How do I set a password inputted by the User to encrypt a string inputted by the user in java?

Question

I am having issues with my code. The instructions are as followed: This project has the following requirements:

1. Ask the user for a string of characters.
2. Encrypts the string of characters using a password entered by the user. The process of encryption is carried out using the DES cipher implemented in Java.
3. Print in the console the encrypted byte array.
4. Decrypts the message back to the original byte array and prints it in the console.

I am having issues with Step 2 and Step 4. May you please advise me on what to do. I keep getting the error : Exception in thread "main" j

avax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
    at com.sun.crypto.provider.DESCipher.engineDoFinal(DESCipher.java:314)
    at javax.crypto.Cipher.doFinal(Cipher.java:2164)
    at Main.main(Main.java:50)

May you please advise me on what to do.

import javax.crypto.*;
import javax.crypto.spec.DESKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Scanner;


public class Main {

    public static void main(String[] args) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException {
        Scanner scan = new Scanner(System.in);

        System.out.println("Please Input A String Of Characters:");
        String myString = scan.nextLine();

        System.out.println("Please Input a Password:");

        String passw = scan.nextLine();

        SecretKeyFactory MyKeyFactory = SecretKeyFactory.getInstance("DES");
        byte[]           mybytes      = myString.getBytes("UTF8");
        DESKeySpec       myMaterial   = new DESKeySpec(mybytes);
        SecretKey        myDESkey     = MyKeyFactory.generateSecret(myMaterial);

        Cipher desCipher = Cipher.getInstance("DES");
        desCipher.init(Cipher.ENCRYPT_MODE, myDESkey);
        byte[] myEncryptedBytes = desCipher.doFinal(mybytes);
        System.out.println(Arrays.toString(myEncryptedBytes));

        desCipher.init(Cipher.DECRYPT_MODE, myDESkey);
        byte[] myDecryptedBytes = desCipher.doFinal(mybytes);
        System.out.println(Arrays.toString(myDecryptedBytes));
    }
}

Answer 1

One way is to use the password-based-encryption technique.

You can find a sample code snippet here .

Basically you take the password characters, hash it along with a salt and use the result as an encryption key. Hashing ensures that the required number of bits for use as encryption is available regardless of the length of the password.

In any case its always a good idea to enforce strong passwords through input validation.

Typically a strong password (as of 2018) is considered to have 8+ characters with both upper and lower case characers along with few special characters (Eg: -,_,%,$,#,@) and numbers.

PS: Above link is for AES encryption, but you should be able to adapt it for DES (using MD5 instead of SHA-256).

Another example that uses DES for Password-Based-Encryption can be found here .

Regards

Ravindra