Announcement Announcement Module
Collapse
No announcement yet.
Decrypting a String Encrypted on an Android device Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Decrypting a String Encrypted on an Android device

    Hi,

    On an Android 4.4 device, a string has been encrypted using the org.springframework.security.crypto.encrypt.Androi dEncryptors class from the apring-android-auth 1.0.1.RELEASE module. So for example...

    Code:
    // naturally, salt and password are normally different
    String salt = "75f4c92894b2f3e7";
    String password = "password";
    org.springframework.security.crypto.encrypt.TextEncryptor encryptor = org.springframework.security.crypto.encrypt.AndroidEncryptors.text(password, salt);
    String encryptedString = encryptor.encrypt("hello");
    During one run, the encryptedString resolved to "1ee3c42c9b986d30cd88da37f29bc3b9e93e3defdb76a2b23 72a47276152e2bd".

    This string was then posted to a spring web application, hosted on tomcat 7 server, running on JDK 1.6.0_32 (note please that the JCE Unlimited Strength Jurisdiction Policy Files have been installed). I then attempt to decrypt that string using the org.springframework.security.crypto.encrypt.Encryp tors class from the spring-security-crypto 3.2.0.RELEASE module...

    Code:
    // naturally, the salt and password values used here are the same as the ones used on the android device
    String salt = "75f4c92894b2f3e7";
    String password = "password";
    org.springframework.security.crypto.encrypt.TextEncryptor encryptor = org.springframework.security.crypto.encrypt.Encryptors.text(password, salt);
    String decryptedString = encryptor.decrypt("1ee3c42c9b986d30cd88da37f29bc3b9e93e3defdb76a2b2372a47276152e2bd");
    Unfortunately, when the decrypt method is called the following exception is raised...

    Code:
    java.lang.IllegalStateException: Unable to invoke Cipher due to bad padding
        at org.springframework.security.crypto.encrypt.CipherUtils.doFinal(CipherUtils.java:125)
        at org.springframework.security.crypto.encrypt.AesBytesEncryptor.decrypt(AesBytesEncryptor.java:75)
        at org.springframework.security.crypto.encrypt.HexEncodingTextEncryptor.decrypt(HexEncodingTextEncryptor.java:40)
        at local.encryption.Decryption.main(Decryption.java:18)
    Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
        at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
        at javax.crypto.Cipher.doFinal(DashoA13*..)
        at org.springframework.security.crypto.encrypt.CipherUtils.doFinal(CipherUtils.java:121)
        ... 3 more
    If I encrypt and decrypt the string on the server, everything works correctly. This seems to suggest that AndroidEncryptor and Encryptor classes are not using the same algorithm, even though the API's say that they both use a 256 bit AES algorithm and that they both derives the secret key using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2).

    When I drilled down into the AndroidEncryptor class, I found that it uses the "PBEWITHSHA256AND256BITAES-CBC-BC" algorithm. The Encryptor class however, uses the "PBKDF2WithHmacSHA1" algorithm.

    Does anyone have any suggestions as to a way forward?
Working...
X