I have a weird problem…

Basing my solution on Decrypting a hardcoded file as byte[]

So, I wrote a small Cypher class to help out with crypting/decrypting… It used to mock-up a key hardcoded at some place and another pre-crypted key stored somewhere else. But that’s somewhat irrelevant atm.

the crypting process went like this:

• retrieve the hardcoded byte array
• use it to decrypt key2
• use key2 to decrypt data
• use key1 to further decrypt data
• have decrypted data

I was storing the crypted data as a hex-string, used these two functions to get in-out of there

private static String byteArrayToHexString(byte[] b)
{
    StringBuffer sb = new StringBuffer(b.length * 2);
    for (int i = 0; i < b.length; i++)
    {
        int v = b[i] & 0xff;
        if (v < 16)
        {
            sb.append('0');
        }
        sb.append(Integer.toHexString(v));
    }
    return sb.toString().toUpperCase();
}

private static byte[] hexStringToByteArray(String s)
{
    byte[] b = new byte[s.length() / 2];
    for (int i = 0; i < b.length; i++)
    {
        int index = i * 2;
        int v = Integer.parseInt(s.substring(index, index + 2), 16); //THIS LINE
        b[i] = (byte) v;
    }
    return b;
}

That worked flawlessly; in fact it worked so good that I implemented it in my real project. The project failed to run due to the fact that i didn’t thoroughly test.

Turns out it crypts/decrypts pretty much all files OK except one – that one doesn’t want to decrypt.

I have pinpointed the issue however – THIS line throws an IllegalNumberFormat exception; at some point i got acquainted with this https://bugs.java.com/bugdatabase/view_bug?bug_id=6259307 as well. I would and can revert to this method if someone describes a way to bypass a case when a string of length 2 is converted to four bytes which throw an IllegalNumberFormatException.

So, I figured that since I cannot decode a file (and obviously cannot share it here for you guys to try out) I needed to transform it somehow to make it transport-safe. Enter the Base64Coder class which encodes to base64 strings…

That seemed to have introduced a new issue – padding was getting effed up.

The question is simple – what am I doing wrong? I need to conform to this data and it has to be able to crypt/decrypt properly and equally. I’d like a proposal on the most light-weight solution possible with least copy/pasting… pseudocode won’t do the trick here.

Here’s what I’m doing now….

public static char[] encrypt2(byte[] value) throws GeneralSecurityException, IOException
{
    SecretKeySpec key1 = getSecretKeySpec(true);
    System.err.println("encrypt():\t" + key1.toString());
    Cipher cipher = Cipher.getInstance(CRYPTOSYS);
    cipher.init(Cipher.ENCRYPT_MODE, key1, cipher.getParameters());
    byte[] encrypted = cipher.doFinal(value);
    
    SecretKeySpec key2 = getSecretKeySpec(false);
    cipher = Cipher.getInstance(CRYPTOSYS);
    cipher.init(Cipher.ENCRYPT_MODE, key2, cipher.getParameters());
    byte[] encrypted2 = cipher.doFinal(encrypted);
    
    return Base64Coder.encode(encrypted2);
}

public static byte[] decrypt2(char[] message) throws GeneralSecurityException, IOException
{
    SecretKeySpec key1 = getSecretKeySpec(false);
    System.err.println("decrypt():\t" + key1.toString());
    Cipher cipher = Cipher.getInstance(CRYPTOSYS);
    cipher.init(Cipher.DECRYPT_MODE, key1);
    byte[] decrypted = cipher.doFinal(Base64Coder.decode(message));
    
    SecretKeySpec key2 = getSecretKeySpec(true);
    cipher = Cipher.getInstance(CRYPTOSYS);
    cipher.init(Cipher.DECRYPT_MODE, key2);
    byte[] decrypted2 = cipher.doFinal(decrypted);
    
    return decrypted2;
}

Note that keys are currently fully-exposed (hardcoded) for testing purposes.

Here’s my test-case

public static void main(String... args) throws Exception
{
    //      byte[] data = "hello".getBytes();
    File PEM = new File(PATH_TO_FILES + SOURCE_PEM);
    File DER = new File(PATH_TO_FILES + SOURCE_DER);
    File cryptoPEM = new File(PATH_TO_FILES + "cryptopem");
    File cryptoDER = new File(PATH_TO_FILES + "cryptoder");
    
    byte[] cryptokey = encryptA(ASSET_KEY);
    System.out.println(new String(cryptokey));
    
    //pem key
    System.out.println("PEM");
    byte[] data = getBytesFromFile(PEM);
    char[] crypted = encrypt2(data);
    //      FileOutputStream fos = new FileOutputStream(cryptoPEM);
    FileWriter fw = new FileWriter(cryptoPEM);
    fw.write(crypted);
    fw.flush();
    
    //der key
    System.out.println("DER");
    data = getBytesFromFile(DER);
    crypted = encrypt2(data);
    fw = new FileWriter(cryptoDER);
    fw.write(crypted);
    fw.flush();
    
    //opentext
    System.out.println("checking PEM...");
    crypted = Base64Coder.encode(getBytesFromFile(cryptoPEM));
    byte[] decrypted = decrypt2(crypted,  false);
    byte[] decryptedData = decrypted;
    
    if (!Arrays.equals(getBytesFromFile(PEM), decryptedData)) { throw new Exception("PEM Data was not decrypted successfully"); }
    
    System.out.println("checking DER...");
    crypted = Base64Coder.encode(getBytesFromFile(cryptoDER));
    decrypted = decrypt2(crypted,  false);
    decryptedData = decrypted;
    
    if (!Arrays.equals(getBytesFromFile(DER), decryptedData)) { throw new Exception("DER Data was not decrypted successfully"); }
}

And I’m getting an InvalidBlockSizeException now…. Please, someone shed some light on this, I just want this to work…

Replacing ‘key2’ for an IV to be later used in a "AES/CBC/PKCS5Padding" is an option I’m considering right now. Essentially nothing will change except the second step of encrypting. Theoretically and metodically I’d keep things the same – unless of course a better solution is described.

At the end I’d like to point out that this is a programmer question, not a IT security-student question so proper code is valued more than a theoretical response that covers unlikely fringe cases.

EDIT:
well, I can’t give you the numbers that cause the IllegalNumberFormatException because I lost the code from this morning. I can’t seem to replicate the issue so I guess trying to figure that part is of no use.

Here’s the output from the sample test:

encrypt():  javax.crypto.spec.SecretKeySpec@15dd7
5@��_׵G�j��!�c;D�i�lR?z�j\
PEM
encrypt():  javax.crypto.spec.SecretKeySpec@15dd7
DER
encrypt():  javax.crypto.spec.SecretKeySpec@15dd7
checking PEM...
decrypt():  javax.crypto.spec.SecretKeySpec@15c78
Exception in thread "main" javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher

which means that Base64 is kinda messing it up…