I have a stand alone Java program that gets triggered from Mainframe_JCL. The Java program has a code to encrypt and decrypt a string.
When I run the program in my Local. After encryption, when I decrypt, the value is correct ( I am getting the string that I have supplied for encryption).
But when this runs on Mainframe by JCL executing this.. I have getting weird decrypted value.. kind of Junk.
Not sure whats the problem. Any help would be appreciated.
We are using following JDK : IBM SDK for z/OS, Java Technology Edition, Version 7
Below are methods used for encryption and decryption :
public static String encrypt(String text) throws UnsupportedEncodingException {
byte iv[] = new byte[16];
byte[] encrypted = null;
BASE64Encoder enc = new BASE64Encoder();
try {
SecureRandom random = new SecureRandom();
random.nextBytes(iv);
IvParameterSpec ivspec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, getKeySpec(), ivspec);
encrypted = cipher.doFinal(text.getBytes());
} catch (Exception ex) {
ex.printStackTrace();
}
return URLEncoder.encode(enc.encode(iv)+enc.encode(encrypted), "UTF-8");
}
public static String decrypt(String text) {
byte iv[] = new byte[16];
String decrypted = "";
byte[] splitText = null;
byte[] textToDecrypt = null;
BASE64Decoder dec = new BASE64Decoder();
try {
text = URLDecoder.decode(text, "UTF-8");
text = text.replaceAll(" ", "+");
splitText = dec.decodeBuffer(text);
splitText.toString();
for(int i=0;i<16;i++){
iv[i]=splitText[i];
}
textToDecrypt = new byte[splitText.length - 16];
for(int i=16;i<splitText.length;i++){
textToDecrypt[i-16]=splitText[i];
}
IvParameterSpec ivspec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, getKeySpec(), ivspec);
decrypted = new String(cipher.doFinal(textToDecrypt));
} catch (UnsupportedEncodingException ex) {
ex.printStackTrace();
}catch (Exception e){
e.printStackTrace();
}
return decrypted;
}
static SecretKeySpec spec = null;
public static SecretKeySpec getKeySpec() throws IOException,
NoSuchAlgorithmException {
if (spec == null) {
String keyFile = "aes_key.key";
spec = null;
InputStream fis = null;
fis = Config.class.getClassLoader().getResourceAsStream(keyFile);
byte[] rawkey = new byte[16];
fis.read(rawkey);
fis.close();
spec = new SecretKeySpec(rawkey, "AES");
}
return spec;
}
You haven't supplied enough information to run your code (so I won't fix), but I see two things that may corrupt the result:
toBytes
and new String
; currently you may have two different platform character sets to content with. Finally, URL encoding base 64 may not be very efficient, you are better off just replacing the +
and /
characters by URL safe counterparts .
So I was in for a puzzle:
package nl.owlstead.stackoverflow;
import static java.nio.charset.StandardCharsets.UTF_8;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public final class VeryStaticStringEncryption {
private static final String KEY_FILE = "aes_key.key";
private static final SecretKey AES_KEY = retrieveSecretKey(KEY_FILE);
private VeryStaticStringEncryption() {
// avoid instantiation
}
public static String encrypt(final String text) {
try {
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
final int n = cipher.getBlockSize();
final SecureRandom random = new SecureRandom();
final byte[] iv = new byte[n];
random.nextBytes(iv);
final IvParameterSpec ivspec = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, AES_KEY, ivspec);
final byte[] plaintext = text.getBytes(UTF_8);
byte[] ciphertext = Arrays.copyOf(iv,
n + cipher.getOutputSize(plaintext.length));
final int ciphertextSize = cipher.doFinal(
plaintext, 0, plaintext.length,
ciphertext, n);
// output size may be bigger, but not likely
if (n + ciphertextSize < ciphertext.length) {
ciphertext = Arrays.copyOf(ciphertext, n + ciphertextSize);
}
return Base64.getUrlEncoder().encodeToString(ciphertext);
} catch (final GeneralSecurityException e) {
throw new IllegalStateException("Could not encrypt string", e);
}
}
public static String decrypt(final String text) {
try {
// throws IllegalArgumentException if decoding fails
final byte[] ciphertext = Base64.getUrlDecoder().decode(text);
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
final int n = cipher.getBlockSize();
// CBC specific
if (ciphertext.length < n + n || ciphertext.length % n != 0) {
throw new IllegalArgumentException("Ciphertext has incorrect size");
}
final IvParameterSpec ivspec = new IvParameterSpec(ciphertext, 0, n);
cipher.init(Cipher.DECRYPT_MODE, AES_KEY, ivspec);
final byte[] plaintext = cipher.doFinal(ciphertext, n, ciphertext.length - n);
return new String(plaintext, UTF_8);
} catch (final GeneralSecurityException e) {
throw new IllegalStateException("Could not encrypt string", e);
}
}
public static SecretKey retrieveSecretKey(final String keyResource) {
try (final InputStream fis = VeryStaticStringEncryption.class.getResourceAsStream(keyResource)) {
final byte[] rawkey = new byte[16];
for (int i = 0; i < 16; i++) {
final int b = fis.read();
if (b == -1) {
throw new IOException("Key is not 16 bytes");
}
rawkey[i] = (byte) b;
}
if (fis.read() != -1) {
throw new IOException("Key is not 16 bytes");
}
return new SecretKeySpec(rawkey, "AES");
} catch (final IOException e) {
// e may contain confidential information
throw new IllegalStateException("AES key resource not available");
}
}
public static void main(String[] args) {
String ct = encrypt("owlstead");
System.out.println(ct);
String pt = decrypt(ct);
System.out.println(pt);
}
}
Note that I used a package-local resource as I didn't want to clutter up my SO project.
IMPORTANT NOTE: CBC encryption is not secure for transport mode encryption if a man-in-the-middle attack is possible. Refactor to GCM mode if required.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.