Reputation: 1029
base64 encoding js issue
I am using AES for encrypting and decrypting my password. What I am trying to implement is that that I need to store the encrypted password at the client side in the form of a cookie and then when the client logs in again into my website I need to get that encrypted password from the client side and decrypt it to check it against the unencrypted password provided by the client. The problem I am facing is that while encryption I convert byte array of the encrypted password to string using BASE64.encodeString() in java so that it could be passed to the client side. But when I get the same string from the client side, i.e from the cookie and try to decrypt it, it gives me padding error, i.e. javax.crypto.illegalBlockSizeException : Input length must be multiple of 16 when decrypting with padded cipher .
Why is it happening?
Code for encryption :
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivspec);
byte[] plainBytes = Data.getBytes(UNICODE_FORMAT);
byte[] encrypted = cipher.doFinal(plainBytes);
String encryption = Base64.encodeBase64String(encrypted);
return encryption;
Code for decryption :
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivspec);
byte[] decryptval = Base64.decodeBase64(encryptedData);
byte[] decrypted = cipher.doFinal(decryptval);
return new String(decrypted);
Is the error coming because I am passing the encrypted string to the js to be stored in cookie.?? does JS fiddle with the base64encoded string?
Upvotes: 0
Views: 1234
Answers (2)
Reputation: 111
I STRONGLY advise against using a cipher to store/transmit passwords.
A Hash function is a much safer idea. The difference between a Cipher and a Hash is that a Cipher is reversible, whilst a Hash is one way (Plaintext -> Hashtext). Storing your users passwords on the server in a)plaintext or b)encrypted is a big no-no in terms of security.
A Hash on the other hand cannot be reversed; (Theoretically at least)
A simple hash can be done just as easily using the MessageDigest class
Getting a Hash can be pretty simple:
Message Digest md = MessageDigest.getInstance("MD5");
md.digest(input.getBytes());
The client side can then hash the plaintext password to send across to the Server. Then the server can compare hashes to authenticate and return a session token to the user which they can use for the rest of the session without having to transmit passwords all around the place.
Upvotes: 1
Reputation: 4202
Try using the following method to convert bytes to string while encryption -
public static String bytesToString(byte[] bytes) {
HexBinaryAdapter adapter = new HexBinaryAdapter();
String s = adapter.marshal(bytes);
return s;
}
So instead of -
String encryption = Base64.encodeBase64String(encrypted);
Use
String encryption = bytesToString(encrypted);
Similarly, during decryption use this method -
public static byte[] hexToBytes(String hexString) {
HexBinaryAdapter adapter = new HexBinaryAdapter();
byte[] bytes = adapter.unmarshal(hexString);
return bytes;
}
That is -
byte[] decryptval = hexToBytes(encryptedData);
Upvotes: 0
Related Questions
- NodeJs base64 string incorrect
- Failed to decode base64 in javascript
- base64 Encoder via crypto-js
- Crypto js decrypt from base64
- Javascript Base64 decode fails
- Javascript atob is not decoding the base64 string properly
- Decoding base64 string doesn't work in JS, works with Linux' base64
- Decoding not working with Base64
- JavaScript not correctly encoding and decoding the characters
- base 64 encoding in javascript