AES in Gingerbread

by Steve Hugg » Fri, 10 Dec 2010 11:59:24 GMT

Sponsored Links
 In Gingerbread, I'm decoding some previously-encoded data with the

    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.DECRYPT_MODE, skeySpec);
    byte[] decrypted = cipher.doFinal(encrypted);

I now get this exception:

javax.crypto.BadPaddingException: pad block corrupted
 at javax.crypto.Cipher.doFinal(

I see that BouncyCastle was upgraded from 1.34 to 1.45; does anyone
know what might be causing this code to behave differently?


Re: AES in Gingerbread

by Steve Hugg » Sat, 11 Dec 2010 03:30:07 GMT

 More debugging on this issue...

I am using this method to generate keys from a passphrase:

                KeyGenerator kgen = KeyGenerator.getInstance("AES", "BC");
                SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", 
                kgen.init(128, sr);
                SecretKey skey = kgen.generateKey();
                byte[] raw = skey.getEncoded();

This results in a different key for a given passphrase on 2.3 than it
does on 1.5-2.2.

Froyo returns this information for KeyGenerator and SecureRandom

AES BC version 1.34
SHA1PRNG Crypto version 1.0

Gingerbread returns:

AES BC version 1.45
SHA1PRNG Crypto version 1.0


Sponsored Links

Re: AES in Gingerbread

by Tim » Mon, 27 Dec 2010 09:22:25 GMT

 I have exactly the same problem. How did you handle this Steve?


Re: AES in Gingerbread

by nick » Mon, 27 Dec 2010 09:56:47 GMT


How exactly are you generating your key from a password? If 'seed' is your 
this code is very wrong. You should use password-based encryption to 
a key from password. Something like:

 PBEParameterSpec  pbeParamSpec = new PBEParameterSpec(salt, count);
 PBEKeySpec  pbeKeySpec = new PBEKeySpec(password);
 SecretKeyFactory  keyFactory = 
 SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec);


Re: AES in Gingerbread

by Bob Kerns » Mon, 27 Dec 2010 19:33:22 GMT

 I wonder if you realize that sr.setSeed(seed) does *NOT*, repeat *NOT*
set a SecureRandom to produce a predictable series of values?

Not only would that no longer be secure, it's not what setSeed() does
for a SecureRandom. Instead, it supplements the existing seed (which
is beyond your control when created as below). You'd have to supply
the seed in the constructor.

And if you are expecting SecureRandom to produce the same series of
values (as seen by KeyGenerator), or KeyGenerator to produce the same
key, between two versions of the OS, you're relying on something which
is not documented. Reproducability is just not part of their job.

I strongly suspect (and fear) that you're screwed, and your users are
likely screwed as well. Sorry to deliver bad news. If you like, post
more about what you're doing and maybe we can help you figure out the
way forward.


Other Threads

1. android-porting on HTC S740

Dear Sir, Madame,
May I congratulate to you for your fantastic O. S. for mobile devices.
May I say that I use Linux on my PC.
May I say that I have got a New Mobile Phone HTC S740 within Windows
Operative System n. 6.1.
May I say that I would like to port your O.S. Android  inside my smart
Is it possible?
Does Android support it?
May I thank you for your helpfulness!
Best Regards
Gae Giuliano


2. iPad



3. Problem in using android-vnc-viewer

4. Opening a gzipped raw resource file



7. How to with android-sdk_r3-linux.tgz