android - java.security.InvalidAlgorithmParameterException: Unsupported IV length: 10 bytes. Only 12 bytes long IV supported

Question

Hello Everyone I am working on Android Project and i have to save JWT token in my sharedprefrences so for that i use Android KeyStore System to encrypt the data and store it i found some code from Internet and i rewrite it its works fine here it is

  fun Key_Store(Apikey: String){
   val keyGenerator : KeyGenerator = KeyGenerator.getInstance(
        KeyProperties.KEY_ALGORITHM_AES,
        "AndroidKeyStore"
    )

    val keyGenParameterSpec = KeyGenParameterSpec.Builder(
        "alias",
        KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
    )
        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
        .build()


    keyGenerator.init(keyGenParameterSpec);
    val  secretKey: SecretKey = keyGenerator.generateKey()

    val  cipher:Cipher = Cipher.getInstance("AES/GCM/NoPadding")
    cipher.init(Cipher.ENCRYPT_MODE, secretKey)

    val iv = cipher.getIV();
    val encryption = cipher.doFinal(Apikey.toByteArray())
    Log.e("Real", "is " + Apikey)
    Log.e("Encription", "is " + encryption)


    //decrypting
    val keyStore = KeyStore.getInstance("AndroidKeyStore");
    keyStore.load(null);

    val secretKeyEntry = keyStore
        .getEntry("alias", null) as KeyStore.SecretKeyEntry

    val secretKey2 = secretKeyEntry.secretKey

    val cipher2 = Cipher.getInstance("AES/GCM/NoPadding")

    val spec = GCMParameterSpec(128, iv)
    cipher2.init(Cipher.DECRYPT_MODE, secretKey2, spec)

    val decodedData = cipher2.doFinal(encryption)
    val unencryptedString = String(decodedData)
    Log.e("UnEncription", "is " + unencryptedString)
}

this works fine its encript the data and also decryopt it but when i devide this function in two functions then its give error java.security.InvalidAlgorithmParameterException: Unsupported IV length: 10 bytes. Only 12 bytes long IV supported and not works for me here it is

  private fun encryptedKey (KEY_NAME: String, value: String){
    val keyGenerator : KeyGenerator = KeyGenerator.getInstance(
        KeyProperties.KEY_ALGORITHM_AES,
        "AndroidKeyStore"
    )

     val keyGenParameterSpec = KeyGenParameterSpec.Builder(
        "pryze",
        KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
    )
        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
        .build()


    keyGenerator.init(keyGenParameterSpec);
    val  secretKey: SecretKey = keyGenerator.generateKey()

    val  cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding")
    cipher.init(Cipher.ENCRYPT_MODE, secretKey)

    val iv = cipher.getIV();
    val encryption = cipher.doFinal(value.toByteArray())

    val editor: SharedPreferences.Editor = sharedPrefs.edit()
    editor.putString(KEY_NAME+"EN", encryption.toString())
    editor.putString(KEY_NAME+"IV", iv.toString())
    editor.commit()
    Log.e("IV Top", "is " + iv)

}

private fun decryptKey (KEY_NAME: String): String?{

    val keyStore = KeyStore.getInstance("AndroidKeyStore");
    keyStore.load(null);

    val secretKeyEntry = keyStore
        .getEntry("pryze", null) as KeyStore.SecretKeyEntry

    val secretKey2 = secretKeyEntry.secretKey

    val cipher2 = Cipher.getInstance("AES/GCM/NoPadding")

    val spec = GCMParameterSpec(128, sharedPrefs.getString(KEY_NAME+"IV", null)?.toByteArray())
    cipher2.init(Cipher.DECRYPT_MODE, secretKey2, spec)


    val decodedData = cipher2.doFinal(sharedPrefs.getString(KEY_NAME+"EN", null)?.toByteArray())
    val unencryptedString = String(decodedData)
    Log.e("UnEncription", "is " + unencryptedString)

    return unencryptedString
}

question from:https://stackoverflow.com/questions/65932343/java-security-invalidalgorithmparameterexception-unsupported-iv-length-10-byte

Answer 1

now Its Works

 private fun encryptedKey (KEY_NAME: String, value: String){
    val keyGenerator : KeyGenerator = KeyGenerator.getInstance(
        KeyProperties.KEY_ALGORITHM_AES,
        "AndroidKeyStore"
    )

 
    val keyGenParameterSpec = KeyGenParameterSpec.Builder(
        "alies",
        KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
    )
        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
        .build()


    keyGenerator.init(keyGenParameterSpec);
    val  secretKey: SecretKey = keyGenerator.generateKey()

    val  cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding")
    cipher.init(Cipher.ENCRYPT_MODE, secretKey)

    val iv = cipher.getIV();
    val encryption = cipher.doFinal(value.toByteArray())

    val editor: SharedPreferences.Editor = sharedPrefs.edit()
    editor.putString(KEY_NAME+"EN", Base64.encodeToString(encryption,Base64.DEFAULT))
    editor.putString(KEY_NAME+"IV", Base64.encodeToString(iv,Base64.DEFAULT))
    editor.commit()

}

private fun decryptKey (KEY_NAME: String): String?{

    val keyStore = KeyStore.getInstance("AndroidKeyStore");
    keyStore.load(null);

    val secretKeyEntry = keyStore
        .getEntry("alies", null) as KeyStore.SecretKeyEntry

    val secretKey2 = secretKeyEntry.secretKey

    val cipher2 = Cipher.getInstance("AES/GCM/NoPadding")
    val spec = GCMParameterSpec(128,Base64.decode(sharedPrefs.getString(KEY_NAME+"IV",null),Base64.DEFAULT))
    cipher2.init(Cipher.DECRYPT_MODE, secretKey2, spec)


    val decodedData = cipher2.doFinal(Base64.decode(sharedPrefs.getString(KEY_NAME+"EN",null),Base64.DEFAULT))
    val unencryptedString = String(decodedData)
    return unencryptedString
}