Examples with PKCS7Padding org.bouncycastle.crypto.paddings.PKCS7Padding used on opensource projects

Example 1 with PKCS7Padding

use of org.bouncycastle.crypto.paddings.PKCS7Padding in project inbot-utils by Inbot.

the class AESUtils method decryptBouncyCastle.

private static String decryptBouncyCastle(SecretKey secret, String input) {
    try {
        // Convert url-safe base64 to normal base64, remove carriage returns
        input = input.replaceAll("-", "+").replaceAll("_", "/").replaceAll("\r", "").replaceAll("\n", "");
        String[] splitInput = SPLIT_PATTERN.split(input);
        byte[] iv = hexStringToByteArray(splitInput[0]);
        byte[] encrypted = Base64.decodeBase64(splitInput[1]);
        // get raw key from password and salt
        byte[] key = secret.getEncoded();
        // setup cipher parameters with key and IV
        KeyParameter keyParam = new KeyParameter(key);
        CipherParameters params = new ParametersWithIV(keyParam, iv);
        // setup AES cipher in CBC mode with PKCS7 padding
        BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
        cipher.reset();
        cipher.init(false, params);
        // create a temporary buffer to decode into (it'll include padding)
        byte[] buf = new byte[cipher.getOutputSize(encrypted.length)];
        int len = cipher.processBytes(encrypted, 0, encrypted.length, buf, 0);
        len += cipher.doFinal(buf, len);
        // lose the padding
        byte[] out = new byte[len];
        System.arraycopy(buf, 0, out, 0, len);
        // lose the salt
        String plaintext = new String(out, StandardCharsets.UTF_8);
        String md5Hash = plaintext.substring(0, 22);
        String plainTextWithoutHash = plaintext.substring(22);
        if (md5Hash.equals(HashUtils.md5(plainTextWithoutHash))) {
            return plainTextWithoutHash;
        } else {
            // it's possible to decrypt to garbage with the wrong key; the md5 check helps detecting that
            throw new IllegalArgumentException("wrong aes key - incorrect content hash");
        }
    } catch (DataLengthException e) {
        throw new IllegalStateException("buffer not big enough", e);
    } catch (InvalidCipherTextException e) {
        throw new IllegalArgumentException("wrong password");
    }
}

Example 2 with PKCS7Padding

use of org.bouncycastle.crypto.paddings.PKCS7Padding in project spring-security by spring-projects.

the class BouncyCastleAesCbcBytesEncryptor method decrypt.

@Override
@SuppressWarnings("deprecation")
public byte[] decrypt(byte[] encryptedBytes) {
    byte[] iv = EncodingUtils.subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength());
    encryptedBytes = EncodingUtils.subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length);
    PaddedBufferedBlockCipher blockCipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new org.bouncycastle.crypto.engines.AESFastEngine()), new PKCS7Padding());
    blockCipher.init(false, new ParametersWithIV(this.secretKey, iv));
    return process(blockCipher, encryptedBytes);
}

Example 3 with PKCS7Padding

use of org.bouncycastle.crypto.paddings.PKCS7Padding in project inbot-utils by Inbot.

the class AESUtils method encryptBouncyCastle.

private static String encryptBouncyCastle(SecretKey secret, String plainText) {
    try {
        // prepending with md5 hash allows us to do an integrity check on decrypt to prevent returning garbage if the decrypt key is incorrect
        String md5 = HashUtils.md5(plainText);
        plainText = md5 + plainText;
        // the iv acts as a per use salt, this ensures things encrypted with the same key always have a unique salt
        // 128 bit iv because NIST AES is standardized with 128 bit blocks and iv needs to match block size, even when using 256 bit key
        byte[] iv = new byte[16];
        SECURE_RANDOM.nextBytes(iv);
        // setup cipher parameters with key and IV
        byte[] key = secret.getEncoded();
        // setup AES cipher in CBC mode with PKCS7 padding
        BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
        cipher.reset();
        cipher.init(true, new ParametersWithIV(new KeyParameter(key), iv));
        byte[] plainTextBuf = plainText.getBytes(StandardCharsets.UTF_8);
        byte[] buf = new byte[cipher.getOutputSize(plainTextBuf.length)];
        int len = cipher.processBytes(plainTextBuf, 0, plainTextBuf.length, buf, 0);
        len += cipher.doFinal(buf, len);
        // copy the encrypted part of the buffer to out
        byte[] out = new byte[len];
        System.arraycopy(buf, 0, out, 0, len);
        // iv$encrypted
        return byteArrayToHexString(iv) + "$" + new String(Base64.encodeBase64URLSafe(out), StandardCharsets.UTF_8);
    } catch (DataLengthException | InvalidCipherTextException e) {
        throw new IllegalStateException("cannot encrypt", e);
    }
}

Example 4 with PKCS7Padding

use of org.bouncycastle.crypto.paddings.PKCS7Padding in project nem2-sdk-java by nemtech.

the class Ed25519BlockCipher method setupBlockCipher.

private BufferedBlockCipher setupBlockCipher(final byte[] sharedKey, final byte[] ivData, final boolean forEncryption) {
    // Setup cipher parameters with key and IV.
    final KeyParameter keyParam = new KeyParameter(sharedKey);
    final CipherParameters params = new ParametersWithIV(keyParam, ivData);
    // Setup AES cipher in CBC mode with PKCS7 padding.
    final BlockCipherPadding padding = new PKCS7Padding();
    final BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), padding);
    cipher.reset();
    cipher.init(forEncryption, params);
    return cipher;
}

Example 5 with PKCS7Padding

use of org.bouncycastle.crypto.paddings.PKCS7Padding in project photon-model by vmware.

the class EncryptorService method getCipher.

/*
     * Cipher settings
     */
private BufferedBlockCipher getCipher(boolean forEncryption) {
    BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
    cipher.init(forEncryption, new ParametersWithIV(new KeyParameter(this.keyBytes, IV_LENGTH, this.keyBytes.length - IV_LENGTH), this.keyBytes, 0, IV_LENGTH));
    return cipher;
}