{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做个烂人 的问题《Android Cipher throwing BadPaddingException, but n》','https://www.manongdao.com/q-1346359.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm using some basic encryption in my app, which is running Android v20 (4.4.4)
This used to work, but I think with the newer version of Android I'm running, there is now an error throwing the following exception:
10-28 12:42:02.312 5173-5332/com.app W/System.err﹕ javax.crypto.BadPaddingException: pad block corrupted
10-28 12:42:02.312 5173-5332/com.app W/System.err﹕ at com.android.org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(BaseBlockCipher.java:739)
10-28 12:42:02.322 5173-5332/com.app W/System.err﹕ at javax.crypto.Cipher.doFinal(Cipher.java:1204)
10-28 12:42:02.322 5173-5332/com.app W/System.err﹕ at com.app.utils.CryptoClass.decrypt(CryptoClass.java:47)
10-28 12:42:02.322 5173-5332/com.app W/System.err﹕ at com.app.utils.CryptoClass.decrypt(CryptoClass.java:30)
The method throwing this is here:
private static byte[] decrypt(byte[] rawKey, byte[] encrypted) throws Exception {
SecretKeySpec spec = new SecretKeySpec(rawKey, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, spec);
return cipher.doFinal(encrypted); //THIS LINE THROWS EXCEPTION
}
When I run this same code as a Java project, it works correctly (using the same version of Java, 1.7 as Android is using).
I've tried various combinations for the getInstance parameter based on what I've found online, like AES/CBC/PKCS5PADDING but that doesn't solve the problem.
The getRawKey method I'm using:
private static byte[] getRawKey(byte[] bytes) throws Exception {
KeyGenerator keygen = KeyGenerator.getInstance("AES");
SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG", "SECRET");
secureRandom.setSeed(bytes);
keygen.init(128, secureRandom);
SecretKey secretKey = keygen.generateKey();
return secretKey.getEncoded();
}
Any help appreciated, thanks.
The problem of using
SecureRandomto derive keys is that:SecureRandomuses an undefined algorithm, which may change between implementations (even from the same vendor).SecureRandomonly uses the given seed as entropy is flawed, this may (and does) change for different implementations.Above is even true if you specify
"SHA1PRNG", which is not a well defined or standardized algorithm.In Android, the proprietary functionality of
SecureRandomin the Oracle provider - and the providers that tried to stay compatible - was changed in favor of the OpenSSL related provider. This happened from 4.2 onwards. In OpenSSL,SecureRandomonly mixes the given seed into the entropy pool. In other words, you get a fully random key even if you use the same "password" as seed.So if you ever see
getRawKeyas defined as above, please try and take it down. And for your own implementations just useSecretKeySpecfor keys or PBKDF2 for passwords.