Class Crypto Problem

115 views
Skip to first unread message

KuoYing@Taiwan

unread,
Feb 10, 2011, 10:07:24 PM2/10/11
to play-framework
Hi all:
I have two apps. I would like to encrypt URL parameter. So I try to
do.....

First App(FROM: port 9000):
----------------------------------
public class Application extends Controller {
public static void shoppingCenter() throws Exception {
String text = "Hi I am Kevin. I like
play........baseball!";
String plus = Crypto.encryptAES(text);
// encrypt URL
redirect("http://localhost:9999/index?code="+plus);
}
}

Second App(TO: port 9999):
----------------------------------
public class Application extends Controller {
public static void index() {
String code = params.get("code");
String text = Crypto.decryptAES(code);
render(text);
}
}


It display error:
"An unexpected error occured caused by exception BadPaddingException
Given final block not properly padded"

How to solve it??

Matt Hildebrand

unread,
Feb 10, 2011, 10:44:32 PM2/10/11
to play-fr...@googlegroups.com
Do the two applications share the same secret key (i.e., the value of the "application.secret" setting in application.conf)?  The Crypto class derives the AES key from the application secret, and you require the derived encryption key to be the same as the derived decryption key.  Alternatively, you could specify the AES key yourself using the two-parameter forms of encryptAES and decryptAES.

-Matt



--
You received this message because you are subscribed to the Google Groups "play-framework" group.
To post to this group, send email to play-fr...@googlegroups.com.
To unsubscribe from this group, send email to play-framewor...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/play-framework?hl=en.


ntbrock

unread,
Feb 11, 2011, 10:19:16 AM2/11/11
to play-framework
When building URLs by hand via String manipulation, strongly recommend
you URLEncode all content.

java.net.URLEncoder.encode ( string s , string enc )

My guess is a non-URL friend character in your crypto output.

KuoYing@Taiwan

unread,
Feb 13, 2011, 12:26:25 AM2/13/11
to play-framework
OK!! Tthank you!! I do the second application secret key same with the
first application secret key.

On 2月11日, 上午11時44分, Matt Hildebrand <matt.hildebr...@gmail.com> wrote:
> Do the two applications share the same secret key (i.e., the value of the
> "application.secret" setting in application.conf)?  The Crypto class derives
> the AES key from the application secret, and you require the derived
> encryption key to be the same as the derived decryption key.  Alternatively,
> you could specify the AES key yourself using the two-parameter forms of
> encryptAES and decryptAES.
>
> -Matt
>
Reply all
Reply to author
Forward
0 new messages