[jboss-jira] [JBoss JIRA] Commented: (SECURITY-563) Exception javax.crypto.BadPaddingException: Given final block not properly padded thrown when decrypting
Christian Schlüter (JIRA)
jira-events at lists.jboss.org
Fri Feb 4 04:45:39 EST 2011
[ https://issues.jboss.org/browse/SECURITY-563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12580101#comment-12580101 ]
Christian Schlüter commented on SECURITY-563:
---------------------------------------------
even worse:
"aan2o1Y%" is encrypted an decrypted to "0?_»Í�m5".
The problem is that negative BigIntegers need no leading zeroes but leading -1.
Solution:
add the following if-statement in decode-method:
for (int i = old.length - 1; i >= 0; i--)
{ encoding[i + pad] = old[i]; }
if (n.signum() == -1)
{
for (int i = 0; i < newLength - length; i++)
{ encoding[i] = (byte) -1; }
}
> Exception javax.crypto.BadPaddingException: Given final block not properly padded thrown when decrypting
> ---------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-563
> URL: https://issues.jboss.org/browse/SECURITY-563
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: JBossSecurity_2.0.4.SP6
> Environment: JBoss EAP 5.1
> Reporter: Tom Ross
> Assignee: Anil Saldhana
>
> Exception "javax.crypto.BadPaddingException: Given final block not properly padded" is thrown when trying to decrypt a password like "dv". It looks like decrypt() method can not handle passwords that have been encrypted with "-" in front. "dv" is encrypted as -7f16992f0aa153.
>
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list