Forum Discussion

Santos_6556's avatar
Icon for Nimbostratus rankNimbostratus
Jun 02, 2009

Encrypt with AES::encrypt but, how to decrypt with Java?




With Java, you must get a Cypher:



Cipher decryptCipher = Cipher.getInstance("AES");


decryptCipher.init(Cipher.DECRYPT_MODE, getSecretKey());


byte[] deciphertext = decryptCipher.doFinal(encripted);


String decryptedString = new String(deciphertext);



But this code causes this error:


javax.crypto.IllegalBlockSizeException: 9 trailing bytes


at gnu.javax.crypto.jce.cipher.CipherAdapter.engineDoFinal(


at javax.crypto.Cipher.doFinal(


at javax.crypto.Cipher.doFinal(



The problem is with PADDING, but I don't know exactly where does the problem is.


When I get the Cipher, I can choose with diferent options:



Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");


Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS7Padding");


Cipher decryptCipher = Cipher.getInstance("AES/CFB8/NoPadding");





Maybe the problem is I don't get the good Cipher.


Can anybody help me?




8 Replies

  • spark_86682's avatar
    Historic F5 Account
    AES::encrypt uses CWC mode encryption. I don't know Java, but from some brief searches it doesn't appear to support that encryption mode.
  • Hi, I think this has been solved now with the new CRYPTO:: commands in v11. It can now use a encryption mode which is also implemented in Java. The CRYPTO:: doco is here (, but so far is a bit light on detail.
  • Colin_Walker_12's avatar
    Historic F5 Account



    Glad you found the new crypto commands! They're pretty powerful, and we're excited to have them available. What extra documentation would help you make use of the new commands? If there is something specific I can look into getting it added, depending on what it is.



  • yoggit's avatar
    Icon for Nimbostratus rankNimbostratus
    Is there a way to specify padding or not in the CRYPTO::encrypt and CRYPTO::encrypt commands?
  • spark_86682's avatar
    Historic F5 Account
    There is no way to control the padding, no. PKCS padding is always used. I would recommend filing an RFE for this. Sorry that this probably isn't what you wanted to hear.
  • Hi Spark,


    We are having a similar issue between F5 and our Java application. Do you know if there is a way to make encryption and decryption work between systems?


    Our developers are using AES-128-CBC with PKCS5 padding. However when decrypting the data with an iRule on F5 we are not capable of decrypting the data correctly.


    Is there a way to know which type of PKCS, F5 is using please?


  • Can someone explain me the difference between AES::encrypt and CRYPTO::encrypt ?

    Thanks and Cheers, Bob