CODEWITHSUNDEEP
javaencryptionbase64aesmysql-8.0
Julian Solarte
Julian Solarte

Reputation: 585

How to decrypt information encrypted by Java Cipher using Mysql 8?

Context

I am encrypting information from my application then I save the encrypted information in my MySql 8.0 database, this is the way to encrypt and decrypt the information in my application:

private static final String ALGORITHM = "AES/ECB/PKCS5Padding";

@Override
public String convertToDatabaseColumn(String data) {
    if (data != null) {
        Key key = new SecretKeySpec(KEY_ENCRYPT_BD.getBytes(), "AES");
        try {
            Cipher c = Cipher.getInstance(ALGORITHM);
            c.init(Cipher.ENCRYPT_MODE, key);
            return Base64.getEncoder().encodeToString(c.doFinal(data.getBytes("UTF-8")));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
    return null;
}

@Override
public String convertToEntityAttribute(String dbData) {
    if (dbData != null) {
        Key key = new SecretKeySpec(KEY_ENCRYPT_BD.getBytes(), "AES");
        try {
            Cipher c = Cipher.getInstance(ALGORITHM);
            c.init(Cipher.DECRYPT_MODE, key);
            return new String(c.doFinal(Base64.getDecoder().decode(dbData.getBytes("UTF-8"))), "UTF-8");
        } catch (Exception e) {
            return dbData;
        }
    }
    return null;
}

The encrypted information is saved in varchar(65) column with utf8mb4 charset.

What I am looking for

I am looking to decrypt the encrypted information but through MySql 8.0, I have tried several ways trying to do the same process in Java code but all I get is a Null result.

This is the query

SELECT AES_DECRYPT(FROM_BASE64(primer_nombre),'passwordKey')   FROM info_personal_usuario;

Hint

I have managed to decrypt the data but using Mysql 5.7 with the following query.

SELECT Cast(Aes_decrypt(From_base64(primer_nombre),"passwordkey")
AS CHAR(50)) primer_nombre FROM info_personal_usuario

What I have tried

I have tried to change the cipher mode

SET block_encryption_mode = 'aes-256-cbc';
SET @init_vector = RANDOM_BYTES(16);
SET @key_str = SHA2('pwdKey',512);
SELECT Cast(Aes_decrypt(From_base64(primer_nombre),@key_str,@init_vector) AS CHAR(50)) primer_nombre FROM info_personal_usuario;

Upvotes: 1

Views: 1668

Answers (2)

Tasos P.
Tasos P.

Reputation: 4124

Your AttributeConverter responsible for data encryption uses AES/ECB/PKCS5Padding cipher, which translates to:

  • AES encryption with the default 128bit key length
  • ECB mode
  • PKCS5 padding

In order to decrypt data encrypted with the above method with MySQL's AES_DECRYPT you need to configure it with the same settings (also knowing the encryption key will help ;-) ). In this case, you should use:

SET block_encryption_mode = 'aes-128-ecb';
SELECT CAST(AES_DECRYPT(FROM_BASE64(column_name),'encryption_key') as  char(64));

Sample encryption code:

        final String KEY_ENCRYPT_BD = "TEST#EST@#ST!@#T";
        final String ALGORITHM = "AES/ECB/PKCS5Padding";
        final String data = "Secret";

        Key key = new SecretKeySpec(KEY_ENCRYPT_BD.getBytes(), "AES");
        Cipher c = Cipher.getInstance(ALGORITHM);
        c.init(Cipher.ENCRYPT_MODE, key);
        System.out.println(Base64.getEncoder().encodeToString(c.doFinal(data.getBytes("UTF-8"))));

// Output is: pkIRP/y09TKfv5Y8nPrFRw==

Sample decryption code:

SET block_encryption_mode = 'aes-128-ecb';
SELECT cast(Aes_decrypt(From_base64('pkIRP/y09TKfv5Y8nPrFRw=='),'TEST#EST@#ST!@#T') as  char(50));

Output is Secret

Notes:

  • Your utf8mb4 character set is irrelevant since you only store base64 strings. Perhaps a binary datatype might save you a few bytes per record (and avoid base64 altogether).
  • Your MySQL 5.7 server might already have block_encryption_mode set to aes-128-ecb which explains why decryption works

Upvotes: 3

Nisha Gupta
Nisha Gupta

Reputation: 1

The Below MySQL Query decrypts the string

SELECT description, AES_DECRYPT(description,'key') FROM test_table;

Upvotes: 0

Related Questions