I wanted to confirm this worked for myself, so for the benefit of anyone else that comes across this thread, here’s some Rust code to do AES-256 encryption with a fixed key:
use aes::Aes256;
use base64ct::{Base64, Encoding};
use block_modes::{BlockMode, Cbc};
use block_modes::block_padding::Pkcs7;
use hmac::Hmac;
use pbkdf2::pbkdf2;
use rand::RngCore;
use sha2::Sha256;
fn main() {
let mut key = [0u8; 32];
pbkdf2::<Hmac<Sha256>>(b"changeme", b"salt", 10, &mut key);
let mut iv = [0u8; 16];
rand::thread_rng().fill_bytes(&mut iv);
let cipher = Cbc::<Aes256, Pkcs7>::new_from_slices(&key, &iv).unwrap();
let enc = cipher.encrypt_vec(b"Hello, world!");
let mut msg = Vec::with_capacity(iv.len() + enc.len());
msg.extend_from_slice(&iv);
msg.extend_from_slice(&enc);
println!("{}", Base64::encode_string(&msg));
}
and the corresponding Java code to decrypt it:
package test;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import java.util.Arrays;
import java.util.Base64;
public class DecryptAES {
public static void main(String[] args) throws Exception {
byte[] msg = Base64.getDecoder().decode(args[0]);
PBEKeySpec pbeKeySpec = new PBEKeySpec("changeme".toCharArray(), "salt".getBytes(), 10, 256);
SecretKey secretKey = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(pbeKeySpec);
SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getEncoded(), "AES");
IvParameterSpec iv = new IvParameterSpec(Arrays.copyOf(msg, 16));
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, iv);
byte[] dec = cipher.doFinal(msg, 16, msg.length - 16);
System.out.println(new String(dec));
}
}
For example:
> cargo run --release
Compiling rustaes v0.1.0
Finished release [optimized] target(s) in 1.03s
Running `target\release\rustaes.exe`
ugWZd3YFNqk/DuhSPoyHSxAv4+40JLnWh/kxK/SfXcw=
and passing that to the Java code:
> .\gradlew run --args ugWZd3YFNqkiCfdCPoyHSxAv4+40JLnWh/kxK/SfXcw=
> Task :run
Hello, wrust!
Well, it looks like the encrypted message got corrupted at some point without any errors, but I’m sure it’ll be fine, right?