Skip to content

Decrypt using AES-256-ECB in Java

I have encrypted the string in PHP using AES-256-ECB.

$sString   = "test"
$sEncryptionMethod = "AES-256-ECB";
$sEncryptionKey = "mysecretkey";

openssl_encrypt($sString, $sEncryptionMethod, $sEncryptionKey)

I would like to decrypt the same using Java/Scala?

 String secret = "mysecretkey";
 SecretKeySpec skeySpec = new SecretKeySpec(encKey.getBytes("UTF-8"), "AES");
 byte[] decodedValue = Base64.getDecoder.decode(token);

 Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
 int decryptMode = Cipher.DECRYPT_MODE;
 cipher.init(decryptMode, skeySpec);
 new String(cipher.doFinal(decodedValue));

I am seeing the following error? how can we decrypt the same using Java? Note: (decryption in PHP is working as expected) but I want to do this in Java

Given final block not properly padded. Such issues can arise if a bad key is used during decryption.


The key has to be exactly 256 bit long. Clearly the PHP side is doing some unspecified magic voodoo to "mysecretkey" to obtain a 256 bit key. Java does not, as a rule, engage in ‘the user does not appear to know what they are doing, eh, I’ll take a wild stab in the dark’, like PHP does, which is the problem here.

Figure out how “mysecretkey” is turned into a 256-bit key, and replicate that in java.

NB: ECB is extremely insecure. It sounds like you don’t know enough about encryption to have any hope of producing an application that is actually hard to trivially break.

NB2: Note that the PHP documentation itself strongly suggests that ‘key’ should be some cryptographically derived secure source of 256 bits. The fact that openssl_encrypt actually gives you an answer when you provide a broken key is somewhat eyebrow raising. See the various comments at the PHP manual on openssl_encrypt which clearly highlight some weirdness is going on there but none are clear enough to actually explain what PHP is doing here.