Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Encrypt with AES::encrypt but, how to decrypt with Java?

Santos_6556
Nimbostratus
Nimbostratus
Hello.

 

 

With Java, you must get a Cypher:

 

 

Cipher decryptCipher = Cipher.getInstance("AES");

 

decryptCipher.init(Cipher.DECRYPT_MODE, getSecretKey());

 

byte[] deciphertext = decryptCipher.doFinal(encripted);

 

String decryptedString = new String(deciphertext);

 

 

But this code causes this error:

 

javax.crypto.IllegalBlockSizeException: 9 trailing bytes

 

at gnu.javax.crypto.jce.cipher.CipherAdapter.engineDoFinal(libgcj.so.90)

 

at javax.crypto.Cipher.doFinal(libgcj.so.90)

 

at javax.crypto.Cipher.doFinal(libgcj.so.90)

 

 

The problem is with PADDING, but I don't know exactly where does the problem is.

 

When I get the Cipher, I can choose with diferent options:

 

 

Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

 

Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS7Padding");

 

Cipher decryptCipher = Cipher.getInstance("AES/CFB8/NoPadding");

 

...

 

 

Maybe the problem is I don't get the good Cipher.

 

Can anybody help me?

 

 

Thanks.
8 REPLIES 8

spark_86682
Historic F5 Account
AES::encrypt uses CWC mode encryption. I don't know Java, but from some brief searches it doesn't appear to support that encryption mode.

IheartF5_45022
Nacreous
Nacreous
Hi, I think this has been solved now with the new CRYPTO:: commands in v11. It can now use a encryption mode which is also implemented in Java. The CRYPTO:: doco is here (http://devcentral.f5.com/wiki/iRules.CRYPTO.ashx), but so far is a bit light on detail.

Colin_Walker_12
Historic F5 Account
Joanna,

 

 

Glad you found the new crypto commands! They're pretty powerful, and we're excited to have them available. What extra documentation would help you make use of the new commands? If there is something specific I can look into getting it added, depending on what it is.

 

 

Colin

yoggit
Nimbostratus
Nimbostratus
Is there a way to specify padding or not in the CRYPTO::encrypt and CRYPTO::encrypt commands?

spark_86682
Historic F5 Account
There is no way to control the padding, no. PKCS padding is always used. I would recommend filing an RFE for this. Sorry that this probably isn't what you wanted to hear.

Wolf46_144992
Nimbostratus
Nimbostratus

Hi Spark,

 

We are having a similar issue between F5 and our Java application. Do you know if there is a way to make encryption and decryption work between systems?

 

Our developers are using AES-128-CBC with PKCS5 padding. However when decrypting the data with an iRule on F5 we are not capable of decrypting the data correctly.

 

Is there a way to know which type of PKCS, F5 is using please?

 

Kai_Wilke
MVP
MVP

Can someone explain me the difference between AES::encrypt and CRYPTO::encrypt ?

Thanks and Cheers, Bob


iRule can do… 😉

Please Help its urgent!!!

Cheers, Bob


iRule can do… 😉