Android cipher.doFinal got BadPaddingException when try to decrypt after reopen app

Question

Question may be long but I will try to describe it in detail.

Here is a demo has issue like mine.

I have an android app and I want to add a function, which allow user to encrypt and save their passwords in SharedPreferences, and read and decrpty them from SharedPreferences. It's only available when the fingerprint has enrolled and fingerprint valid can be used as verification way to get these passwords.

when store:

1. user input password
2. create encrpty mode cipher by SecretKey generated by AndroidKeyStore

public Cipher getEncryptCipher() {
    try {
        Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/"
                + KeyProperties.BLOCK_MODE_CBC + "/"
                + KeyProperties.ENCRYPTION_PADDING_PKCS7);
        mKeyStore.load(null);
        SecretKey key = (SecretKey) mKeyStore.getKey(KEY_NAME, null);
        cipher.init(Cipher.ENCRYPT_MODE, key);
        return cipher;
    } catch (Exception e) {
        throw new RuntimeException("Failed to encrypt pin ", e);
    }
}

3. FingerprintManager valid the cipher(Cipher A) and get real encrpty cipher (Cipher B)

//mCryptoObject is generated by cipher in step 2
mFingerprintManager.authenticate(mCryptoObject, mCancellationSignal, 0 /* flags */, FingerprintManager.AuthenticationCallback, null);


//in FingerprintManager.AuthenticationCallback
javax.crypto.Cipher cipher = result.getCryptoObject().getCipher();

4. encrpty password by the cipher(Cipher B) supported from FingerprintManager
5. store encrypted password and cipher iv in SharedPreferences

//In my app, we have many device, every could have one password. Pin is password.
public void encryptPin(String deviceId, String pin, javax.crypto.Cipher cipher) {
    try {
        if (cipher == null) return;
        byte[] encryptedBytes = cipher.doFinal(pin.getBytes("utf-8"));
        byte[] cipherIv = cipher.getIV();
        String encodedPin = Base64.encodeToString(encryptedBytes, Base64.DEFAULT);
        String encodeCipherIv = Base64.encodeToString(cipherIv, Base64.DEFAULT);
        SharedPreferences.Editor editor = mSharedPreferences.edit();
        editor.putString(createPinKey(deviceId), encodedPin);
        editor.putString(createIvKey(deviceId), encodeCipherIv);
        editor.apply();
    } catch (IOException | IllegalBlockSizeException | BadPaddingException e) {
        throw new RuntimeException("Failed to encrypt pin ", e);
    }
}

when read:

1. read cipher iv and create decrpty mode cipher(Cipher C)

public Cipher getDecryptCipher(String deviceId) {
    try {
        String encodedIv = mSharedPreferences.getString(createIvKey(deviceId), "");
        byte[] cipherIv = Base64.decode(encodedIv, Base64.DEFAULT);
        Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/"
                + KeyProperties.BLOCK_MODE_CBC + "/"
                + KeyProperties.ENCRYPTION_PADDING_PKCS7);
        mKeyStore.load(null);
        SecretKey key = (SecretKey) mKeyStore.getKey(KEY_NAME, null);
        cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(cipherIv));
        return cipher;
    } catch (Exception e) {
        throw new RuntimeException("Failed to encrypt pin ", e);
    }
}

2. valid fingerprint and get the real decrypt cipher(Cipher D)

//mCryptoObject is generated by cipher in step 1
mFingerprintManager.authenticate(mCryptoObject, mCancellationSignal, 0 /* flags */, FingerprintManager.AuthenticationCallback, null);


//in FingerprintManager.AuthenticationCallback
javax.crypto.Cipher cipher = result.getCryptoObject().getCipher();

3. read encrypted password and decrypt it by the real decrypt cipher(Cipher D)

public String decryptPin(String deviceId, javax.crypto.Cipher cipher) {
    String encryptedPin = mSharedPreferences.getString(createPinKey(deviceId), "");
    if (TextUtils.isEmpty(encryptedPin)) {
        return "";
    }
    try {
        if (cipher == null) return "";
        byte[] decodedBytes = Base64.decode(encryptedPin, Base64.DEFAULT);
        //BadPaddingException in this line 
        byte[] decryptBytes = cipher.doFinal(decodedBytes);
        return new String(decryptBytes, Charset.forName("UTF8"));
    } catch (Exception e) {
        MyLog.d(TAG, "Failed to decrypt the data with the generated key." + e.getMessage());
        e.printStackTrace();
        return "";
    }
}

My init method:

private void init() {
    try {
        mKeyStore = KeyStore.getInstance("AndroidKeyStore");
        mKeyStore.load(null);
        KeyGenParameterSpec.Builder builder = new KeyGenParameterSpec.Builder(KEY_NAME,
                KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_CBC)
                .setUserAuthenticationRequired(true)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7);
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
            builder.setInvalidatedByBiometricEnrollment(true);
        }


        KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
        keyGenerator.init(
                    builder.build());
        keyGenerator.generateKey();


    } catch (Exception e) {
        throw new RuntimeException("Fail to init:" + e);
    }
}

Everything is OK if not closing app!!!

However when I kill the process and restart it, I got BadPaddingException in decryptPin() method when do cipher.doFinal().

System.err: javax.crypto.BadPaddingException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:482)
at javax.crypto.Cipher.doFinal(Cipher.java:1502)
at com.xiaomi.smarthome.framework.page.verify.DeviceVerifyConfigCache.decryptPin(DeviceVerifyConfigCache.java:156)
at com.xiaomi.smarthome.framework.page.verify.VerifyManager.decryptPin(VerifyManager.java:173)
at com.xiaomi.smarthome.framework.page.verify.FingerPrintVerifyActivity$1.onAuthenticated(FingerPrintVerifyActivity.java:62)
at com.xiaomi.smarthome.framework.page.verify.view.FingerPrintOpenVerifyDialog.onAuthenticationSucceeded(FingerPrintOpenVerifyDialog.java:136)
at android.hardware.fingerprint.FingerprintManager$MyHandler.sendAuthenticatedSucceeded(FingerprintManager.java:805)
at android.hardware.fingerprint.FingerprintManager$MyHandler.handleMessage(FingerprintManager.java:757)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5458)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:738)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:628)
Caused by: android.security.KeyStoreException: Invalid argument
at android.security.KeyStore.getKeyStoreException(KeyStore.java:632)
at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:473)
... 13 more

Does anyone can help me to solve this problem? Does is caused by SecretKey？Thank you!!!

Answer 1

I have found my issue. It's my wrong to generate Key with same alias in my init() method. I solve the problem with adding a judgement condition。

        if (!mKeyStore.containsAlias(KEY_NAME)) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, "AndroidKeyStore");
            keyGenerator.init(
                    builder.build());
            keyGenerator.generateKey();
        }