Home/ Questions/Q 8866543
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T16:48:41+00:00

I have an application consisting of three services: Client , Server and TokenService .

  • 0

I have an application consisting of three services: Client, Server and TokenService. In order to access data on the Server, Client has to obtain SecurityToken object from TokenService. The communication between parties is encrypted using shared keys (Client and TokenService share a key ‘A’ and TokenService and Server share a different key ‘B’). When Client sends request to TokenService then the communication is encrypted with ‘A’. When TokenService returns SecurityToken object, this object is encrypted with B and A like this: ((SecurityToken)B)A). This doubly encrypted object first goes back to Client, Client decrypts it with A, puts it into another object, attaches some additional information (String with request) and sends it to the Server where SecurityToken gets decrypted with B.

Everything works fine until I’am decrypting SecurityToken object on the server side. I get Exception:

 javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:749)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:675)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
at mds.hm5.sharedclasses.Decryptor.decryptData(Decryptor.java:40)
at mds.hm5.tokenservice.Main2.main(Main2.java:28)

I was able to recreate this error (without remote communication between parties) like this:

public static void main(String[] args) {

    SecurityToken s = new SecurityToken(false, "2");

    try {
        byte[] bytes = Encryptor.getBytesFromObject(s);
        bytes = Encryptor.encryptData(bytes, "secretkey1");
        bytes = Encryptor.encryptData(bytes, "secretkey2");
        bytes = Base64.encodeBase64(bytes);

        System.out.println(bytes);

        bytes = Base64.decodeBase64(bytes);
        bytes = Decryptor.decryptData(bytes, "secretkey2");
        bytes = Decryptor.decryptData(bytes, "secretkey1");
        SecurityToken s2 = (SecurityToken) Decryptor.getObjectFromBytes(bytes);

        System.out.println(s2.getRole());

    } catch (IOException e) {
        e.printStackTrace();
    } catch (ClassNotFoundException e) {
        e.printStackTrace();
    }
}

I have no idea what I’am doing wrong here. Is it impossible to create two layers of encryption just like that? Am I missing something?

Additional information:

Here is my Encryptor class:

public class Encryptor {

public static byte[] encryptData(byte[] credentials, String key){

    Cipher c;
    SecretKeySpec k;
    byte[] byteCredentials = null;
    byte[] encryptedCredentials = null;
    byte[] byteSharedKey = null;

    try {

        byteCredentials = getBytesFromObject(credentials);
        byteSharedKey = getByteKey(key);

        c = Cipher.getInstance("AES");
        k = new SecretKeySpec(byteSharedKey, "AES");
        c.init(Cipher.ENCRYPT_MODE, k);
        encryptedCredentials = c.doFinal(byteCredentials);

    } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    } catch (IllegalBlockSizeException e) {
        e.printStackTrace();
    } catch (BadPaddingException e) {
        e.printStackTrace();
    }

    return encryptedCredentials;

}

public static byte[] getBytesFromObject(Object credentials) throws IOException{

    //Hmmm.... now I'm thinking I should make generic type for both: Token and ITU_Credentials object, that would have this getBytes and getObject methods.
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    ObjectOutput out = null;
    byte[] newBytes = null;

    try {

      out = new ObjectOutputStream(bos);   
      out.writeObject(credentials);
      newBytes = bos.toByteArray();

    } catch (IOException e) {
        e.printStackTrace();
    } finally {
      out.close();
      bos.close();
    }
    return newBytes;
}

private static byte[] getByteKey(String key) throws UnsupportedEncodingException, NoSuchAlgorithmException{

    //Converting key to SHA-1 and trimming to mach maximum lenght of key

    byte[] bkey = key.getBytes("UTF-8");
    MessageDigest sha = MessageDigest.getInstance("SHA-1");
    bkey = sha.digest(bkey);
    bkey = Arrays.copyOf(bkey, 16);

    return bkey;
}

And here is my Decryptor class:

public class Decryptor {


public static byte[] decryptData(byte[] encryptedCredentials, String key){

    Cipher c;
    SecretKeySpec k;
    byte[] byteSharedKey = null;
    byte[] byteObject = null;


    try {

        byteSharedKey = getByteKey(key);

        c = Cipher.getInstance("AES");
        k = new SecretKeySpec(byteSharedKey, "AES");
        c.init(Cipher.DECRYPT_MODE, k);
        byteObject = c.doFinal(encryptedCredentials);



    } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    } catch (IllegalBlockSizeException e) {
        e.printStackTrace();
    } catch (BadPaddingException e) {
        e.printStackTrace();
    }

    return byteObject;

}

public static Object getObjectFromBytes(byte[] credentials) throws IOException, ClassNotFoundException{

    ByteArrayInputStream bis = new ByteArrayInputStream(credentials);
    ObjectInput in = null;
    ITU_Credentials credentialsObj = null;

    try {

        in = new ObjectInputStream(bis);
        credentialsObj = (ITU_Credentials)in.readObject(); 

    } finally {
      bis.close();
      in.close();
    }
    return credentialsObj;
}


private static byte[] getByteKey(String key) throws UnsupportedEncodingException, NoSuchAlgorithmException{

    //Converting key to SHA-1 and trimming to mach maximum lenght of key

    byte[] bkey = key.getBytes("UTF-8");
    MessageDigest sha = MessageDigest.getInstance("SHA-1");
    bkey = sha.digest(bkey);
    bkey = Arrays.copyOf(bkey, 16);

    return bkey;
}

public static void main(String[] args) {
    new Encryptor();
}

}

EDIT:

As advised, I replaced all e.printStackTrace(); with throw new RuntimeException(e); in the Decriptor class to properly throw exceptions:

public class Decryptor {


public static byte[] decryptData(byte[] encryptedCredentials, String key){

    Cipher c;
    SecretKeySpec k;
    byte[] byteSharedKey = null;
    byte[] byteObject = null;


    try {

        byteSharedKey = getByteKey(key);

        c = Cipher.getInstance("AES");
        k = new SecretKeySpec(byteSharedKey, "AES");
        c.init(Cipher.DECRYPT_MODE, k);
        byteObject = c.doFinal(encryptedCredentials);



    } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
        throw new RuntimeException(e);
    } catch (InvalidKeyException e) {
        throw new RuntimeException(e);
    } catch (IOException e) {
        throw new RuntimeException(e);
    } catch (IllegalBlockSizeException e) {
        throw new RuntimeException(e);
    } catch (BadPaddingException e) {
        throw new RuntimeException(e);
    }

    return byteObject;

}

public static Object getObjectFromBytes(byte[] credentials) throws IOException, ClassNotFoundException{

    ByteArrayInputStream bis = new ByteArrayInputStream(credentials);
    ObjectInput in = null;
    ITU_Credentials credentialsObj = null;

    try {

        in = new ObjectInputStream(bis);
        credentialsObj = (ITU_Credentials)in.readObject(); 

    } finally {
      bis.close();
      in.close();
    }
    return credentialsObj;
}


private static byte[] getByteKey(String key) throws UnsupportedEncodingException, NoSuchAlgorithmException{

    //Converting key to SHA-1 and trimming to mach maximum lenght of key

    byte[] bkey = key.getBytes("UTF-8");
    MessageDigest sha = MessageDigest.getInstance("SHA-1");
    bkey = sha.digest(bkey);
    bkey = Arrays.copyOf(bkey, 16);

    return bkey;
}

public static void main(String[] args) {
    new Encryptor();
}

}

Now the exception looks as follows:

Exception in thread "main" java.lang.RuntimeException: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
at mds.hm5.sharedclasses.Decryptor.decryptData(Decryptor.java:51)
at mds.hm5.tokenservice.Main2.main(Main2.java:28)
Caused by: javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:749)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:675)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
at mds.hm5.sharedclasses.Decryptor.decryptData(Decryptor.java:40)
... 1 more
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I think the root of your problem is:

    byte[] bytes = Encryptor.getBytesFromObject(s);
bytes = Encryptor.encryptData(bytes, "secretkey1");

    which goes to:

    //etc.//
byte[] encryptedCredentials = null;
byte[] byteSharedKey = null;

try {
    byteCredentials = getBytesFromObject(credentials);
    //Whoops!  credentials is already a byte array.
//etc.//
catch (and eat) exception.....
return encryptedCredentials;

    And, since you eat the exception and just return null, as home has advised against in the comments, then it keeps moving until it gets to the decryption step, where it throws an exception you hadn’t anticipated (when it fails to decrypt, an IllegalBlockSizeException which is none of the eight types of Exception that you catch there), and gives you something useful.

    That’s what I think is going on anyway.

    • 0