Bouncy Castle 1.80: Encryption / Decryption not working anymore with NoIvGenerator

[wolfgangs-px]

Since bouncy castle version 1.80 the encryption and decryption for Ciphers like PBEWITHSHA256AND256BITAES-CBC-BC fail in our setup.

Example to reproduce the issue with Jasypt ( http://www.jasypt.org/bouncy-castle.html ) in Java:

StandardPBEStringEncryptor stringEncryptor = new StandardPBEStringEncryptor();
stringEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC");
stringEncryptor.setPassword(“secretPassword”);
stringEncryptor.setProvider(new BouncyCastleProvider());

String encryptedText = stringEncryptor.encrypt("plainText");

The underlying exception is: java.security.InvalidAlgorithmParameterException: IV must be 16 bytes long

We use Java 21, Jasypt 1.9.3 and org.bouncycastle:bcprov-jdk18on 1.80. Everything worked fine with bouncy castle 1.79, the error occurs since the 1.80 update.

It seems the issue is related to the IvGenerator. By default, a NoIvGenerator is added by Jasypt, if not specified differently.

If in the above code example you add a RandomIvGenerator , encrpytion and decryption work fine again.

But: We can not just switch to using a RandomIvGenerator, because we have stored the encrypted strings in a database and these can not be correctly decrpyted with a different IvGenerator than the NoIvGenerator used for encryption.

Why did the behaviour change and for the same algorithm there are now new requirements for the IvGenerator? Could this be fixed? Thanks!

[uszeiss]

I can confirm the behaviour described by Wolfgang. We too have existing encrypted strings that cannot be decrypted with the 1.80 version. Everything worked as expected with 1.79.

I would appreciate any support on this issue. Thanks!

[ligefeiBouncycastle]

Thank you for raising this issue. This issue is triggered by an improperly set IV.

In earlier versions, if no IV was provided, a backup IV was generated internally. Starting from version 1.80, a validation check was introduced to ensure the IV size is correct. If an IV is missing, this check triggers an exception.

To prevent this, please ensure that a valid IV is explicitly set when using Jasypt. I have added the following code to ensure the program runs properly:

stringEncryptor.setIvGenerator(new RandomIvGenerator());

We are currently discussing whether to introduce a mechanism that automatically uses a backup IV when none is provided.

[uszeiss]

Thank you for your feedback and for looking into this.

How can a message that was encrypted with BC 1.79 without explicitly setting an IV be decrypted with BC 1.80? I have not been able to do so even when I set an IV before performing the decryption.

I can provide a minimal example if required.

[wolfgangs-px]

Yes, thank you @ligefeiBouncycastle for looking into this.

I understand the issue and that it works when a RandomIvGenerator is used for encryption and decryption.

However, just as @uszeiss has explained, we have messages, that have been encrypted with BC 1.79 and without the RandomIvGenerator. We need to be able to decrypt these messages with BC 1.80, otherwise we can't upgrade BC.

How can we do this? Can we use the "internal backup Iv generator" that was added in 1.79?

Thanks again!