Several solutions for javax.crypto.BadPaddingException:Blocktype errors
Several solutions to Javax.crypto.BadPaddingException:Blocktype anomalies
Reprint please indicate the source
1. Description of the exception: recent projects to enhance the security of data transmission using RSA encryption. That is, the information that the Android client will transmit is encrypted with the private key via the RSA asymmetric encryption algorithm and uploaded to the server side (PC side). The decryption fails when the server side decrypts with the public key of the corresponding (key) and throws "Javax.crypto.BadPaddingException:Blocktype" exception.
2. Exception reason: The Android system uses virtual machines (Dalvik) that differ from the Sun standard JDK, where their default RSA implementations are different. That is, the Android end uses the Cipher.getinstance ("RSA") method to encrypt, the provider is the Bouncycastle security provider,bouncycastle Provider default implementation is the "rsa/none/nopadding" algorithm, and the server (PC) End with Cipher.getinstance ("RSA") to decrypt, using the sun's security provider, to achieve the " Rsa/none/pkcs1padding "algorithm, so the decryption will fail.
3. Solution: I offer three solutions here:
First: Change the Cipher.getinstance ("RSA") method on the server (PC) side to Cipher.getinstance ("rsa/ecb/nopadding"). However, one drawback of this method is that the plaintext after decryption is much more space than before the encryption. (Length of Space + original number of characters = number of bits used to generate the key/8)
Second: Change the Cipher.getinstance ("RSA") method on the Android side to Cipher.getinstance ("rsa/none/pkcs1padding"). This method is recommended in the case of the first method, which is corresponding to the plaintext after decryption and the plaintext before encryption.
Third: Add Bouncycastle Security Provider to the server (PC) side of the JDK, for installation configuration and validation of Bouncycastle JCE see http://blog.csdn.net/ caoshichao520326/article/details/8732670, configure the Bouncycastle security provider, the server (PC) side of the Cipher.getinstance ("RSA") The method is changed to Cipher.getinstance ("RSA", "BC").