,            // algorithm                               password.utf8string,                                password.length,                                 salt.bytes,           // salt                               salt.length,          // saltlen                               kccprfhmacalgsha1,    // prf                               kpbkdfrounds,         // rounds                               derivedkey.mutablebytes, // derivedkey                               derivedkey.length); // derivedkeylen }

i can see several differences in way generate key:

  • in ios, key of 16 bytes / 128 bit generated; in android it's 256 bits.
  • in ios, password utf-8 encoded while android either takes lower 8 bits or full 16 bits of each characters (i don't know details of specific algorithm).
  • in ios, pass invalid length password (the number of characters instead number of bytes in utf-8 encoding).

you better invest time in better matching key generation , comparing keys before decryption.


Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

jquery - Fancybox - apply a function to several elements -

this source code below posted cristiano g. carvalho in answer question: calling fancybox gallery other link made user. <div class="details_gallery"> <a href="#" class="manualfancybox">manual call fancybox</a> <div class="details_gallery_min"> <a rel="details" href="max/1.jpg" class="fancybox"><img src="min/1.jpg" alt="" /></a> <a rel="details" href="max/2.jpg" class="fancybox"><img src="min/2.jpg" alt="" /></a> <a rel="details" href="max/3.jpg" class="fancybox"><img src="min/3.jpg" alt="" /></a> <a rel="details" href="max/4.jpg" class="fancybox"><img src="min/4.jpg" alt="" /></a> </div> </div> <script> $(document).read
Read more

An easy way to program an Android keyboard layout app -

i program android app replaces standard keyboard 1 one-hand optimized coffee++ keyboard layout. what special problems have face in progress? guess such project go deep android core, cause keyboard such essential thing. is wise start android developer tools (adt)—eclipse plugin described in this tutorial ? or there better way achieve goal? i new android programming, firm in php, mysql , javascript , use eclipse php i guess such project go deep android core, cause keyboard such essential thing. no. can create inputmethodservice implementation of keyboard. there sample soft keyboard in android sdk installation (if chose download sample code sdk manager), , there open source input methods floating around well, such hacker's keyboard. inputmethodservice distributed part of ordinary android application, , user can elect activate input method if user chooses. is wise start android developer tools (adt)—eclipse plugin described in tutorial? that fine s
Read more