Java AES-128 encryption of 1 block (16 byte) returns 2 blocks(32 byte) as output

aescryptographyencryptionjava

I'm using the following code for AES-128 encryption to encode a single block of 16 byte but the length of the encoded value gives 2 blocks of 32 byte. Am I missing something?


    plainEnc = AES.encrypt("thisisapassword!");


    import java.security.*;
    import java.security.spec.InvalidKeySpecException;
    import javax.crypto.*;
    import sun.misc.*;

    public class AES {

         private static final String ALGO = "AES";
         private static final byte[] keyValue = 
            new byte[] { 'T', 'h', 'e', 'B', 'e', 's', 't',
    'S', 'e', 'c', 'r','e', 't', 'K', 'e', 'y' };

    public static String encrypt(String Data) throws Exception {
            System.out.println("string length: " + (Data.getBytes()).length); //length = 16
            Key key = generateKey();
            Cipher chiper = Cipher.getInstance(ALGO);
            chiper.init(Cipher.ENCRYPT_MODE, key);
            byte[] encVal = chiper.doFinal(Data.getBytes());
            System.out.println("output length: " + encVal.length); //length = 32
            String encryptedValue = new BASE64Encoder().encode(encVal);
            return encryptedValue;
        }

        public static String decrypt(String encryptedData) throws Exception {
            Key key = generateKey();
            Cipher chiper = Cipher.getInstance(ALGO);
            chiper.init(Cipher.DECRYPT_MODE, key);
            byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedData);
            byte[] decValue = chiper.doFinal(decordedValue);
            String decryptedValue = new String(decValue);
            return decryptedValue;
        }
        private static Key generateKey() throws Exception {
            Key key = new SecretKeySpec(keyValue, ALGO);
            return key;
    }

}

Best Answer

Cipher.getInstance("AES") returns a cipher that uses PKCS #5 padding. This padding is added in all cases – when the plaintext is already a multiple of the block size, a whole block of padding is added.

Specify your intentions explicitly in the Cipher.getInstance() call to avoid relying on defaults and potentially causing confusion:

Cipher.getInstance("AES/ECB/NoPadding");

You will also see that you are using ECB mode, which is a bad choice in almost any situation.