CODEWITHSUNDEEP
javapostgresqlencryptioncryptographypgcrypto
Rakesh Goyal
Rakesh Goyal

Reputation: 3231

Encrypting in Java and Decrypting in Postgres (using pgcrypto module)

I am using following code to encrypt and decrypt in Java and it seems to working fine:

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.security.SecureRandom;

public class MainNew {

    public static void main(String[] args) {
        String iv = getEncryptionIV();
        System.out.println(" iv = "+iv);

        String encryptedData= encryptWithIVandKey(iv,encryptionKey,"[email protected]");
        System.out.println(encryptedData);
        String decryptedData = decrypt (iv,encryptionKey,encryptedData);
        System.out.println(decryptedData);
    }


    static final String encryptionKey = "rakesh1@n1111111";


    static byte[] doFinal(int encryptMode, SecretKey key, String iv, byte[] bytes) {

        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(encryptMode, key, new IvParameterSpec(DatatypeConverter.parseHexBinary(iv)));
            byte[] data = cipher.doFinal(bytes);

            return data;

        } catch (Exception e) {
            e.printStackTrace();
            System.out.println(e);
        }
        return null;

    }



    static SecretKey generateKey(String passphrase) {

        SecretKey key = null;

        try {

            key = new SecretKeySpec(passphrase.getBytes("UTF-8"), "AES");


        } catch (Exception e) {
            e.printStackTrace();
            System.out.println(e);
        }

        return key;
    }




    static String getEncryptionIV() {
        SecureRandom random = new SecureRandom();
        byte[] ivBytes = new byte[16];
        random.nextBytes(ivBytes);
        return DatatypeConverter.printHexBinary(ivBytes);
    }

    static String encryptWithIVandKey( String iv, String passphrase, final String strToEncrypt) {
        String encryptedStr = "";

        try {
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            SecretKey key = generateKey(passphrase);
            cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(DatatypeConverter.parseHexBinary(iv)));

            encryptedStr = DatatypeConverter.printBase64Binary(cipher.doFinal(strToEncrypt.getBytes("UTF-8")));

        } catch (Exception e) {
            e.printStackTrace();
            System.out.println(e);
        }


        return encryptedStr;
    }

    static String decrypt(String iv, String passphrase, String ciphertext) {
        try {
            SecretKey key = generateKey(passphrase);
            byte[] decrypted = doFinal(Cipher.DECRYPT_MODE, key, iv, DatatypeConverter.parseBase64Binary(ciphertext));
            return new String(decrypted, "UTF-8");
        } catch (Exception e) {
            e.printStackTrace();
            System.out.println(e);
        }
        return "";
    }

}

But when I try to decrypt generated encrypted data in postgres, getting error:

select    convert_from(decrypt_iv('IKMfAng499RNG9viRAreMM5Pmqooidkx76YUBflmzzs=', 'rakesh1@n1111111'::bytea, 'F700FE182F347120F1AE67F5B64E68C2'::bytea, 'aes-cbc/pad:pkcs'),'utf-8') res;

ERROR: decrypt_iv error: Data not a multiple of block size

Upvotes: 4

Views: 7064

Answers (1)

user2458080
user2458080

Reputation: 989

Of course, when you re-run the Java class, you get a fresh IV-- and because of that, a fresh encryption string. I'm thinking that the IV and encrypted string you're injecting into the PostgreSQL example from above are broken. When I run the class and get fresh values...

Output from Java:

iv = CE63BC477D1096B6F38CA77964CBD2CB
pl26CH0sNT8gycZe0FVSVUpwH/moMaFpa6zMtZHcBKQ=
[email protected]

But that's not the real problem... You have to remember, your encrypted string was coming out as a base64-encoded string. Use decode(text,text) for that. Then the IV was coming out as a hex-encoded string. Use decode for that too.

select convert_from(
  decrypt_iv(
    decode('pl26CH0sNT8gycZe0FVSVUpwH/moMaFpa6zMtZHcBKQ=','base64'), 
    'rakesh1@n1111111'::bytea,
    decode('CE63BC477D1096B6F38CA77964CBD2CB','hex'), 'aes-cbc/pad:pkcs'),'utf-8') res;

Upvotes: 6

Related Questions