AES decryption gives extra zeros in the result
Solution 1:
Reading is fundamental. The docs for getOutputSize
indicate you can't use it for this purpose:
The actual output length of the next update or doFinal call may be smaller than the length returned by this method.
Encrypt it then check the resulting byte array, or do something with the return value of the doFinal
method (which really tells you how many bytes it made), or make a ByteArrayOutputStream
and send both the iv and the bytes from doFinal
(taking into account what it returns) there, then ask it for the byte[]
, or use a ByteBuffer.
Note that CBC is dubious, as is pass hashing with SHA-256. It works, but it's 'too fast', it's very easy for a hacker to try a few billion passwords a second. In general you shouldn't be handrolling this stuff.