Problems encoding/decoding using AES-128-CBC

Question

So basically I have these snippets of code and would like them to produce the same output:

require 'openssl'
aes = OpenSSL::Cipher::Cipher.new("AES-128-CBC")
aes.key = "aaaaaaaaaaaaaaaa"
aes.iv = "aaaaaaaaaaaaaaaa"
aes.encrypt
encrypted = aes.update("1234567890123456") << aes.final
puts encrypted.unpack('H*').join

This prints:

8d3bbffade308f8e4e80cb77ecb8df19ee933f75438cec1315c4a491bd1b83f4

And this Java code:

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
String key = "aaaaaaaaaaaaaaaa";
String textToEncryptpt = "1234567890123456";

SecretKeySpec keyspec = new SecretKeySpec(key.getBytes(), "AES");
IvParameterSpec ivspec = new IvParameterSpec(key.getBytes());
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
byte[] encrypted = cipher.doFinal(textToEncryptpt.getBytes());
System.out.println(Crypto.bytesToHex(encrypted));

Prints:

2d3760f53b8b3dee722aed83224f418f9dd70e089ecfe9dc689147cfe0927ddb

Annoying thing is that it was working a couple of days ago... so I am not sure what happened. What's wrong with this code? Do you see anything unusual?

Answer 1

Ruby script is wrong. You have to first call the encrypt method, and then set the key and iv:

require 'openssl'
aes = OpenSSL::Cipher::Cipher.new("AES-128-CBC")
aes.encrypt
aes.key = "aaaaaaaaaaaaaaaa"
aes.iv = "aaaaaaaaaaaaaaaa"
encrypted = aes.update("1234567890123456") << aes.final
puts encrypted.unpack('H*').join

I figured out because when trying to decode an encrypted string I got:

aescrypt.rb:13:in `final': bad decrypt (OpenSSL::Cipher::CipherError)
    from aescrypt.rb:13:in `<main>'

Answer 2

Seems you found already the reason that your script does give different results.

Some more things to consider:

• Don't ever hardcode the key in the program - that way you can't easily change it, and if someone gets access to your program code, she also gets to see the key.
• Don't ever use a constant initialization vector. Instead, generate a random one and send it together with the ciphertext. Alternatively, if you generate the key from a password and some salt, you can also generate the IV from the same ... but don't use the key directly as IV.
• Your key/IV values are strings, not bytes. String.getBytes() (in Java) converts the string to bytes using some encoding. The encoding used is system-dependent, and none of the usual String encodings (UTF-8, Latin-1, ...) can represent all bytes as printable (and typeable) characters. Preferably use something like Base64 or hex-encoding, if you have to store your key as string.
• And whenever you transform a string to bytes, specify an encoding (and use the same encoding later for retrieving it).

Answer 3

@Cristian, For key and initial vector, you can create a function by using today's date plus the secure fixed keyword.

Eg: key = January 8, 2012 + Key

And for initial vector,

Eg: iv = January 8, 2012 + IV

Then enter that data(key and iv) to MD5 it will produce the output 16 bytes that you can use for the Key and IV. Every day, key and iv will change randomly.

Make sure both systems use the same date format and setup on the same date.