Encryption Decryption on Multiple Servers

Question

We have system setup that involves multiple servers. For e.g access management server does the authentication part when a user logs in to the application, on successful login it forwards the HTTP Request to a web-server that further forwards it to the application server.

Now the requirement is that during authentication at AM server, we need to write some data in cookies, add these cookies in HTTP request being forwarded to the application server. The applications deployed on App Server will read these cookies and use the value.

This I have done and tested successfully. But actually the data in cookies needs to be in encrypted format. So the AM server should encrypt the data and App server should decrypt the data to use it. I created a JCEKS keystore on AM server, added one Encryption Key to it using keytool command. Then in my custom class written on AM server, I use Cipher to encrypt the data with AES-128 algorithm. This is done successfully.
I also created another JCEKS keystor on my App server, added an Encryption Key to it using keytool command. Then I exported the cert from keystore of AM server and imported it into the keystore of App server which created a TrustedCert entry in App server's keystore. But when I decrypt the data on App server using Cipher and AES-128 also, I get exception:

javax.crypto.BadPaddingException: Given final block not properly padded

I must be missing something in my keystore setup. Please provide some guidance on how to do this.

Thanks!

Answer 1

I got the solution. What I was doing wrong was that i was generating encryption keys in both the keystores. Correct way is to generate a secretkey in one keystore and export-import it to another keystore. I was not able to do this with keytool so i used keytool IUI, great tool!!!