Encoding cypher broken in URL

I've got a email verification system that sends an encrypted link for the user to click. I had one user tell me it wasn't working and I found a very strange error that I can't explain.

This is a local URL which works fine

http://localhost/cypher.action?cypher=TphMFuv%2FwcsgLThnU5cWInJFaZPMHeDFFL%2FRRPbbV70%3D

This is the remote URL which doesn't work

http://remotehost/cypher.action?cypher=TphMFuv%2FwcsgLThnU5cWInJFaZPMHeDFFL%2FRRPbbV70%3D

My application is running struts2 on a tomcat server but I don't think that matters. On the remote request the variable cypher is null. I can't understand why. It's running the exact same code

Cheers

Kris

UPDATE

Turns out that bad logging was hiding the real problem. The issue is that on the server it is getting a BadPaddingException

javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at service.DesEncrypterService.decrypt(DesEncrypterService.java:80)
at action.LoginAction.cypherLogin(LoginAction.java:93)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

Now to find out why that is happening on the server and not locally

UPDATE

It seems that it is a similar issue as this person is having Exception: "Given final block not properly padded" in Linux, but it works in Windows

Some encoding difference on Linux?

Answers


Your keys are different on the two machines. You need to trace through the key processing on both machines so you can pinpoint where the differences are being generated. Always check for byte-to-byte matching; character matching can be deceptive. For example, end-of-line can differ invisibly between different systems.

First check that what is received after transmission is exactly what was sent. Then put in byte dumps to logs after every piece of processing on the serialized key/parameters. Do this on both home and away machines and compare. That will pinpoint where the change happens from "same on both machines" to "different between machines". That should pinpoint the method or code section where the problem is happening. Repeat the byte dumps inside that piece of code until you have the problem isolated. Again, you will need to dump on both machines so you have a known target from the home machine to compare against.


Do an URL encoding of the cyphered key before setting it. That will avoid adding extra characters.


Need Your Help

Fusion table api map not showing styles after table update

google-maps-api-3 google-fusion-tables

I'm relatively new to the Fusion Tables Api and I am trying to create a simple web app using Fusion Tables and Google Maps Api. The application will be used about three times a day and each time a ...

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.