AES Encryption algorithms and padding scheme
Hello currently i have to do an AES encription and send it to an external SW but i am having trouble with the sonarqube.
this is the relevant part of my current code:
String encriptedPad = afegir0Multiple8(Hex.encodeHexString(encriptar.getBytes()));
String cadenaAmb0 = afegir0Multiple8(encriptar); //Creem un cadena amb la longitut que necessitem
byte[] cadenaRes = cadenaAmb0.getBytes(); //Cadena resultant per encriptar
//Clau
byte[] hexclaub = DatatypeConverter.parseHexBinary(claveCifradoRedsa);
SecretKeySpec key = new SecretKeySpec(ArrayUtils.addAll(hexclaub,ArrayUtils.subarray(hexclaub,0,8)), "AES");
//Vector Init
String v = vectorInicial;
IvParameterSpec ivectorSpecv = new IvParameterSpec(v.getBytes("UTF-8"));
//Encriptem
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, key, ivectorSpecv);
byte[] encrypted = cipher.doFinal(cadenaRes);
Is a little spaguetti cause it´s recyclated for an old code (TripleDES) sorry for that. But we can get the gist of it that`s that we are using an AES configuration with AES/CBC/PKCS5PADDING
the thing is that our sonarqube is getting this output when i send this code:
Could someone explain me a little about oracle padding attacks and if there is some impact using the instance recommended by sonar? I am quite lost with encryption
pd: The SW has accepted to change the configuration but i would like to understand why i have to use one specific configuration above others
thanks
Well the question is already solved thanks to @Topaco in the comments below. I will update my code here in order to make this question answered.
My current Code looks like this:
@Override
public Map execute(Map in) throws Exception {
log.info("********** CIFRADO AES ACTION ****************");
Map params = (Map) in.get("request_params");
Map resultado = new HashMap();
resultado.put("clave", encriptarAES((String) in.get("encriptar"),(String) in.get("claveCifrado"),(String) in.get("vectorInicial")));
return resultado;
}
private String encriptarAES(String encriptar, String claveCifradoRedsa, String vectorInicial) throws Exception {
SecretKey key = new SecretKeySpec(claveCifradoRedsa.getBytes(), "AES");
key = new SecretKeySpec(key.getEncoded(), "AES");
//Encriptem
GCMParameterSpec ivParameterSpec = new GCMParameterSpec(128, vectorInicial.getBytes());
Cipher cipher = Cipher.getInstance(instance);
cipher.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec);
byte[] encrypted = cipher.doFinal(encriptar.getBytes());
String codificado64 = Base64.getUrlEncoder().encodeToString(encrypted);
log.info(encriptar);
log.info(codificado64);
log.info("************************ FIN CIFRADO AES ACTION ***********************");
return codificado64;
}
I think it a pretty clean example of AES encryption, hope it´s useful to someone
- New problem during fixing incompatibility between Gradle and Java versions in Flutter
- java.lang.NoClassDefFoundError: java.util.Objects
- How to find week of the month
- JNA: Change String encoding for only one external native library
- Execution failed for task ':path_provider_android:compileDebugJavaWithJavac'
- REST API URL pattern design
- How to add a range of values in a Json and return the objects that are in that range
- java.io.FileNotFoundException: class path resource cannot be opened because it does not exist
- Why is my controller calling different API when there is no match API for the request?
- Eclipse java debugging: source not found
- How to get the primary key of any JPA entity?
- java switch statement many cases simplified
- JavaFx Tableview, Can I format an entire rows cells based on one cell's value?
- Spoof-proof file type validation in a Spring Boot app
- How to pass command-line arguments to IntelliJ itself, to alter behavior of IDE (not my own app within IDE)?
- Adding lombok dependency and @Slf4j does not let use logger
- Should Kotlin sealed interfaces be exhaustive in Java switch expressions?
- Convert a PDF file to image
- Springdoc & Swagger & Spring 6 (not springboot)
- Build URL/URI with 3 pieces (scheme, baseurl and suffix url) of information
- Clone git repository in-memory
- wildfly time out [300] is occurring while running the project in debug mode on server
- Gson Type Adapter vs. Custom Deseralizer
- Error: Could not find or load main class Caused by: java.lang.ClassNotFoundException with jpackage
- Pooling RestTemplante setReadTimeout
- Remove characters from the second string which are present in the first string
- Stanford CoreNLP properties File not found
- Mockito + Spy: How to gather return values
- Mockito verify the return of a spied object method
- mockito: Is there a way of capturing the return value of stubbed method?