Using Java to decrypt openssl aes-256-cbc using provided key and iv

java openssl

18,799

You should use something like this:

InputStream cipherInputStream = null;
try {
    final StringBuilder output = new StringBuilder();
    final byte[] secretKey = javax.xml.bind.DatatypeConverter.parseHexBinary("E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5");
    final byte[] initVector = javax.xml.bind.DatatypeConverter.parseHexBinary("629E2E1500B6BA687A385D410D5B08E3");
    final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secretKey, "AES"), new IvParameterSpec(initVector, 0, cipher.getBlockSize()));
    cipherInputStream = new CipherInputStream(new FileInputStream("text_ENCRYPTED"), cipher);

    final String charsetName = "UTF-8";

    final byte[] buffer = new byte[8192];
    int read = cipherInputStream.read(buffer);

    while (read > -1) {
        output.append(new String(buffer, 0, read, charsetName));
        read = cipherInputStream.read(buffer);
    }

    System.out.println(output);
} finally {
    if (cipherInputStream != null) {
        cipherInputStream.close();
    }
}

18,799

user2203629

Updated on September 20, 2022

Comments

user2203629 over 1 year
I have been searching for a Java code example to do the following but have been unsuccessful. I'm looking for a solution for my particular situation.

A key and IV have been generated using "testtest" for a password:
```
openssl enc -aes-256-cbc -P 
salt=2855243412E30BD7
key=E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5
iv=629E2E1500B6BA687A385D410D5B08E3
```
A file(named text) has been encrypted on Linux using openssl command:
```
openssl enc -aes-256-cbc -K 
E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5 -iv
629E2E1500B6BA687A385D410D5B08E3 -e -in text -out text_ENCRYPTED
```
It can be decrypted successfully using:
```
openssl enc -aes-256-cbc -K 
E4A38479A2349177EAE6038A018483318350E7F5430BDC8F82F1974715CB54E5 -iv 
629E2E1500B6BA687A385D410D5B08E3 -d -in text_ENCRYPTED -out text_DECRYPTED
```
I have access to the encrypted file, the salt, the key and the iv. I do not believe I'm going to receive the password. Also, i have installed the unlimited strength JCE policy. So far I have only found examples where another java program does the encryption and generates these parameters. For my case I must use the salt, key and iv values given to me to decrypt a file. Is this possible with Java? Please remember I'm bound by this configuration, thank you very much for your time and help.
ways about 9 years

There is a subtle bug in decodeHex() in the answer. When encoded value starts with '00', corresponding bytes just go away. Think about using well-known library like Apache Commons for hex decoding. (I found an example at stackoverflow.com/questions/13990941/… )
laz about 9 years

You are correct @ways, I ran into this at a later point as well. I'll update the example with a correct decoder.