AES - Storing IV with Ciphertext in Java

Question

I have implemented a CBC Mode AES encryption and decryption mechanism in which I am generating Random IV and Random Secret key for each encryption attempt which is recommended.

Now, I have saved my key in a separate file and IV in another file, but after going through the different forums I have found that the IV should not be kept secure and shall be appended with the Ciphertext while encryption and at the time of decryption we can get the 16 bytes plucked out from that cipher byte array..

Now, I tried a snippet of code to achieve the same, but the result were not good as the first block was not encrypting properly; however the rest of the block does.

Can someone tell me whats wrong with my approach?

Any help will be highly appreciated thanks :).

public static byte[] encrypt (byte[] plaintext,SecretKey key,byte[] IV ) throws Exception {

        //Get Cipher Instance
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

        //Create SecretKeySpec
        SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "AES");

        //Create IvParameterSpec
        IvParameterSpec ivSpec = new IvParameterSpec(IV);

        System.out.println( "IV encrypt= " + ivSpec );

        //Initialize Cipher for ENCRYPT_MODE
        cipher.init(Cipher.ENCRYPT_MODE, keySpec);

        //Perform Encryption
        byte[] cipherText = cipher.doFinal(plaintext);

        ByteArrayOutputStream b = new ByteArrayOutputStream();

        b.write(IV);
        b.write( cipherText );

        return b.toByteArray();
    }

--------------------------------------------------------------------------
public static String decrypt (byte[] cipherText, SecretKey key ) throws Exception
    {
        //Get Cipher Instance
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

        //Create SecretKeySpec
        SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "AES");

        byte[] iv = Arrays.copyOfRange( cipherText , 0, 16);

        //Create IvParameterSpec
        IvParameterSpec ivSpec = new IvParameterSpec(iv);

        //Initialize Cipher for DECRYPT_MODE
        cipher.init(Cipher.DECRYPT_MODE, keySpec,ivSpec);

        //Perform Decryption
        byte[] decryptedText = cipher.doFinal(cipherText);

        return new String(decryptedText);
    }

----------------------------------------------------------------------------

KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        keyGenerator.init(128);

        // Generate Key
        SecretKey key = keyGenerator.generateKey();

        // Generating IV.
        byte[] IV = new byte[16];
        SecureRandom random = new SecureRandom();
        random.nextBytes(IV);

        System.out.println("Original Text  : " + plainText);

        byte[] cipherText = encrypt(plainText.getBytes("UTF-8") ,key, IV);



        String decryptedText = decrypt(cipherText,key, IV);
        System.out.println("DeCrypted Text : "+decryptedText);

RESULT

Original Text  : This is a plain text which need to be encrypted by AES Algorithm with CBC Mode
DeCrypted Text : ûª¯Î¥pAï2EÞi+¼‹Ý$8ŶÄDDNâOæàtext which need to be encrypted by AES Algorithm with CBC Mode

Answer 1

Just because you copy out the IV here:

byte[] iv = Arrays.copyOfRange( cipherText , 0, 16);

Doesn't mean it isn't still present when you try to decrypt it during:

byte[] decryptedText = cipher.doFinal(cipherText);

You should decrypt everything in ciphertext except for the first 16 bytes. At the moment you're also performing AES decryption on the IV - which is why you're getting garbage.