Hey there, let’s break down what’s causing that BadPaddingException after you fixed the IllegalBlockSizeException by chunking your data, and how to resolve it properly.

Common Causes of the BadPaddingException #

This error almost always stems from mismatched configurations or incorrect data handling between encryption and decryption. Here are the most likely culprits in your case:

• Inconsistent padding schemes: If your encryption uses a padding mode (like PKCS1) but your decryption doesn’t specify the same, or uses a different one, padding validation will fail.
• Incorrect chunking logic: You might be chunking the Base64 string’s raw bytes instead of the decoded image binary, or miscalculating chunk sizes for encryption/decryption.
• Data corruption during transfer/storage: If your encrypted chunks get truncated or modified, decryption will fail padding checks.
• Key mismatch: Ensuring you’re using the exact matching private key for the public key used to encrypt is critical.

Step-by-Step Solution #

1. Standardize Padding Mode

Always explicitly specify the full transformation string for your Cipher instance to avoid platform-dependent defaults. For RSA, RSA/ECB/PKCS1Padding is the most common (and secure) choice for this use case. Both encryption and decryption must use this exact string.

2. Chunk the Decoded Image Binary (Not the Base64 String)

Instead of encrypting the Base64 string directly, first decode it to get the raw image bytes. This reduces the data size and avoids issues with Base64’s ASCII encoding interfering with chunking. Here’s why:

• Base64 strings are 33% larger than the original binary data, so chunking them wastes space and increases the chance of padding errors.
• Chunking Base64 characters can split logical sequences, even though Base64 uses ASCII, it’s still cleaner to work with raw binary.

3. Correct Chunk Size Calculations

For RSA with PKCS1 padding:

• Encryption chunk size: (key length in bytes) - 11 (PKCS1 requires 11 bytes of padding). For a 2048-bit key, that’s 256 - 11 = 245 bytes per chunk.
• Decryption chunk size: Equal to the key length in bytes (e.g., 256 bytes for 2048-bit keys), since encrypted chunks are always the same size as the key.

4. Working Code Example

Here’s a cleaned-up implementation that follows these rules:

Encryption Code

import javax.crypto.Cipher;
import java.security.PublicKey;
import java.util.Base64;
import java.io.ByteArrayOutputStream;

public class RSAEncryptor {
    public static String encryptImageBase64(String imageBase64, PublicKey publicKey) throws Exception {
        // Decode Base64 to raw image bytes
        byte[] imageBytes = Base64.getDecoder().decode(imageBase64);
        
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        
        int keyByteLength = publicKey.getEncoded().length / 2; // Adjust for key encoding format
        int maxEncryptChunkSize = keyByteLength - 11; // PKCS1 padding overhead
        
        ByteArrayOutputStream encryptedStream = new ByteArrayOutputStream();
        int offset = 0;
        
        while (offset < imageBytes.length) {
            int chunkLength = Math.min(imageBytes.length - offset, maxEncryptChunkSize);
            byte[] encryptedChunk = cipher.doFinal(imageBytes, offset, chunkLength);
            encryptedStream.write(encryptedChunk);
            offset += chunkLength;
        }
        
        // Convert encrypted bytes to Base64 for easy storage/transfer
        return Base64.getEncoder().encodeToString(encryptedStream.toByteArray());
    }
}

Decryption Code

import javax.crypto.Cipher;
import java.security.PrivateKey;
import java.util.Base64;
import java.io.ByteArrayOutputStream;

public class RSADecryptor {
    public static String decryptImageBase64(String encryptedBase64, PrivateKey privateKey) throws Exception {
        // Decode Base64 to encrypted bytes
        byte[] encryptedBytes = Base64.getDecoder().decode(encryptedBase64);
        
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        
        int keyByteLength = privateKey.getEncoded().length / 2;
        int decryptChunkSize = keyByteLength;
        
        ByteArrayOutputStream decryptedStream = new ByteArrayOutputStream();
        int offset = 0;
        
        while (offset < encryptedBytes.length) {
            int chunkLength = Math.min(encryptedBytes.length - offset, decryptChunkSize);
            byte[] decryptedChunk = cipher.doFinal(encryptedBytes, offset, chunkLength);
            decryptedStream.write(decryptedChunk);
            offset += chunkLength;
        }
        
        // Convert raw image bytes back to Base64
        return Base64.getEncoder().encodeToString(decryptedStream.toByteArray());
    }
}

Quick Checks to Verify #

• Double-check that both Cipher instances use RSA/ECB/PKCS1Padding (no shortcuts like just RSA).
• Ensure your private key is the exact pair for the public key used in encryption.
• Verify that encrypted data isn’t being truncated or modified when stored/transferred (using Base64 helps with this).

内容的提问来源于stack exchange，提问作者Jay