[SalesForce] Crypto Class Error: “pad block corrupted”

Created a class for encrypting and decrypting values. It's throwing an error about the 'pad block corrupted' being incomplete.

This works for me:

Blob ckey = EncodingUtil.base64Decode(Encryption_Key__c.getOrgDefaults().key__c);
Blob encryptedUserName = Crypto.encryptWithManagedIV('AES256', ckey, 
blob.valueOf('adamnila@justcheckingstuff.com'));

String decryptedUserName = Crypto.decryptWIthManagedIV('AES256',ckey, encryptedUserName).toString();
system.debug(decryptedUsername);

Running that in execute anonymous outputs the original string value I encrypted.

However if I run this it fails with the given error:

secretDecoderRing sdr = secretDecoderRing.getInstance();                            
Blob ckey = EncodingUtil.base64Decode(Encryption_Key__c.getOrgDefaults().key__c);
Blob encryptedUserName = Crypto.encryptWithManagedIV('AES256', ckey, blob.valueOf('adamnila@justcheckingstuff.com'));

String decryptedUserName = sdr.decryptValue(EncodingUtil.base64Encode(encryptedUserName));

Here's my secret decoder ring code:

public class secretDecoderRing {


private final Encryption_Key__c myKey = Encryption_Key__c.getOrgDefaults();
public final Blob key;
private static secretDecoderRing instance = null;

private secretDecoderRing(){
    key = EncodingUtil.base64Decode(myKey.key__c);
}
public static secretDecoderRing getInstance(){
    if(instance == null) instance = new secretDecoderRing();
    return instance;
}

public String encryptValue(String cleanData){

    encryptionWrapper ew = new encryptionWrapper(Blob.valueOf(cleanData), key);
    return ew.encryptedValue.toString();
}

public String decryptValue(String encryptedData){
    decryptionWrapper dw = new decryptionWrapper(EncodingUtil.base64Decode(encryptedData), key);
    return dw.decryptedValue;
}

private class encryptionWrapper{
    Blob encryptedValue{get; private set;}
    public encryptionWrapper(Blob cleanData, Blob key){
        this.encryptedValue = Crypto.encryptWithManagedIV('AES256',key, cleanData);
    }
}

private class decryptionWrapper{
    String decryptedValue{get;private set;}
    private decryptionWrapper(Blob encryptedData, Blob key){
        this.decryptedValue = Crypto.decryptWithManagedIV('AES256',key, encryptedData).toString();
    }
}

}

What does "pad block corrupted" even mean, and is there something I need to adjust with my decoder ring class or is what I'm trying to do here just not possible?

Best Answer

While I cannot reproduce your issue given the code in your post, I have been able to reproduce it. It appears to me that your base64 ciphertext is being truncated at some point during your process. Here's an example:

secretDecoderRing sdr = secretDecoderRing.getInstance();                            
Blob ckey = EncodingUtil.base64Decode(Encryption_Key__c.getOrgDefaults().key__c);
Blob encryptedUserName = Crypto.encryptWithManagedIV('AES256', ckey, blob.valueOf('adamnila@justcheckingstuff.com'));
String ciphertext = EncodingUtil.base64Encode(encryptedUserName);
String decryptedUserName = sdr.decryptValue(ciphertext.substring(0, ciphertext.length() - 1));
System.debug(decryptedUserName);

Note that here I chop off the last character of the base64 ciphertext before attempting decoding/decipherment. This yields:

System.SecurityException: last block incomplete in decryption

If instead, I corrupt the base64 text like so:

secretDecoderRing sdr = secretDecoderRing.getInstance();                            
Blob ckey = EncodingUtil.base64Decode(Encryption_Key__c.getOrgDefaults().key__c);
Blob encryptedUserName = Crypto.encryptWithManagedIV('AES256', ckey, blob.valueOf('adamnila@justcheckingstuff.com'));
String ciphertext = EncodingUtil.base64Encode(encryptedUserName);
ciphertext = ciphertext.substring(0, ciphertext.length() - 1) + 'q';

String decryptedUserName = sdr.decryptValue(ciphertext);
System.debug(decryptedUserName);

we get

System.SecurityException: pad block corrupted

So it's not clear exactly how, but one way or another your ciphertext is being mutated or truncated to produce this error.

Related Solutions

[SalesForce] How to encrypt and decrypt a String in Apex using the Crypto class

The below wiki gives good set of examples for crypto classes

http://wiki.developerforce.com/page/Apex_Crypto_Class

A sample scenario from above article

// Generate an AES key for the purpose of this sample. 
// Normally this key should be stored in a protected custom setting 
// or an encrypted field on a custom object
Blob cryptoKey = Crypto.generateAesKey(256);

// Generate the data to be encrypted.
 Blob data = Blob.valueOf('Test data to encrypted');
// Encrypt the data and have Salesforce.com generate the initialization vector
Blob encryptedData = Crypto.encryptWithManagedIV('AES256', cryptoKey, data);
// Decrypt the data - the first 16 bytes contain the initialization vector
 Blob decryptedData = Crypto.decryptWithManagedIV('AES256', cryptoKey, encryptedData);

// Decode the decrypted data for subsequent use
 String decryptedDataString = decryptedData.toString();

Here is below blog that points a use case of how to store once we encrypt data in sfdc

http://cloudyworlds.blogspot.in/2014/01/encrypting-xml-response-from-external.html

Basically there are two versions

WithManagedIv()

Here SFDC itself handles vector generation

Encrypt()

Here one needs to include vector also as parameter for encryption.

[SalesForce] Generating HMAC message digest via Crypto class

You are encoding it wrong. Try below code:

Blob blobSignature = Crypto.generateMac('hmacSHA256', Blob.valueOf('testmessage'), Blob.valueOf('123456789'));
System.debug(EncodingUtil.convertToHex(blobSignature));

output

17:42:10:023 USER_DEBUG [56]|DEBUG|9cba4d1d75689509208a97b1ca42f786a630a891e2410bfb11a84feb7a4807ad

Best Answer

Related Solutions

[SalesForce] How to encrypt and decrypt a String in Apex using the Crypto class

[SalesForce] Generating HMAC message digest via Crypto class

Related Topic