AES in Gingerbread

by Steve Hugg » Fri, 10 Dec 2010 11:59:24 GMT

Sponsored Links
 In Gingerbread, I'm decoding some previously-encoded data with the

    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.DECRYPT_MODE, skeySpec);
    byte[] decrypted = cipher.doFinal(encrypted);

I now get this exception:

javax.crypto.BadPaddingException: pad block corrupted
 at javax.crypto.Cipher.doFinal(

I see that BouncyCastle was upgraded from 1.34 to 1.45; does anyone
know what might be causing this code to behave differently?


Re: AES in Gingerbread

by Steve Hugg » Sat, 11 Dec 2010 03:30:07 GMT

 More debugging on this issue...

I am using this method to generate keys from a passphrase:

                KeyGenerator kgen = KeyGenerator.getInstance("AES", "BC");
                SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", 
                kgen.init(128, sr);
                SecretKey skey = kgen.generateKey();
                byte[] raw = skey.getEncoded();

This results in a different key for a given passphrase on 2.3 than it
does on 1.5-2.2.

Froyo returns this information for KeyGenerator and SecureRandom

AES BC version 1.34
SHA1PRNG Crypto version 1.0

Gingerbread returns:

AES BC version 1.45
SHA1PRNG Crypto version 1.0


Sponsored Links

Re: AES in Gingerbread

by Tim » Mon, 27 Dec 2010 09:22:25 GMT

 I have exactly the same problem. How did you handle this Steve?


Re: AES in Gingerbread

by nick » Mon, 27 Dec 2010 09:56:47 GMT


How exactly are you generating your key from a password? If 'seed' is your 
this code is very wrong. You should use password-based encryption to 
a key from password. Something like:

 PBEParameterSpec  pbeParamSpec = new PBEParameterSpec(salt, count);
 PBEKeySpec  pbeKeySpec = new PBEKeySpec(password);
 SecretKeyFactory  keyFactory = 
 SecretKey pbeKey = keyFactory.generateSecret(pbeKeySpec);


Re: AES in Gingerbread

by Bob Kerns » Mon, 27 Dec 2010 19:33:22 GMT

 I wonder if you realize that sr.setSeed(seed) does *NOT*, repeat *NOT*
set a SecureRandom to produce a predictable series of values?

Not only would that no longer be secure, it's not what setSeed() does
for a SecureRandom. Instead, it supplements the existing seed (which
is beyond your control when created as below). You'd have to supply
the seed in the constructor.

And if you are expecting SecureRandom to produce the same series of
values (as seen by KeyGenerator), or KeyGenerator to produce the same
key, between two versions of the OS, you're relying on something which
is not documented. Reproducability is just not part of their job.

I strongly suspect (and fear) that you're screwed, and your users are
likely screwed as well. Sorry to deliver bad news. If you like, post
more about what you're doing and maybe we can help you figure out the
way forward.


Other Threads

1. any ideas about how to lunch the Account and sync settings screen from within my app main activity

hi all

any ideas about how to lunch the  Account and sync settings screen from
within my app main activity



2. siyapah ya yg bakalan pake backflip pertama di id-android?

kira2 siyapah?

"Indonesian Android Community [id-android]" 

3. USB-Master in Android

4. "Scheduling restart of crashed service", but no call to onStart() follows

5. any ideas about how to lunch the Account and sync settings screen from within my app main activity

6. Complex tab indicators

7. Motorolla milestone panas