[Solved] javax.crypto.AEADBadTagException: Tag mismatch


AEADBadTagException is subclass of BadPaddingException. It’s occurred when a Cipher unable to verify the authentication tag. It’s occurred when Cipher is AEAD i.e GCM/CCM mode.

public class AEADBadTagException extends BadPaddingException

Constructor

  • AEADBadTagException(): Constructs a default constructor of AEADBadTagException with no detail message.
  • AEADBadTagException(String msg): Constructs a message constructor of AEADBadTagException with the specified detail message.

Exception

Here is a complete example of encryption and decryption based on algorithm AES/GCM/NoPadding but having an issue because of IV value which is used for authentication.

import java.security.SecureRandom;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;<span id="mce_SELREST_start" style="overflow:hidden;line-height:0;"></span>
/**
* example for plain text encryption and decryption by using Java AES 256 GCM Encryption Algorithm
*/
public class AES_GCM_Example
{
        static String plainText = "facing Issues on IT  (Learn from Others Experience)";
           public static final int AES_KEY_SIZE = 256;
           public static final int GCM_IV_LENGTH = 12;
           public static final int GCM_TAG_LENGTH = 16;

           public static void main(String[] args) throws Exception
           {
               KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
               keyGenerator.init(AES_KEY_SIZE);

               // Generate Key
               SecretKey key = keyGenerator.generateKey();

               byte[] IV = new byte[GCM_IV_LENGTH];
               SecureRandom random = new SecureRandom();
               random.nextBytes(IV);

               System.out.println("Original Text : " + plainText);

               byte[] cipherText = encrypt(plainText.getBytes(), key, IV);
               System.out.println("Encrypted Text : " + Base64.getEncoder().encodeToString(cipherText));

               String decryptedText = decrypt(cipherText, key, IV);
               System.out.println("DeCrypted Text : " + decryptedText);
           }

           public static byte[] encrypt(byte[] plaintext, SecretKey key, byte[] IV) throws Exception
           {
               // Get Cipher Instance for selected algorithm
               Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");

               // Create SecretKeySpec for key
               SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "AES");

               // Create GCMParameterSpec for key
               GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, IV);

               // Initialize Cipher for ENCRYPT_MODE for encrypt plaintext
               cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec);

               // Perform Encryption
               byte[] cipherText = cipher.doFinal(plaintext);

               return cipherText;
           }

           public static String decrypt(byte[] cipherText, SecretKey key, byte[] IV) throws Exception
           {
               // Get Cipher Instance based on selective AES algorithm
               Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");

               // Create SecretKeySpec for key
               SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "AES");

               // Create GCMParameterSpec for key
               //IV = new byte[GCM_IV_LENGTH]; //here is issue

               GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, IV);

               // Initialize Cipher for DECRYPT_MODE to in plain text
               cipher.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);

               // Perform Decryption on encrypted text
               byte[] decryptedText = cipher.doFinal(cipherText);

               return new String(decryptedText);
           }

       }

Output


Original Text : facing Issues on IT  (Learn from Others Experience)
Encrypted Text : AxboQXVKKPMm05cRaslMuxDl8IK77OLgG2ddnVSKzQUVQEXL/Xic+OHN/8ixbrFbvSrytStUWBsYQyXIWLQB22+0sg==
Exception in thread "main" javax.crypto.AEADBadTagException: Tag mismatch!
       at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:524)
       at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1023)
       at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:960)
       at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
       at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
       at javax.crypto.Cipher.doFinal(Cipher.java:2121)
       at enc_dec.AES_GCM_Example.decrypt(AES_GCM_Example.java:84)
       at enc_dec.AES_GCM_Example.main(AES_GCM_Example.java:41)

Solution

Here is an issue on decryption while changing the value of IV as in line by creating new byte array which is different from the value passed in encryption that’s why encryption and decryption authentication get failed.

As a solution specific this issue comment line 68 and it will return output as below.


Original Text : facing Issues on IT  (Learn from Others Experience)
Encrypted Text : faSkDrA737VyiocRk1n5arFGaO5r7GDN6xFmz7hjZppkN0y8sgcj9N5iqaZ2+gbRowli5Ocfm1sQB2qL+nEVIzsWVg==
DeCrypted Text : facing Issues on IT  (Learn from Others Experience)

References

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s