Exception: "Given final block not properly padded" in Linux, but it works in Windows

Question

My application works in windows, but fails in Linux with Given final block not properly padded exception.

Configuration:

• JDK Version: 1.6
• Windows : version 7
• Linux : CentOS 5.8 64bit

My code is below:

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;

import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

public class SecurityKey {
    private static Key key = null;
    private static String encode = "UTF-8";
    private static String cipherKey = "DES/ECB/PKCS5Padding";

    static  {
        try {
            KeyGenerator generator = KeyGenerator.getInstance("DES");
            String seedStr = "test";
            generator.init(new SecureRandom(seedStr.getBytes()));
            key = generator.generateKey();
        } catch(Exception e) {
        }
    }

    // SecurityKey.decodeKey("password")
    public static String decodeKey(String str) throws Exception  {
        if(str == null)
            return str;

        Cipher cipher = null;
        byte[] raw = null;
        BASE64Decoder decoder = new BASE64Decoder();
        String result = null;
        cipher = Cipher.getInstance(cipherKey);
        cipher.init(Cipher.DECRYPT_MODE, key);
        raw = decoder.decodeBuffer(str);
        byte[] stringBytes = null;
        stringBytes = cipher.doFinal(raw); // Exception!!!!
        result = new String(stringBytes, encode);

        return result;
    }
}

At the line:

   ciper.doFilnal(raw);

the following exception is thrown:

   javax.crypto.BadPaddingException: Given final block not properly padded

How can I fix this issue?

Answer 1

The answer lies in the fact that SecureRandom seeding may be different for specific runtimes. Most of the time you will get "SHA1PRNG", which won't get seeded immediately. Instead, you can call setSeed() before requesting any random, and in that case that seed is used as only source of entropy. In this case your key will always be the same.

The problem is that it is not defined which SecureRandom is returned. You may get an entirely different, platform specific implementation for which the above is not true. You may not get the one of the Sun provider, if another provider takes precedence.

Then there is the issue with the seed. The seed used the platform default encoding for the seedStr variable during the call to getBytes(). As the encodings may differ, the seeds may differ and thus the result will differ as well.

Try to use a function such as PBKDF2 instead for key derivation; there is enough on stackoverflow on how to procede.

Answer 2

As follows: I had to modify the contents.

static{
    try {
    KeyGenerator generator = KeyGenerator.getInstance("DES");
    String seedStr = "test";
    SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
    random.setSeed(seedStr.getBytes());
    generator.init(random);
    key = generator.generateKey();
} catch(Exception e) {
}

}

It work's!! Thanks!!!