Android: Encrypt String, send via HTTPS and Decrypt String problem

Question

I have to Encrypt a String to send via HTTPS to a server. Then, on server side, I have to Decrypt the string and used it.

I used this code in both sides:

Answer 1

Why are you encrypting if you are using SSL in the first place? HTTPS (SSL) will encrypt your data in transit, and it will be automatically decrypted on the server. Additionally, your custom encryption scheme is very likely to be less secure than SSL.

Your error is in how you derive your key: setSeed() does not replace the state of the random number generator, it only augment it. What this means is that even if you pass the same bytes to setSeed(), generateKey() will most likely generate a different key. Use the PBE (password-based encryption) classes to derive a key from a password. Or make sure your server and client are using the same key in some other way.

Here a sample of generating a key from a password (for Android). You need to find a PBE algorithm that is supported both on Android and on your server. If you use the JCE Bouncy Castle provider in your server app, it should support the same algorithms as Android (Android uses Bouncy Castle for part of its JCE implementation).

SecretKeyFactory factory = 
    SecretKeyFactory.getInstance("PBEWITHSHAAND256BITAES-CBC-BC");
KeySpec spec = new PBEKeySpec("password".toCharArray(), salt, 1024, 256);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");