• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

Need help in password Encryption and Decryption

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I need help in password encryption and decryption. I'm using DES Algorithm for encryption and decryption. It works well when I'm trying to encrypt and decrypt a string . But I'm storing the encrypted string in the database. encryption works well. but when i tried to decrypt it is throwing some "BadPaddingException : Given final block not properly padded "..

Please help me..

Here is the code i used for decryption.

ecipher = Cipher.getInstance("DESede");
dcipher.init(Cipher.DECRYPT_MODE, key);
/*.......*/

public String decrypt(String str) {
try {
// Decode base64 to get bytes
byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);

// Decrypt
byte[] utf8 = dcipher.doFinal(dec);

// Decode using utf-8
return new String(utf8, "UTF8");
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (java.io.IOException e) {
}
return null;
}

Thanks in advance.

Regards,
Preethi.
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Refer here
Padding Exception

Get back if it still doesnt work.
 
Ranch Hand
Posts: 781
Netbeans IDE Ubuntu Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When using ECB block mode as you are, bad padding exception has two standard causes :-

1) The key used to decrypt is not the same as the key used to encrypt.
2) The ciphertext has been corrupted.

Since you are Base64 encoding the ciphertext my best guess, and without seeing more of your code it is only a guess, is that your database is truncating your ciphertext. When you decided on the database column width, did you take into account the up to 8 bytes of padding needed and the more than 33% increase in size of the ciphertext caused by the Base64 encoding?

P.S. It is generally considered insecure to encrypt passwords. Passwords should be digested together with a random salt.
PP.S. ECB block mode is generally considered insecure since it allows forgery by the splicing of ciphertext.
PPP.S. sun.misc.BASE64Decoder() is a private class that should not be used since it may be removed in later Java releases. There are free Base64 libraries; for example, Google "Jakarta Commons Codec" .
PPPP.S. That exception handling is very poor. When using the JCE just about all exceptions are fatal and should most definitely not be just silently ignored.
 
Ranch Hand
Posts: 5575
Eclipse IDE Windows XP Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch Preethi and srinivas
 
Java Cowboy
Posts: 16084
88
Android Scala IntelliJ IDE Spring Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

Not an answer to your question, but I hope this is useful anyway: Why are you encrypting and decrypting passwords?

It is almost always wrong to store encrypted passwords. Instead of encrypting and decrypting passwords, you should use a one-way hash algorithm on passwords, and store the hash in the database. When someone wants to login, you hash the text they entered with the same algorithm and compare that hash to the one stored in the database. To make it more secure, you should properly salt the hash.

That method is more secure than encrypting and decrypting passwords, because there is no way to get the password back from the hash. Hash algorithms are like a valve: you can go from the input to the output, but there's no way to get from the output back to the input.

For details about how this works, see Cryptographic hash function on Wikipedia.
 
There's a city wid manhunt for this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic