AES decryption Android

Question

I am working on AES encryption and decryption in Android, I post request using below Android code snippet.

Request Post

   String urlParameters = "username=abc&password=abc";
            String request = "http://abcd.co.uk/data_abc.php?";
            String passkey = "mysecretkey";

   URL url;
    HttpURLConnection connection = null;
    try {
        //Create connection
        url = new URL(request);
        connection = (HttpURLConnection) url.openConnection();
        connection.setRequestMethod("POST");
        connection.setRequestProperty("Content-Type",
                "application/x-www-form-urlencoded");

        connection.setRequestProperty("Content-Length", "" +
                Integer.toString(urlParameters.getBytes().length));
        connection.setRequestProperty("Content-Language", "en-US");

        connection.setUseCaches(false);
        connection.setDoInput(true);
        connection.setDoOutput(true);

        //Send request
        DataOutputStream wr = new DataOutputStream(
                connection.getOutputStream());
        wr.writeBytes(urlParameters);
        wr.flush();
        wr.close();

        //Get Response
        InputStream is = connection.getInputStream();
        BufferedReader rd = new BufferedReader(new InputStreamReader(is));
        String line;
        StringBuffer response = new StringBuffer();
        while ((line = rd.readLine()) != null) {
            response.append(line);
            response.append('\r');
        }
        rd.close();
        return response.toString();

    } catch (Exception e) {

        e.printStackTrace();
        return null;

    } finally {

        if (connection != null) {
            connection.disconnect();
        }
    }

And I successfully got Base64 Encrypted response string from the above request but when I try to decrypt the response string using following code snippet, It return unreadable string like characters and boxes.

Decryption

  String strDecriptedValue = decrypt(passkey, responseBase64);

public static String decrypt(String seed, String encrypted)
            throws Exception {
        byte[] rawKey = getRawKey(seed.getBytes());
        byte[] enc = Base64.decode(encrypted.getBytes(), Base64.DEFAULT);
        byte[] result = decrypt(rawKey, enc);
        return new String(result);
    }

private static byte[] getRawKey(byte[] seed) throws Exception {
        KeyGenerator keygen = KeyGenerator.getInstance("AES");
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
        random.setSeed(seed);
        keygen.init(128, random); 
        SecretKey key = keygen.generateKey();
        byte[] raw = key.getEncoded();
        return raw;
    }

private static byte[] decrypt(byte[] raw, byte[] encrypted)
            throws Exception {
        SecretKeySpec keySpec = new SecretKeySpec(raw, "AES");
        Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
        cipher.init(Cipher.DECRYPT_MODE, keySpec);
        byte[] decrypted = cipher.doFinal(encrypted);
        return decrypted;
    }

Decrypted Output

��]ة*�]��O��Z���Q2�_

The response should be in JSON format but actual output is like above.

Please share the snippet which is used to decrypt the data with AES 256 bit, secure key using Base 64.

And also I tried using AES/CBC/NoPadding , AES/CBC/PKCS5Padding etc., but its not getting work.

Answer 1

You are using SecureRandom random to generated key using passed seed value. But the actual implementation of SecureRandom on the server and the one used by your Android code be different (you are using some PHP code it seems) so the generated key value would be different.

Also you mentioned the 256 bit key but your code is using 128 instead: keygen.init(128, random);

So make sure that your are using the same keys on both side. You should try your code first with the 'fixed' key on both side and check if it works, otherwise you may still have bugs in your decryption/encryption process. You included only half of the process code in your question.