2 Replies Latest reply: Nov 23, 2011 5:23 AM by sabre150 RSS

    Re : Works on 32 bit Tomcat . fails in 64 bit Web Logic

    591793
      Hello All,

      When I try to decrypt using 32 bit tomcat ... i can decrypt the hex string but when I use 64 bit Web Logic for the same , I get javax.crypto.badpaddingexception , Invalid pad value.... any thoughts in code what is causing this ? The sample code used is as follows.

      Help is appreciated.



      import java.security.SecureRandom;
      import javax.crypto.Cipher;
      import javax.crypto.KeyGenerator;
      import javax.crypto.SecretKey;
      import javax.crypto.spec.SecretKeySpec;


      public class Crypto{

           public static String decrypt(String seed, String encrypted) throws Exception {
                byte[] rawKey = getRawKey(seed.getBytes());
                byte[] enc = toByte(encrypted);
                byte[] result = decrypt(rawKey, enc);
                return new String(result);
           }

           private static byte[] getRawKey(byte[] seed) throws Exception {
                KeyGenerator kgen = KeyGenerator.getInstance("AES");
                SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
                sr.setSeed(seed);
           kgen.init(128, sr); // 192 and 256 bits may not be available
           SecretKey skey = kgen.generateKey();
           byte[] raw = skey.getEncoded();
           return raw;
           }

           private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception {
           SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
                Cipher cipher = Cipher.getInstance("AES");
           cipher.init(Cipher.DECRYPT_MODE, skeySpec);
           byte[] decrypted = cipher.doFinal(encrypted);
                return decrypted;
           }

           public static String toHex(String txt) {
                return toHex(txt.getBytes());
           }
           public static String fromHex(String hex) {
                return new String(toByte(hex));
           }
           
           public static byte[] toByte(String hexString) {
                int len = hexString.length()/2;
                byte[] result = new byte[len];
                for (int i = 0; i < len; i++)
                     result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue();
                return result;
           }

           public static String toHex(byte[] buf) {
                if (buf == null)
                     return "";
                StringBuffer result = new StringBuffer(2*buf.length);
                for (int i = 0; i < buf.length; i++) {
                     appendHex(result, buf);
                }
                return result.toString();
           }
           private final static String HEX = "0123456789ABCDEF";
           private static void appendHex(StringBuffer sb, byte b) {
                sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f));
           }
           
      }
        • 1. Re: Re : Works on 32 bit Tomcat . fails in 64 bit Web Logic
          sabre150
          I could be wrong but I'm pretty sure that your problem is caused by these lines of code :-
          KeyGenerator kgen = KeyGenerator.getInstance("AES");
          SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
          sr.setSeed(seed);
          kgen.init(128, sr); // 192 and 256 bits may not be available
          SecretKey skey = kgen.generateKey();
          In it's basic form a SHA1PRNG based random number generator is a deterministic generator and not really suitable for cryptographic use. I'm betting that Web Logic is replacing the SHA1PRNG core with a non-deterministic version of SecureRandom; in their position I would.

          If you want to transform bytes into a deterministic key you should use one of the PBE algorithms.

          P.S. When you create a cipher using
          Cipher cipher = Cipher.getInstance("AES");
          you by default specify ECB block mode and PKCS5 padding. ECB block mode is considered insecure since it allows forgery by splicing ciphertext. When used properly, the PBE based algorithms avoid this forgery by using CBC block mode.
          • 2. Re: Re : Works on 32 bit Tomcat . fails in 64 bit Web Logic
            sabre150
            Maybe I expect too much but once more I am mystified by the lack of a follow up response from the OP. What is the point of creating a thread if one does not follow it up in any way?