javax.crypto.BadPaddingException: Given final block not properly padded

[GoogleCodeExporter]

java.io.IOException: failed to decrypt safe contents entry: 
javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1277)
    at java.security.KeyStore.load(KeyStore.java:1185)
    at javapns.back.SSLConnectionHelper.<init>(Unknown Source)
    at javapns.back.PushNotificationManager.initializeConnection(Unknown Source)
    at cn.knet.wlb2b.ws.PushNotification.main(PushNotification.java:44)
Caused by: javax.crypto.BadPaddingException: Given final block not properly 
padded
    at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
    at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore.b(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA13*..)
    at javax.crypto.Cipher.doFinal(DashoA13*..)
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1274)
    ... 4 more

Original issue reported on code.google.com by chenguan...@163.com on 24 May 2011 at 6:59

[GoogleCodeExporter]

Something is wrong with your cert.

Where are you storing the cert? In what format? How did it get there? etc....

Original comment by idb...@pugetworks.com on 24 May 2011 at 9:10

[GoogleCodeExporter]

Same problem here.  It worked fine on a different machine, so I'm not sure 
what's wrong.

I'm storing the certificate as a file, "testcert.p12".  I emailed it to myself 
from the machine I made it on (Keychain app -> select developer and push cert, 
export).  I've re-made and re-emailed it to myself so I don't think it was a 
transmission error.  I'm working with Eclipse Helios on a Windows 7 machine, 
with JDK 1.5.

Original comment by bda...@gmail.com on 3 Aug 2011 at 6:05

[GoogleCodeExporter]

I assume you are using the jdk 1.5 version.

Sounds like the SSL certificate isn't loading properly... what happens when you 
enable ssl certificate logging as per:
http://code.google.com/p/javapns/wiki/Tips

Original comment by idbill.p...@gmail.com on 3 Aug 2011 at 2:43

[GoogleCodeExporter]

You say you 'emailed it to myself'...

Are you sure the file didn't get binhex encoded or modified in transit?

Does the filesize match on the originating machine and target machine?

Can you find a better way to copy the file? ftp? winscp? sneakernet?

Can you verify that java can load the file at all?

Original comment by idbill.p...@gmail.com on 3 Aug 2011 at 5:10

[GoogleCodeExporter]

bdares, were you able to solve the issue you reported?  Was it related to your 
keystore format or password?  May we close this issue as fixed?  Thank you!

Original comment by sype...@gmail.com on 7 Sep 2011 at 3:47

[GoogleCodeExporter]

Original comment by sype...@gmail.com on 9 Sep 2011 at 7:18

• Changed title: javax.crypto.BadPaddingException: Given final block not properly padded

[GoogleCodeExporter]

Issue suspected of being caused by invalid password for given keystore.

Closing issue as no feedback was received by original poster since issue was 
reported.  
Please feel free to re-open if the issue is still valid.

Original comment by sype...@gmail.com on 14 Sep 2011 at 4:00

• Changed state: Invalid

[GoogleCodeExporter]

if we wanna decrypt a encrypted file than this exception arise (file is 
encrypted). 
but if we encrypt file n thank decrypt in same code thank code execute 
successfully

can some help me please

Original comment by ambitiou...@gmail.com on 19 Oct 2011 at 7:35

[GoogleCodeExporter]

I do not understand what you mean.  Please provide a copy of the code you are 
trying to run, and the exception (with stack trace) you are getting.  Thank you.

Original comment by sype...@gmail.com on 19 Oct 2011 at 2:34

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

    public static void main(String[] args) throws Exception {
        InputStream in = new FileInputStream(new File("C:/user.p12"));
        KeyStore ks = java.security.KeyStore.getInstance("PKCS12");
        ks.load(in,"user".toCharArray());
        in.close();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(ks);
        X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
        SSLContext context =SSLContext.getInstance("TLS");
        context.init(null, new TrustManager[]{defaultTrustManager}, null);
        SSLSocketFactory sslSocketFactory = context.getSocketFactory();

        URL url = new URL("https://192.168.1.1:8443/test/test");
        URLConnection conn = url.openConnection();
        ((HttpsURLConnection) conn).setHostnameVerifier(new javax.net.ssl.HostnameVerifier() {


            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                // TODO Auto-generated method stub
                return true;
            }
        });
        ((HttpsURLConnection)conn).setSSLSocketFactory(sslSocketFactory);
        conn.connect();

I configure my tomcat using server.p12  , I get the following error


Exception in thread "main" java.io.IOException: failed to decrypt safe contents 
entry: javax.crypto.BadPaddingException: Given final block not properly padded
    at com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore.engineLoad(Unknown Source)
    at java.security.KeyStore.load(Unknown Source)
    at testpack.Newtest.main(Newtest.java:24)
Caused by: javax.crypto.BadPaddingException: Given final block not properly 
padded
    at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
    at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore.b(DashoA13*..)
    at com.sun.crypto.provider.PKCS12PBECipherCore$PBEWithSHA1AndRC2_40.engineDoFinal(DashoA13*..)
    at javax.crypto.Cipher.doFinal(DashoA13*..)
    ... 3 more

Original comment by digitech...@gmail.com on 23 Nov 2011 at 11:46

[GoogleCodeExporter]

Your code is not even using the JavaPNS library...  Are you requesting support 
in a project you are not using?  Or am I missing something here...

Original comment by sype...@gmail.com on 23 Nov 2011 at 2:01

[GoogleCodeExporter]

go to function extractPrivateKey()
and change alias and password

Original comment by atuldhaw...@gmail.com on 4 Oct 2013 at 10:43

[GoogleCodeExporter]

I want to encrypt with certificate private key (.pfx) and decrypt with public 
key.

Original comment by ayethand...@gmail.com on 3 Sep 2014 at 7:42