I am trying to use the javax.crypto java library to encrypt and decrypt strings of text using the Advanced Encryption Standard. Unfortunately, I seem to be doing something very wrong, as I get the error "Given Final Block Not Properly Padded". And I do not know what this means.

A code snippet is here:


public String encode(String s) {
String encodingKey="sixteencharacter";
String result="DEFAULT STRING TO SEND";
try {SecretKeySpec key = new SecretKeySpec(encodingKey.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding", "SunJCE");
cipher.init(Cipher.ENCRYPT_MODE, key);
result = new String(cipher.doFinal(s.getBytes()));
} catch (Exception e) {System.out.println("ERROR WHILE ENCODING");}
return result;
}

public String decode(String s) {
String decodingKey="sixteencharacter";
String result="DEFAULT STRING TO SEND";
try {SecretKeySpec key = new SecretKeySpec(decodingKey.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding", "SunJCE");
cipher.init(Cipher.DECRYPT_MODE, key);
result = new String(cipher.doFinal(s.getBytes()));
} catch (Exception e) {System.out.println("ERROR WHILE DECODING");e.printStackTrace();}
return result;
}


And when I try to call a line like, say,

String s=decode(encode("WELCOME:BOB"));

I get the error.

Other Strings I have tried that do not work are "WELCOME:ALICE", "WELCOME:NEMO". However, I have also found strings that do decode properly, such as "WELCOME:HI", "WELCOME:DAVE", "WELCOME:SQUARE", "WELCOME:NOBODY".

I do not know why some strings work and some don't. I modeled the decoding method to mirror the encoding, so I am at a loss to explain any of these results.

Any help is appreciated!

Don't use Strings to store binary data (raw encrypted data is binary) or reencode them somehow (hex, base64). Your raw encrypted string may or may not contain special characters which completely mess up the Java string encoding and handling, so you don't get what you expect out of getBytes(). This causes the padding data to turn out wrong, causing the error you're seeing. Try using byte arrays all the way between encryption and decryption and see if it works then.

Also, ECB is insecure, so only use it for learning. Secondly, if you want to avoid the whole padding issue in the future, use a mode of operation which does not require padding but instead an initialization vector, such as CTR or CFB!

The problem with a byte array is that I am trying to get two programs to communicate over a socket and I'm using a BufferedReader and BufferedWriter which communicate mostly with Strings.

I notice there's a single read method that returns an int between 0 and 65536, which would be two bytes, so should I just be using that method and using the values of n%256 and n/256 to extract the bytes?

The problem with a byte array is that I am trying to get two programs to communicate over a socket and I'm using a BufferedReader and BufferedWriter which communicate mostly with Strings.

It's a really impractical idea to transmit binary data through Strings which are meant for textual, readable data. If you really cannot send binary data through the socket directly (which is understandable as it is quite a bit more involved) then you can simply convert your byte array to a hexadecimal string (which is always readable, just twice as large as the binary data it encodes) or base64 (which takes a bit less space than hexadecimal). Upon reception you read the string and decode it back into a byte array. There should be Java functions to do this for you, I believe.

I notice there's a single read method that returns an int between 0 and 65536, which would be two bytes, so should I just be using that method and using the values of n%256 and n/256 to extract the bytes?[/quote]
If you mean read your byte array that way, it could work, but surely in your BufferedReader there should be a read method that can read an arbitrary number of bytes into a buffer?? Also, if you aren't using Strings, you'll need to send the size of the byte array too (String does that implicitly, since it contains its own length).

In your case, I recommend you try and get the hexadecimal encoding/decoding method I mentioned above and see if this works, just to make sure everything is working fine.

I'm not familiar with java's encryption routines but I recently did some work with AES in PHP and iOS and one thing I had to do to get things working was to pad the message using PKCS7 padding before I encrypted it and remove the padding after decrypting. In your code I don't see you doing any padding but if java does this padding for you then disregard this.