For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Santos_6556's avatar
Santos_6556
Icon for Nimbostratus rankNimbostratus
Jun 02, 2009

Encrypt with AES::encrypt but, how to decrypt with Java?

Hello.

 

 

With Java, you must get a Cypher:

 

 

Cipher decryptCipher = Cipher.getInstance("AES");

 

decryptCipher.init(Cipher.DECRYPT_MODE, getSecretKey());

 

byte[] deciphertext = decryptCipher.doFinal(encripted);

 

String decryptedString = new String(deciphertext);

 

 

But this code causes this error:

 

javax.crypto.IllegalBlockSizeException: 9 trailing bytes

 

at gnu.javax.crypto.jce.cipher.CipherAdapter.engineDoFinal(libgcj.so.90)

 

at javax.crypto.Cipher.doFinal(libgcj.so.90)

 

at javax.crypto.Cipher.doFinal(libgcj.so.90)

 

 

The problem is with PADDING, but I don't know exactly where does the problem is.

 

When I get the Cipher, I can choose with diferent options:

 

 

Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

 

Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS7Padding");

 

Cipher decryptCipher = Cipher.getInstance("AES/CFB8/NoPadding");

 

...

 

 

Maybe the problem is I don't get the good Cipher.

 

Can anybody help me?

 

 

Thanks.
application delivery
dev
devops
iRules

8 Replies

  • spark_86682's avatar
    spark_86682
    Historic F5 Account
    Jun 03, 2009
    AES::encrypt uses CWC mode encryption. I don't know Java, but from some brief searches it doesn't appear to support that encryption mode.
  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Jan 05, 2012
    Hi, I think this has been solved now with the new CRYPTO:: commands in v11. It can now use a encryption mode which is also implemented in Java. The CRYPTO:: doco is here (http://devcentral.f5.com/wiki/iRules.CRYPTO.ashx), but so far is a bit light on detail.
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Jan 09, 2012
    Joanna,

     

     

    Glad you found the new crypto commands! They're pretty powerful, and we're excited to have them available. What extra documentation would help you make use of the new commands? If there is something specific I can look into getting it added, depending on what it is.

     

     

    Colin
  • yoggit's avatar
    yoggit
    Icon for Nimbostratus rankNimbostratus
    Jun 05, 2013
    Is there a way to specify padding or not in the CRYPTO::encrypt and CRYPTO::encrypt commands?
  • spark_86682's avatar
    spark_86682
    Historic F5 Account
    Jun 05, 2013
    There is no way to control the padding, no. PKCS padding is always used. I would recommend filing an RFE for this. Sorry that this probably isn't what you wanted to hear.
  • Wolf46_144992's avatar
    Wolf46_144992
    Icon for Nimbostratus rankNimbostratus
    Aug 18, 2014

    Hi Spark,

     

    We are having a similar issue between F5 and our Java application. Do you know if there is a way to make encryption and decryption work between systems?

     

    Our developers are using AES-128-CBC with PKCS5 padding. However when decrypting the data with an iRule on F5 we are not capable of decrypting the data correctly.

     

    Is there a way to know which type of PKCS, F5 is using please?

     

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Dec 08, 2022

    Can someone explain me the difference between AES::encrypt and CRYPTO::encrypt ?

    Thanks and Cheers, Bob