1

I have next code that was copied from the right answer here:

public static String decrypt(String cipherText) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException { byte[] cipherData = Base64.getDecoder().decode(cipherText); byte[] saltData = Arrays.copyOfRange(cipherData, 8, 16); MessageDigest md5 = MessageDigest.getInstance("MD5"); final byte[][] keyAndIV = generateKeyAndIV(32, 16, 1, saltData, secret.getBytes(StandardCharsets.UTF_8), md5); SecretKeySpec key = new SecretKeySpec(keyAndIV[0], "AES"); IvParameterSpec iv = new IvParameterSpec(keyAndIV[1]); byte[] encrypted = Arrays.copyOfRange(cipherData, 16, cipherData.length); Cipher aesCBC = Cipher.getInstance("AES/CBC/PKCS5Padding"); aesCBC.init(Cipher.DECRYPT_MODE, key, iv); byte[] decryptedData = aesCBC.doFinal(encrypted); String decryptedText = new String(decryptedData, StandardCharsets.UTF_8); return decryptedText; }

How can I write encrypt function for this in Java? I tried something like this, but it doesn't work:

public static String encrypt(String plainText) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException { MessageDigest md5 = MessageDigest.getInstance("MD5"); final byte[][] keyAndIV = generateKeyAndIV(32, 16, 1, getNextSalt(), secret.getBytes(StandardCharsets.UTF_8), md5); SecretKeySpec skeySpec = new SecretKeySpec(keyAndIV[0], "AES"); IvParameterSpec iv = new IvParameterSpec(keyAndIV[1]); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); byte[] encrypted = cipher.doFinal(plainText.getBytes()); return Base64.getEncoder().encodeToString(encrypted); } public static byte[] getNextSalt() { byte[] salt = new byte[8]; RANDOM.nextBytes(salt); return salt; }
Improve this question
2
  • encrypt must return the data in OpenSSL format, i.e. the first 8 bytes are the ASCII encoding of Salted__, then comes the 8 bytes salt and then the actual ciphertext, the whole stuff is Base64 encoded after its concatenation. The salt is generated randomly. As far as I can see, your encrypt-method lacks the conversion to this OpenSSL format. By the way, the OpenSSL format is insecure and not a standard, here. Commented Apr 14, 2020 at 6:23
  • Can you write your answer with code, please? I'll give you the right answer. Thank you. Commented Apr 14, 2020 at 6:39

1 Answer 1

Reset to default
2

The encrypt-method must return the data in OpenSSL format, which consists of the ASCII encoding of Salted__, followed by the 8 bytes randomly generated salt and the actual ciphertext, whereby the data are Base64 encoded after their concatenation.

Note, however, that the key derivation function used for the OpenSSL format is insecure and is not a standard, here. A possible extension of the encrypt method could be:

public static String encrypt(String plainText) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException { byte[] salt = getNextSalt(); MessageDigest md5 = MessageDigest.getInstance("MD5"); final byte[][] keyAndIV = generateKeyAndIV(32, 16, 1, salt, secret.getBytes(StandardCharsets.UTF_8), md5); SecretKeySpec skeySpec = new SecretKeySpec(keyAndIV[0], "AES"); IvParameterSpec iv = new IvParameterSpec(keyAndIV[1]); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv); byte[] encrypted = cipher.doFinal(plainText.getBytes()); byte[] prefix = "Salted__".getBytes(StandardCharsets.US_ASCII); byte[] prefixSaltEncrypted = new byte[prefix.length + salt.length + encrypted.length]; System.arraycopy(prefix, 0, prefixSaltEncrypted, 0, prefix.length); System.arraycopy(salt, 0, prefixSaltEncrypted, prefix.length, salt.length); System.arraycopy(encrypted, 0, prefixSaltEncrypted, prefix.length + salt.length, encrypted.length); return Base64.getEncoder().encodeToString(prefixSaltEncrypted); }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.