[Solved] Javax.Crypto.AEADBadTagException: Tag Mismatch

DECEMBER 6, 2019 SAURABH GUPTA LEAVE A COMMENT

6 Votes

AEADBadTagException is subclass of BadPaddingException. It’s occurred when a Cipher unable to verify the authentication tag. It’s occurred when Cipher is AEAD i.e GCM/CCM mode.

public class AEADBadTagException extends BadPaddingException

Constructor

• AEADBadTagException(): Constructs a default constructor of AEADBadTagException with no detail message.
• AEADBadTagException(String msg): Constructs a message constructor of AEADBadTagException with the specified detail message.

Exception

Here is a complete example of encryption and decryption based on algorithm AES/GCM/NoPadding but having an issue because of IV value which is used for authentication.

AES_GCM_Example.java

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81

import java.security.SecureRandom; import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec;<span id="mce_SELREST_start" style="overflow:hidden;line-height:0;"></span> /** * example for plain text encryption and decryption by using Java AES 256 GCM Encryption Algorithm */ public class AES_GCM_Example {         static String plainText = "facing Issues on IT  (Learn from Others Experience)";            public static final int AES_KEY_SIZE = 256;            public static final int GCM_IV_LENGTH = 12;            public static final int GCM_TAG_LENGTH = 16;            public static void main(String[] args) throws Exception            {                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");                keyGenerator.init(AES_KEY_SIZE);                // Generate Key                SecretKey key = keyGenerator.generateKey();                byte[] IV = new byte[GCM_IV_LENGTH];                SecureRandom random = new SecureRandom();                random.nextBytes(IV);                System.out.println("Original Text : " + plainText);                byte[] cipherText = encrypt(plainText.getBytes(), key, IV);                System.out.println("Encrypted Text : " + Base64.getEncoder().encodeToString(cipherText));                String decryptedText = decrypt(cipherText, key, IV);                System.out.println("DeCrypted Text : " + decryptedText);            }            public static byte[] encrypt(byte[] plaintext, SecretKey key, byte[] IV) throws Exception            {                // Get Cipher Instance for selected algorithm                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");                // Create SecretKeySpec for key                SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "AES");                // Create GCMParameterSpec for key                GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, IV);                // Initialize Cipher for ENCRYPT_MODE for encrypt plaintext                cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec);                // Perform Encryption                byte[] cipherText = cipher.doFinal(plaintext);                return cipherText;            }            public static String decrypt(byte[] cipherText, SecretKey key, byte[] IV) throws Exception            {                // Get Cipher Instance based on selective AES algorithm                Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");                // Create SecretKeySpec for key                SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "AES");                // Create GCMParameterSpec for key                //IV = new byte[GCM_IV_LENGTH]; //here is issue                GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, IV);                // Initialize Cipher for DECRYPT_MODE to in plain text                cipher.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);                // Perform Decryption on encrypted text                byte[] decryptedText = cipher.doFinal(cipherText);                return new String(decryptedText);            }        }

Output

Original Text : facing Issues on IT  (Learn from Others Experience)
Encrypted Text : AxboQXVKKPMm05cRaslMuxDl8IK77OLgG2ddnVSKzQUVQEXL/Xic+OHN/8ixbrFbvSrytStUWBsYQyXIWLQB22+0sg==
Exception in thread "main" javax.crypto.AEADBadTagException: Tag mismatch!
       at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:524)
       at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1023)
       at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:960)
       at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
       at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
       at javax.crypto.Cipher.doFinal(Cipher.java:2121)
       at enc_dec.AES_GCM_Example.decrypt(AES_GCM_Example.java:84)
       at enc_dec.AES_GCM_Example.main(AES_GCM_Example.java:41)

Solution

Here is an issue on decryption while changing the value of IV as in line by creating new byte array which is different from the value passed in encryption that’s why encryption and decryption authentication get failed.

As a solution specific this issue comment line 68 and it will return output as below.

Original Text : facing Issues on IT  (Learn from Others Experience)
Encrypted Text : faSkDrA737VyiocRk1n5arFGaO5r7GDN6xFmz7hjZppkN0y8sgcj9N5iqaZ2+gbRowli5Ocfm1sQB2qL+nEVIzsWVg==
DeCrypted Text : facing Issues on IT  (Learn from Others Experience)

References

• AEADBadTagException (Java Platform SE 7 )