I have a false positive, in my work i can’t do an exception, I’m not en expert but i think that this code is correct:
This Work (“Threefish-1024/CBC/ISO10126Padding”).
private static String encryptImpl(final String key, final String message) throws
UnsupportedEncodingException,
NoSuchAlgorithmException,
NoSuchProviderException,
NoSuchPaddingException,
InvalidKeyException,
InvalidAlgorithmParameterException,
IllegalBlockSizeException,
BadPaddingException {
String result = StringUtils.EMPTY;
if (StringUtils.isNotBlank(key) && StringUtils.isNotEmpty(message)) {
byte[] biv = new byte[IV_SIZE];
SecureRandom sr = SecureRandom.getInstanceStrong();
sr.nextBytes(biv);
final String hexIv = Hex.encodeHexString(biv);
IvParameterSpec iv = new IvParameterSpec(biv);
byte[] data = key.getBytes(StandardCharsets.UTF_8);
Security.addProvider(new BouncyCastleProvider());
SecretKeySpec ks = new SecretKeySpec(data, ALGORITHM);
Cipher cipher = Cipher.getInstance(OPERATION_MODE, "BC");
cipher.init(Cipher.ENCRYPT_MODE, ks, iv);
byte[] out = cipher.doFinal(message.getBytes(StandardCharsets.UTF_8));
final String hexSecret = Hex.encodeHexString(out);
result = String.format("%s%s", hexIv, hexSecret);
}
return result;
}
This don’t work (note: biv is obtained form encrypted string)
private static String decryptImpl(final String key, final byte[] biv, final String message) throws
UnsupportedEncodingException,
NoSuchAlgorithmException,
NoSuchProviderException,
NoSuchPaddingException,
InvalidKeyException,
InvalidAlgorithmParameterException,
IllegalBlockSizeException,
BadPaddingException,
DecoderException {
String result = StringUtils.EMPTY;
if (StringUtils.isNotBlank(key) && StringUtils.isNotEmpty(message)) {
final IvParameterSpec iv = new IvParameterSpec(biv);
byte[] data = key.getBytes(StandardCharsets.UTF_8);
Security.addProvider(new BouncyCastleProvider());
SecretKeySpec ks = new SecretKeySpec(data, ALGORITHM);
Cipher cipher = Cipher.getInstance(OPERATION_MODE, "BC");
cipher.init(Cipher.DECRYPT_MODE, ks, iv);
byte[] out = cipher.doFinal(Hex.decodeHex(message.toCharArray()));
result = new String(out);
}
return result;
}