> System.out.println(new
> SimpleByteSource(Base64.decode(decrypted.getBytes())).toString());
I think you're getting encryption/decryption mixed with
encoding/decoding - they are different operations.
For example, the 'decrypted' variable above represents decrypted
bytes. Decrypted bytes are not encoded bytes. So calling
Base64.decode(decryptedBytes) will fail - you're trying to decode
('un' encode) something that is not encoded.
There are 3 things at play here, and I think you're mixing them
together, and it is causing erroneous results and frustration (don't
worry, this confuses a lot of people, so you're definitely not alone
here). Here are the 3 things:
1. Encryption/Decryption operations have no 'knowledge' of of
encoding/decoding (like Base64 or Hex). They take in byte arrays (or
byte streams) and spit out byte arrays (or byte streams).
2. Once a CipherService spits out a byte array, those bytes can be
_anything_ - literally a mix of 1s and 0s that make no sense at all
(which is good crypto). But because totally seemingly random bytes
can't necessarily be printed to strings so people can see them,
something needs to ensure all those 1s and 0s can be converted into a
byte array that can be printed into strings. Base64 is one way of
transforming random-seeming bytes into a character-friendly byte set
(Hex is another way).
3. Once you have character-friendly bytes, the JDK needs to know how
you want those bytes transferred into Unicode characters. By default
Shiro specifies UTF-8 to guarantee portability. If you used, say,
someString.getBytes() (instead of someString.getBytes("UTF-8")), you
let Java default to the platform-specific character set. This will
cause problems for Shiro since it expects UTF-8 always.
Steps 2 and 3 (and their reverse) are hidden for Shiro end users if
you use the Base64.encode(unencodedBytes) and
Base64.decode(base64EncodedString) methods respectively.
Users should never have to worry about the CodecSupport helper methods
if they're using the API this way.
Does this help at all?
Cheers,
Les
P.S. I know this stuff can be confusing. Take a breather, relax and
maybe take a mental break. If you keep slamming your head against the
monitor, maybe it's time to grab a cup of coffee or something :)
