New line character in encoding-decoding methods

[ghost]

Hi,

you library works fine but in my Android Application (API Level 22) when I'm try to encode a string I get one which contains "new line" characters \n; I'm using my static passphrase instead a SHA or MD5 generator functions.

I'm looking into your code and I find in encryptDecrypt() function at lines 154 and 163 the DEFAULT setting for Base64 enconde; I try to change this value this with Base64.NO_WRAP (from Base64.java doc: "Encoder flag bit to omit all line terminators (i.e., the output will be on one long line)").

With this fix the encoding works fine (without new line characters). Do yo try to test your library with this setting?

Thank you! Cheers

[navneet83]

Thanks for the great suggestion. I am going to try it out and update the code accordingly!

[ghost]

Great! I fork your project and I implement the fix for my application; I have also added a new method to generate a "empty" string (public static String generateEmptyIV(int length)).

Thanks for library! Cheers

[navneet83]

Cool...I had a question about "generateEmptyIV" method that you had created. What is the purpose of this method ? IVs are to supposed to be generated randomly every time you want to encrypt something. Otherwise it is a security risk..

[ghost]

You are right but I'm working on Web Service that provide data behind key encryption and this key is generated by 16 "empty" character; I don't have access to server to change this implementation and I need this workaround to encrypt-decrypt data properly on my application.

Any ideas?

[navneet83]

I am afraid that if you don't have any control over WebService then there is hardly anything which you can do. So you'll have to live with this vulnerability. However this issue is very specific to your situation and I would advise that you do not publish this function in opensource. Problem is those who use this function from your project will inherit this vulnerability even if they don't have to.

[ghost]

Thank you for your suggestion!