incorrect decryption using AES/CBC

[jimgardener]

hi
i tried to encrypt a message using AES/CBC/PKCS5Padding and stored the
aeskey in keystore and wrote the IV byte[] and encrypted message to a
text file.Then in another piece of code i read the IV and encrypted
message from file and retrieved the aeskey from keystore again tried
to decrypt the message.I am getting the first part of message garbled
and only last part of message is properly decrypted.
ie,for the message
"all hands report to deck immediately" i get
?3??u?sU?c? to deck immediately

can someone help me to correct this ?
p.s:
i have put only trivial try catch blocks to save space here

//makes a new keystore
public static void makeKeyStore(){
try{
KeyStore ks=KeyStore.getInstance("JCEKS");
ks.load(null,"".toCharArray());
FileOutputStream ksout=new FileOutputStream("myks.keystore");
char[] password = new char[] {'m','y','n','a','m','e'};
ks.store(ksout, password);
Arrays. fill(password, '\u0000' ) ;
debug("empty keystore created");
}
catch(Exception e){
e.printStackTrace();
}

}

//encrypts a message
public static void blockCipherEncrDemo(){

String plaintext="all hands report to deck immediately";
try{
KeyGenerator kg=KeyGenerator.getInstance("AES");
SecretKey skey=kg.generateKey();
byte[] aeskey=skey.getEncoded();
SecretKeySpec spec=new SecretKeySpec(aeskey,"AES");
Cipher cip=Cipher.getInstance("AES/CBC/PKCS5Padding");
cip.init(Cipher.ENCRYPT_MODE, spec);
byte[] iv=cip.getIV();
FileOutputStream foutiv=new FileOutputStream("blockiv.txt");
foutiv.write(iv);

KeyStore ks=KeyStore.getInstance("JCEKS");
FileInputStream ksin=new FileInputStream("myks.keystore");

char[] passwd=new char[] {'m','y','n','a','m','e'};
ks.load(ksin,passwd);
ks.setKeyEntry("myaeskey",skey,passwd,null);
FileOutputStream fos = new FileOutputStream("myks.keystore");
ks.store(fos,passwd);
Arrays.fill(passwd,'\u0000');
//encrypt plaintext
byte[] plainbytes=plaintext.getBytes("UTF-8");
CipherOutputStream cipout=new CipherOutputStream(new

FileOutputStream("blockencrypted.txt"),cip);
cipout.write(plainbytes);
cipout.flush();
cipout.close();

}
catch(Exception e){
e.printStackTrace();
}
}


//trying to decrypt the message from file "blockencrypted.txt"

public static void blockCipherDecrDemo(){
try{
KeyStore ks=KeyStore.getInstance("JCEKS");
FileInputStream finks=new FileInputStream("myks.keystore");
char[] passwd=new char[] {'m','y','n','a','m','e'};
ks.load(finks,passwd);
Key skey=ks.getKey("myaeskey", passwd);
if (skey!=null)System.out.println("skey retrieved from keystore");
finks.close();
Arrays.fill(passwd,'\u0000');
byte[] aeskey=skey.getEncoded();
SecretKeySpec keySpec = new SecretKeySpec(aeskey, "AES");
Cipher c=Cipher.getInstance("AES/CBC/PKCS5Padding");
FileInputStream finiv=new FileInputStream("blockiv.txt");
byte[] iv = new byte[finiv.available()];
finiv.close();
IvParameterSpec ivspec= new IvParameterSpec(iv);
c.init(Cipher.DECRYPT_MODE, keySpec,ivspec);
CipherInputStream cipin=new CipherInputStream(new

FileInputStream("blockencrypted.txt"),c);
int r=0;
byte[] tempbytes=new byte[16];
FileOutputStream fout=new FileOutputStream("blockdecrypted.txt");
String s="";
String s1=null;
while((r=cipin.read(tempbytes))!=-1){
fout.write(tempbytes,0,r);
s1=new String(tempbytes,0,r,Charset.forName("UTF-8"));
s=s+s1;

}
System.out.println("message is:>>\n"+s);

}
catch(Exception e){
e.printStackTrace();
}

}

 

[jimgardener]

You forgot to do something rather obvious here.

sorry!forgot the read()
thanks rossum
jim

 

[Roedy Green]

byte[] iv = new byte[finiv.available()];
finiv.close();
IvParameterSpec ivspec= new IvParameterSpec(iv);
c.init(Cipher.DECRYPT_MODE, keySpec,ivspec);

see http://mindprod.com/jgloss/cipher.html

It is almost identical to your problem with the exception it generates
its own key rather than hashing one out of a pass phrase.

Looks to me that you did not set up your salt iv array correctly. You
allocated it, but did not fill it. Both encrypt and decrypt must use
identical not-particularly secret salt.

salt is the wrong word. There is a funny word people use for salting
in the context of CBC which escapes me.