AES Encryption Java -> PHP -> Java

5
votes

In my Android app I am communicating with a web service the data sent and responded are encrypted with AES encryption.

So what I do is the following. I'm sending a base64 encoded AES encrypted JSON String to share.php

Share.php will then decrypt this string and insert it into the database. After that the PHP will encrypt en encode the response.

My Android application then needs to decode en decrypt this message.

But the decryption of the PHP response is not going very well.

This is my AES.java:

public class AES {
private final String characterEncoding = "UTF-8";
private final String cipherTransformation = "AES/ECB/PKCS5Padding";
private final String aesEncryptionAlgorithm = "AES";

public  byte[] decrypt(byte[] cipherText, byte[] key, byte [] initialVector) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
{
    Cipher cipher = Cipher.getInstance(cipherTransformation);
    SecretKeySpec secretKeySpecy = new SecretKeySpec(key, aesEncryptionAlgorithm);
    //IvParameterSpec ivParameterSpec = new IvParameterSpec(initialVector);
    //cipher.init(Cipher.DECRYPT_MODE, secretKeySpecy, ivParameterSpec);
    cipher.init(Cipher.DECRYPT_MODE, secretKeySpecy);
    System.out.println("Do final: "+cipherText);

    cipherText = cipher.doFinal(cipherText);
    return cipherText;
}

public  byte[] encrypt(byte[] plainText, byte[] key, byte [] initialVector) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
{
    Cipher cipher = Cipher.getInstance(cipherTransformation);
    SecretKeySpec secretKeySpec = new SecretKeySpec(key, aesEncryptionAlgorithm);
    //IvParameterSpec ivParameterSpec = new IvParameterSpec(initialVector);
    //cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec);
    cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
    plainText = cipher.doFinal(plainText);
    return plainText;
}

private byte[] getKeyBytes(String key) throws UnsupportedEncodingException{
    byte[] keyBytes= new byte[16];
    byte[] parameterKeyBytes= key.getBytes(characterEncoding);
    System.arraycopy(parameterKeyBytes, 0, keyBytes, 0, Math.min(parameterKeyBytes.length, keyBytes.length));
    return keyBytes;
}

/// <summary>
/// Encrypts plaintext using AES 128bit key and a Chain Block Cipher and returns a base64 encoded string
/// </summary>
/// <param name="plainText">Plain text to encrypt</param>
/// <param name="key">Secret key</param>
/// <returns>Base64 encoded string</returns>
public String encrypt(String plainText, String key) throws UnsupportedEncodingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException{
    byte[] plainTextbytes = plainText.getBytes(characterEncoding);
    byte[] keyBytes = getKeyBytes(key);
    //return Base64.encodeToString(encrypt(plainTextbytes,keyBytes, keyBytes), Base64.DEFAULT);
    return Base64.encodeToString(encrypt(plainTextbytes,keyBytes, new byte[0]), Base64.DEFAULT);
}

/// <summary>
/// Decrypts a base64 encoded string using the given key (AES 128bit key and a Chain Block Cipher)
/// </summary>
/// <param name="encryptedText">Base64 Encoded String</param>
/// <param name="key">Secret Key</param>
/// <returns>Decrypted String</returns>
public String decrypt(String encryptedText, String key) throws KeyException, GeneralSecurityException, GeneralSecurityException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException{
    byte[] cipheredBytes = Base64.decode(encryptedText, Base64.DEFAULT);
    byte[] keyBytes = getKeyBytes(key);
    //return new String(decrypt(cipheredBytes, keyBytes, keyBytes), characterEncoding);
    return new String(decrypt(cipheredBytes, keyBytes, new byte[0]), characterEncoding);
}

}

And this is the code to encode en encrypt the response in PHP:

function mc_encrypt($encrypt, $mc_key) {
    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB), MCRYPT_RAND);
    $passcrypt = trim(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $mc_key, trim($encrypt), MCRYPT_MODE_ECB, $iv));
    $encode = base64_encode($passcrypt);
    return $encode;
}

function mc_decrypt($decrypt, $mc_key) {
    $decoded = base64_decode($decrypt);
    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB), MCRYPT_RAND);
    $decrypted = trim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $mc_key, trim($decoded), MCRYPT_MODE_ECB, $iv));
    return $decrypted;
}

I'm guessing that the settings of the PHP encryption do not match the settings for the Java part. Can

I'm getting the following error:

03-12 13:44:09.661: W/System.err(15717): javax.crypto.BadPaddingException: pad block corrupted
2
javaphpandroidencryption
One thing is that the padding modes don't match, see php.net/manual/de/ref.mcrypt.php#69782Niko

2 Answers

0
votes

I suggest you take a look at http://phpaes.com/. It's a free AES encryption library implemented purely in PHP; it's fast and very very simple to use.

At the very least, it allows you get one step closer to isolating the true source of the issue.

-4
votes

This might not be the answer you're looking for - but is there a specific reason you're manually encrypting this data instead of using SSL/HTTPS?

In most cases HTTPS will be easier to implement and more secure than manually implementing a symmetric cipher.