0

While trying to make a secured connection using AES and RSA I found that when I tried to convert the key to string for sending it over the network, then it converted again to byte[]. The values changed. You can see the code involved below to understand my idea.

public class test {
     public static String asHex (byte buf[]) {
      StringBuffer strbuf = new StringBuffer(buf.length * 2);
      int i;

      for (i = 0; i < buf.length; i++) {
       if (((int) buf[i] & 0xff) < 0x10)
        strbuf.append("0");

       strbuf.append(Long.toString((int) buf[i] & 0xff, 16));
      }

      return strbuf.toString();
     }

 public static void main(String[] args) throws NoSuchAlgorithmException, UnsupportedEncodingException  {


  KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);

SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();

String r = new String(raw,"UTF-8");

System.out.println(asHex(raw));// prints for example fd812245c9bfc4106294d51bf27e3796

byte[] t = r.getBytes("UTF-8");

System.out.println(asHex(t));  // prints for example : efbfbd2245c9bfefbfbd1062efbfbdefbfbd1befbfbd7e37efbfbd

  }
}
Improve this question
2
  • I'm not sure if this causes your problem, but using UTF-8 as the encoding is probably not a good idea, because not every sequence of bytes is a valid UTF-8 string. I'd use a single-byte encoding like ISO8859-1. Commented Mar 26, 2011 at 14:55
  • @Philipp: Using any encoding which assumes it's really encoded text is a very bad idea. Commented Mar 26, 2011 at 15:00

3 Answers 3

Reset to default
4

It's because of conversion of the raw byte array to UTF-8 String. Since not every byte sequence is a valid UTF-8 string so String constructor can modify it while converting to sort of valid string.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

When you use the String(byte[], String) constructor, you're saying: "Here is an encoded version of some text, and this is the encoding."

That's not the case here. You don't have encoded text - you have opaque binary data. It's simply not text data. Use Base64 to convert it to a pure-ASCII string safely. There's a public domain Java encoder/decoder you can use.

Improve this answer

1 Comment

@moataz: It might depending on what you do with the string afterwards, but it's a fundamentally wrong approach. Just use Base64 like the rest of the world does when they want to represent opaque binary data in text.
0

That's why you should use the hex (or better - base64) representation to transfer byte arrays.

Improve this answer

1 Comment

@moataz It's bigger for a reason - it can be encoded and decoded without ambiguities. And you can compress it with gzip if traffic is an issue

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.