I’m new to security, and I tried a lot to remove the exception (below the code). Both the RC2 and RC6 ciphers are giving this exception. The input should be a 128 bit String and a key of 128 bits, the output should be 128 bits cipher text.
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.util.*;
public class RC2Encrypt
{
public static void main(String args []) throws Exception
{
Scanner s=new Scanner(System.in);
System.out.println("Enter PlainTextString:");
String input=s.nextLine();
System.out.println();
System.out.println("Enter 16 digit key:");
String strPassword=s.nextLine();
SecretKeySpec key = new SecretKeySpec(strPassword.getBytes(), "RC2");
AlgorithmParameterSpec paramSpec = new IvParameterSpec(strPassword.getBytes());
Cipher cipher = Cipher.getInstance("RC2");
cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
byte[] encrypted = cipher.doFinal(input.getBytes());
String b1 = new String(encrypted);
System.out.println("Original string: " + input);
System.out.println("Encrypted string: " + b1);
}
}
This will generate the following exception:
Exception in thread "main" java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 8 bytes long
at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..)
at com.sun.crypto.provider.RC2Cipher.engineInit(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at RC2Encrypt.main(RC2Encrypt.java:40)
There are multiple issues with your code.
The most important one is that you confuse characters and bytes. You will have to know about character-encoding – which is about encoding text in binary and back – and encoding – which is about encoding binary as readable text.
If you expect 8 bytes encoded by 16 characters then this implies that you need to perform hexadecimal decoding (which uses two characters for each byte). The best way of doing that is to use the Apache common codec library or the Bouncy Castle libraries. I would suggest the latter because it contains many more encryption algorithms – including RC6. The best way is to use the Bouncy Castle provider for the cryptographic functionality.
OK, so that solved the part with the key and IV, now for the plain text. The plain text must be binary encoded. Unfortunately you are now using the platform default character set. This means you will run into compatibility issues if you want to exchange it with another system (or other application, even on your own PC, if it uses another character set). To remove this issue you should specify an encoding yourself, e.g. use
String.getBytes(Charset.forName("UTF-8"))or on Java 7 onwardString.getBytes(StandardCharsets.UTF_8). Do the same for the constructor.Furthermore, you really should not be using the same bytes for the key and IV. The IV is used to encrypt several ciphertext with the same key, without introducing security vulnerabilities. E.g. an attacker could know that the first, not so secret ciphertext contains the word “yes”. Then the next cipherblock comes along and contains the exact same bytes; obviously the sender has send the word “yes” again. If the IV was changed the attacker would see an entirely different cipher text – although it would still be 3 bytes long for stream ciphers.
Finally, the key and IV should be randomly generated – possibly at some time in the past. If a password is required instead of a key, you should use a PBKDF (password based key derivation function) as a sub-optimal replacement. But I think that might be a more advanced topic.