错误：javax.crypto.BadPaddingException：解密时填充块损坏

Question

I have done Encryption with ,

public static String encrypt(String plainText) {
    try {
        byte[] keyData = secret_key.getBytes();
        SecretKeySpec secretKey = new SecretKeySpec(keyData, "AES/ECB/PKCS7Padding");
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);

        byte[] cipherText = cipher.doFinal(plainText.getBytes("UTF-8"));
        String encryptedString = Base64.encodeToString(cipherText, Base64.NO_WRAP);

        return encryptedString;
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

it's working well.

but part of Decryption gives Error like,

W/System.err: javax.crypto.BadPaddingException: pad block corrupted
W/System.err:     at com.android.org.bouncycastle.jce.provider.JCEBlockCipher.engineDoFinal(JCEBlockCipher.java:701)
W/System.err:     at javax.crypto.Cipher.doFinal(Cipher.java:1111)

decrypt Code like,

public static String decrypt(String encryptedText) {
    try {
        byte[] keyData = secret_key.getBytes();
        SecretKeySpec secretKey = new SecretKeySpec(keyData, "AES/ECB/PKCS7Padding");
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
        cipher.init(Cipher.DECRYPT_MODE, secretKey);

        byte[] cipherText = Base64.decode(encryptedText,Base64.NO_WRAP);
        String decryptedString = new String(cipher.doFinal(cipherText),"UTF-8");

        return decryptedString;
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

here what is the problem? How can i solve this Issue?

Answer 1

It is likely that your secret_key value contains bytes which are not well represented in the ambiguous encoding you're using. When you call String#getBytes() without specifying an encoding, you get the system default, which can vary.

You should use hexadecimal encoding whenever you represent your key as a String . This will be consistent across serialization/deserialization on every platform. There are many standard implementations of this encoding/decoding process available (ie org.bouncycastle.util.encoders.Hex.decode("0123456789ABCDEFFEDCBA9876543210"); or org.apache.commons.codec.binary.Hex.decodeHex("0123456789ABCDEFFEDCBA9876543210".toCharArray()); which both return the raw byte[] ).

Some side notes:

1. You are using ECB mode of operation , which is extremely susceptible to frequency analysis for cryptanalysis and is effectively deprecated aside from toy crypto demonstrations. I suggest you use CBC , CTR , or GCM .
2. You do not provide an initialization vector (IV), so the same message encrypted with the same key will always yield identical cipher text. Use a unique and non-predictable IV for every encryption operation by generating 16 bytes from SecureRandom and populating it into an IvParameterSpec . You can prepend the IV bytes to the cipher text and transport/store it in the clear.
3. Your cipher text is not authenticated, allowing for malicious users to both manipulate encrypted data and to attempt decryption via padding oracle/CCA attacks. Use an authenticated encryption with associated data (AEAD) mode like GCM , or use an HMAC/SHA-256 message authentication code (MAC) over the cipher text , and verify it using a constant-time equals method before attempting any decryption.
4. You do not need to provide the mode of operation or padding scheme when instantiating a key. SecretKey key = new SecretKeySpec(keyData, "AES"); is sufficient.