Given final block not properly padded

Question

I am trying to implement password based encryption algorithm  but I get this exception      javax crypto BadPaddingException  Given final block not properly padded   What might be the problem   Here is my code   public class PasswordCrypter        private Key key       public PasswordCrypter String password             try              KeyGenerator generator              generator   KeyGenerator getInstance  DES                SecureRandom sec   new SecureRandom password getBytes                 generator init sec               key   generator generateKey              catch  Exception e                e printStackTrace                          public byte   encrypt byte   array  throws CrypterException           try              Cipher cipher   Cipher getInstance  DES ECB PKCS5Padding                cipher init Cipher ENCRYPT MODE  key                return cipher doFinal array             catch  Exception e                 e printStackTrace                      return null             public byte   decrypt byte   array  throws CrypterException          try              Cipher cipher   Cipher getInstance  DES ECB PKCS5Padding                cipher init Cipher DECRYPT MODE  key                return cipher doFinal array             catch Exception e                e printStackTrace                      return null             The JUnit Test   public class PasswordCrypterTest        private static final byte   MESSAGE    Alpacas are awesome   getBytes        private PasswordCrypter   passwordCrypters      private byte     encryptedMessages        Before     public void setUp             passwordCrypters   new PasswordCrypter                 new PasswordCrypter  passwd                new PasswordCrypter  passwd                new PasswordCrypter  otherPasswd                       encryptedMessages   new byte passwordCrypters length             for  int i   0  i  lt  passwordCrypters length  i                  encryptedMessages i    passwordCrypters i  encrypt MESSAGE                         Test     public void testEncrypt             for  byte   encryptedMessage   encryptedMessages                assertFalse Arrays equals MESSAGE  encryptedMessage                       assertFalse Arrays equals encryptedMessages 0   encryptedMessages 2             assertFalse Arrays equals encryptedMessages 1   encryptedMessages 2                 Test     public void testDecrypt             for  int i   0  i  lt  passwordCrypters length  i                  assertArrayEquals MESSAGE  passwordCrypters i  decrypt encryptedMessages i                        assertArrayEquals MESSAGE  passwordCrypters 0  decrypt encryptedMessages 1             assertArrayEquals MESSAGE  passwordCrypters 1  decrypt encryptedMessages 0              try               assertFalse Arrays equals MESSAGE  passwordCrypters 0  decrypt encryptedMessages 2                catch  CrypterException e                   Anything goes as long as the above statement is not true                     try               assertFalse Arrays equals MESSAGE  passwordCrypters 2  decrypt encryptedMessages 1                catch  CrypterException e                   Anything goes as long as the above statement is not true

User · Answer

This can also be a issue when you enter wrong password for your sign key

User · Answer

depending on the cryptography algorithm you are using  you may have to add some padding bytes at the end before encrypting a byte array so that the length of the byte array is multiple of the block size   Specifically in your case the padding schema you chose is PKCS5 which is described here  http   www rsa com products bsafe documentation cryptoj35html doc dev guide group CJ SYM  PAD html   I assume you have the issue when you try to encrypt   You can choose your padding schema when you instantiate the Cipher object  Supported values depend on the security provider you are using    By the way are you sure you want to use a symmetric encryption mechanism to encrypt passwords  Wouldn t be a one way hash better  If you really need to be able to decrypt passwords  DES is quite a weak solution  you may be interested in using something stronger like AES if you need to stay with a symmetric algorithm

User · Answer

I met this issue due to operation system  simple to different platform about JRE implementation    new SecureRandom key getBytes      will get the same value in Windows  while it s different in Linux  So in Linux need to be changed to  SecureRandom secureRandom   SecureRandom getInstance  SHA1PRNG    secureRandom setSeed key getBytes     kgen init 128  secureRandom      SHA1PRNG  is the algorithm used  you can refer here for more info about algorithms

User · Answer

If you try to decrypt PKCS5-padded data with the wrong key  and then unpad it  which is done by the Cipher class automatically   you most likely will get the BadPaddingException  with probably of slightly less than 255 256  around 99 61    because the padding has a special structure which is validated during unpad and very few keys would produce a valid padding   So  if you get this exception  catch it and treat it as  wrong key    This also can happen when you provide a wrong password  which then is used to get the key from a keystore  or which is converted into a key using a key generation function   Of course  bad padding can also happen if your data is corrupted in transport   That said  there are some security remarks about your scheme    For password-based encryption  you should use a SecretKeyFactory and PBEKeySpec instead of using a SecureRandom with KeyGenerator  The reason is that the SecureRandom could be a different algorithm on each Java implementation  giving you a different key  The SecretKeyFactory does the key derivation in a defined manner  and a manner which is deemed secure  if you select the right algorithm   Don t use ECB-mode  It encrypts each block independently  which means that identical plain text blocks also give always identical ciphertext blocks   Preferably use a secure mode of operation  like CBC  Cipher block chaining  or CTR  Counter   Alternatively  use a mode which also includes authentication  like GCM  Galois-Counter mode  or CCM  Counter with CBC-MAC   see next point  You normally don t want only confidentiality  but also authentication  which makes sure the message is not tampered with   This also prevents chosen-ciphertext attacks on your cipher  i e  helps for confidentiality   So  add a MAC  message authentication code  to your message  or use a cipher mode which includes authentication  see previous point   DES has an effective key size of only 56 bits  This key space is quite small  it can be brute-forced in some hours by a dedicated attacker  If you generate your key by a password  this will get even faster  Also  DES has a block size of only 64 bits  which adds some more weaknesses in chaining modes  Use a modern algorithm like AES instead  which has a block size of 128 bits  and a key size of 128 bits  for the standard variant

[java] Given final block not properly padded

Examples related to java

Examples related to exception

Examples related to encryption

Examples related to cryptography

Examples related to javax.crypto