javax.crypto.IllegalBlockSizeException:Input length must be multiple of 16 when decrypting with padded cipher

Hello Team,

We are facing the below error while performing encryption/decryption using **key**,**IV** can you please help to resolve issue.

Below is the code snippet

-----------------------------------------------------------------------------------------------------------

<JavaCallout name="Java-AesEncrypt1"> 
  <DisplayName>Encrypt</DisplayName> 
  <Properties> 
    <Property name="action">encrypt</Property> 
    <Property name="debug">true</Property> 
    <Property name="key-strength">256</Property> 
    <Property name="key">{SHA256Hashing}</Property> 
    <Property name="iv">2121helloraesaes</Property> 
    <Property name="mode">CBC</Property> 
    <Property name="padding">PKCS5Padding</Property> 
    <Property name="encode-result">base64</Property> 
  </Properties> 
  <ClassName>com.google.apigee.callouts.AesCryptoCallout</ClassName> 
  <ResourceURL>java://apigee-callout-aes-crypto-20210409.jar</ResourceURL> 
</JavaCallout>


---------------------------------------------------------------------------------------------

<JavaCallout name="Java-AesDecrypt1"> 
  <DisplayName>Decrypt</DisplayName> 
  <Properties> 
    <Property name="action">decrypt</Property> 
    <Property name="debug">true</Property> 
    <Property name="key-strength">256</Property> 
    <Property name="key">{SHA256Hashing}</Property> 
    <Property name="iv">2121helloraesaes</Property> 
    <Property name="mode">CBC</Property> 
    <Property name="padding">PKCS5Padding</Property> 
    <Property name="utf8-decode-result">true</Property> 
  </Properties> 
  <ClassName>com.google.apigee.callouts.AesCryptoCallout</ClassName> 
  <ResourceURL>java://apigee-callout-aes-crypto-20210409.jar</ResourceURL> 
</JavaCallout>


-------------------------------------------------------------------------------------------

Error:

javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:936) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847) at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446) at javax.crypto.Cipher.doFinal(Cipher.java:2165) at com.google.apigee.callouts.AesCryptoCallout.aesDecrypt(AesCryptoCallout.java:367) at com.google.apigee.callouts.AesCryptoCallout.execute(AesCryptoCallout.java:528) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$ClassLoadWrappedExecution.execute(JavaCalloutStepDefinition.java:235) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:302) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution$1.run(JavaCalloutStepDefinition.java:300) at java.security.AccessController.doPrivileged(Native Method) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$SecurityWrappedExecution.execute(JavaCalloutStepDefinition.java:300) at com.apigee.steps.javacallout.JavaCalloutStepDefinition$CallOutWrapper.execute(JavaCalloutStepDefinition.java:169) at com.apigee.messaging.runtime.steps.StepExecution.execute(StepExecution.java:157) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:82) at com.apigee.flow.execution.AbstractAsyncExecutionStrategy$AsyncExecutionTask.call(AbstractAsyncExecutionStrategy.java:48) at com.apigee.threadpool.CallableWrapperForMDCPreservation.call(CallableWrapperForMDCPreservation.java:26) at com.apigee.threadpool.ThreadPoolManager$QueueAwareCallableTask.call(ThreadPoolManager.java:546) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748)

Regards,

Mani Teja

0 1 2,823
1 REPLY 1

I think you need to base64-decode the payload before decrypting.

The configuration of your encryption policy tells the policy to base64-encode the resulting bytestream. That results in a printable string.

The decrypt policy tries to decrypt, but according to the configuration you have provided, that policy is expecting an unencoded ciphertext.

The configuration you need to use for decrypt, if you have a base64-encoded ciphertext, must include:

      <Property name='decode-source'>base64</Property>

Let me know if you don't understand why this is so.

Because you are not decoding the ciphertext, the decrypt callout is attempting to decrypt the base64-encoded form, and that won't work. That will likely result in the "IllegalBlockSizeException" that you see.

An alternative is to omit the encode-result property from the encryption callout.

      <!-- <Property name='encode-result'>base64</Property> -->
 

One way or the other. Either tell the encryption callout to encode, and tell the decryption callout to decode, or, don't tell the encryption callout to encode its output, and don't configure the decryption callout to decode. You have them mixed: the encryption is encoding its output and the decryption is not decoding its input. that won't work.