Base64Utils class cuts leading zeroes from encoded bytes -------------------------------------------------------- Key: SECURITY-851 URL: https://issues.jboss.org/browse/SECURITY-851 Project: PicketBox Issue Type: Bug Affects Versions: PicketBox_4_0_21.Beta2 Reporter: Josef Cacek Assignee: Josef Cacek Priority: Blocker Fix For: PicketBox_4_0_21.Final Vault util is failing for some password/salt/iteration combinations because Base64Utils class strips zeroes from provided byte array. So if a user encodes a key with length 8 and the leading byte of the key is zero, then after decoding he only gets 7 (or less) bytes. For instance: {code} encode ( { 0, 81, 121, -37, 46, -64, 20, 114 } ) -> "1HUTikm1Ho" decode ("1HUTikm1Ho") -> { 81, 121, -37, 46, -64, 20, 114 } {code} As a result the PBEUtil will fail with javax.crypto.IllegalBlockSizeException. IMHO the same problem can occur on other places where the Base64Utils class is used (not only the Vault).