Read PKCS8 encrypted key with Triple DES

Similar Messages

• Can't read load RSA public key with JDK 1.4.2_08?

  We have been using Bouncy Castle's provider to provide RSA encryption and decryption of a login name and password for several years ... with JDKs in the 1.4.2 series up through 1.4.2_07.
  Recently, however, Sun released JDK 1.4.2_08, and suddenly any of our Java Web Start client applications are unable to successfully load the public key that we use to encrypt their login name and password before shipping it to the server for authentication with the 1.4.2_08 JRE. But, if we revert back to 1.4.2_07, everything works again.
  This public key itself has been in use for several years and the same code to read the public key has been in use for a long time ... including multiple versions of the BouncyCastle provider and all versions of the JDK up through 1.4.2_07. But suddenly things appear to break with JDK 1.4.2_08.
  This smells like a problem with JDK 1.4.2_08 so I thought that I'd check on this forum to see if any other Bouncy Castle users have experienced this problem. Is there anything further that I can do to check this out? Has any Bouncy Castle user successfully loaded a RSA public key from a byte stream with JDK 1.4.2_08? Or have people using other providers seen any problems reading similar public keys with JDK 1.4.2_08?
  The code that is failing on the client side is:
  try {
     encKey = new byte[this.publicKeyInputStream.available()];
     this.publicKeyInputStream.read(encKey);
     spec = new X509EncodedKeySpec(encKey);
     keyFactory = KeyFactory.getInstance("RSA",  "org.bouncycastle.jce.provide.BouncyCastleProvider");
     myPublicKey = keyFactory.generatePublic(spec);
     return myPublicKey;
  catch (Exception e) {
     e.printStackTrace();
  }The stack trace that I'm getting includes ...
  java.security.spec.InvalidKeySpecException: java.lang.IllegalArgumentException: invalid info structure in RSA public key
     at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(JDKKeyFactory.java:330)
     at java.security.KeyFactory.generatePublic(Unknown Source)
     at org.opencoral.util.Encryption.loadPublicKey(SourceFile:450)
     at org.opencoral.util.Encryption.<init>(SourceFile:119)
     at org.opencoral.main.Coral.<init>(SourceFile:338)
     at org.opencoral.main.Coral.main(SourceFile:1919)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at com.sun.javaws.Launcher.executeApplication(Unknown Source)
     at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
     at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
     at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
     at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
     at com.sun.javaws.Launcher.run(Unknown Source)
     at java.lang.Thread.run(Unknown Source)While it clearly indicates that it thinks that there is an "invalid info structure in RSA public key", I believe that nothing has changed in the structure of our key ... and this same key still works properly if I revert to JDK 1.4.2_07.
  Any thoughts or insights?
  Thanks,
  John Shott

  I'm facing the same Exception here,
  With JDK 1.5 (SUNJce) i'm getting --
  Exception in thread "main" java.security.spec.InvalidKeySpecException: java.secu
  rity.InvalidKeyException: Invalid RSA public key
  at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(Unknown Source)
  With BouncyCastle i'm getting --
  Exception in thread "main" java.security.spec.InvalidKeySpecException: java.lang
  .IllegalArgumentException: invalid info structure in RSA public key
  at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(
  JDKKeyFactory.java:345)
  Any Solution?

• Single sign on using AES or Triple DES algorithm.

  Hello all-
  At my client place we have to setup a Single Sign On Functionality to an external system. The link will be on the portal page for the employees to click. This functioanlity has to be done by either AES (Advanced Encryption Algorithm) or Triple DES algorithm.
  When the user clicks the SSO link on the portal page, the BSP application should implement any of these two above mentioned encryption algorithms and post the encrypted key appended to the third party URL. Then the third party system will decrypt and verify the user who is requesting the information and accordingly either allow or deny.
  If anyone has any info on this please revert back.
  Thank you very much for the help.
  Ramesh.

  Hi Ramesh,
  Did u get any clarification regarding Standard Triple DES algorithm.
  If yes,Please let me know.
  Thanks,
  JOhny lever

• Exporting an encrypted key using DESede that is compatible with openssl

  I have been banging my head against this wall for a week now. I need to take an existing PrivateKey and store it in a PKCS#8 container using Triple DES. The only "successful" attempt I have had so far creates a container using pbeWithSHA1And3-KeyTripleDES-CBC wich is not even close to the same thing as des-ede3-cbc. I have a before/after dump using "openssl asn1parse ..." as a reference:
  Non-working one:
      0:d=0  hl=4 l= 682 cons: SEQUENCE
      4:d=1  hl=2 l=  36 cons:  SEQUENCE
      6:d=2  hl=2 l=  10 prim:   OBJECT            :pbeWithSHA1And3-KeyTripleDES-CBC
     18:d=2  hl=2 l=  22 cons:   SEQUENCE
     20:d=3  hl=2 l=  16 prim:    OCTET STRING      [HEX DUMP]:9950B90483C58D10807A8A4BEE7E6199
     38:d=3  hl=2 l=   2 prim:    INTEGER           :0800
     42:d=1  hl=4 l= 640 prim:  OCTET STRING      [HEX DUMP]:FB5130BAA93B217C3D9CC157B48A3A470CExisting one (made using "openssl pkcs8 -topk8 -in temp.key -v2 des3"):
      0:d=0  hl=4 l= 710 cons: SEQUENCE
      4:d=1  hl=2 l=  64 cons:  SEQUENCE
      6:d=2  hl=2 l=   9 prim:   OBJECT            :PBES2
     17:d=2  hl=2 l=  51 cons:   SEQUENCE
     19:d=3  hl=2 l=  27 cons:    SEQUENCE
     21:d=4  hl=2 l=   9 prim:     OBJECT            :PBKDF2
     32:d=4  hl=2 l=  14 cons:     SEQUENCE
     34:d=5  hl=2 l=   8 prim:      OCTET STRING      [HEX DUMP]:56E20E2561891C26
     44:d=5  hl=2 l=   2 prim:      INTEGER           :0800
     48:d=3  hl=2 l=  20 cons:    SEQUENCE
     50:d=4  hl=2 l=   8 prim:     OBJECT            :des-ede3-cbc
     60:d=4  hl=2 l=   8 prim:     OCTET STRING      [HEX DUMP]:903C92209EBA0B3A
     70:d=1  hl=4 l= 640 prim:  OCTET STRING      [HEX DUMP]:0C6033115F1AEF6724E1I just need some basic help on getting from the PrivateKey to the output that will work with openssl.

  The only "successful" attempt I have had so far creates a container using pbeWithSHA1And3-KeyTripleDES-CBC wich is not even close to the same thing as des-ede3-cbc.What do you mean "not even close"? They certainly have different numbers of letters in their names, but cryptographically they are very similar.
  Non-working one:What doesn't work about it?
  I just need some basic help on getting from the PrivateKey to the output that will work with openssl.The example I provided in the earlier thread works just fine with openssl.

• Utility to generate the triple des (3DES) encrypted password in wl 6.1?

  To take advantage of the encrypted passwords in config.xml, as of wl 6.1, is
  there a weblogic utiltiy or api tha could be used to encrypt plaintext into
  the triple-des symmetric key PRIOR to having an SA or DBA type it into the
  console? This would help me greatly in the deployment and security of
  passwords.
  Thanks in Advance,
  Steve Rogers

  Hi,
  Thank you for your question.
  I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
  Thank you for your understanding and support.
  Best Regards,
  Aiden
  Aiden Cao
  TechNet Community Support

• Triple DES CBC Encryption using an Initial Vector

  How can triple DES encryption in CBC be done using the javacard package and not javax?
  Will this do?
                 cipher3DESCBCDebSesKey1.init( key, Cipher.MODE_ENCRYPT, initVector, (short) 0, (short) 8);
                 cipher3DESCBCDebSesKey1.doFinal( input, (short) 0, (short) 16, SesKey, (short) 0 );
  After all the initialization, will the doFinal already give me the result of triple DES using CBC? or do I have to init* and doFinal* three times?
  Also, I used the no pad setting for this one.
  cipher3DESCBCDebSesKey1 = Cipher.getInstance( Cipher.ALG_DES_CBC_NOPAD, false );

  The fact that only the first block is corrupt is indicative that I you are not using the same IV on both sides. This is confirmed by your PHP code that seems to generate a random IV so your chance of getting the same IV on both sides is just about zero.

• Generate DES key with java card with JCRE 2.1.2

  Hi everyone,
  I want to generate DES key in my applet . my card supports GP 2.0.1 and JCRE 2.1.2 .
  I have tested my applet with JCRE 2.2.1 and used this JCSystem class functions to generate DES key and it compiles and works correctlly .
  but when I want to compile my applet with JCRE 2.1.2 I recieve an error which says that API 2.1.2 doesn't support JCSystem class .
  so I'll really appreciate it if anyone could tell me how can I generate DES key with JCRE 2.1.2
  and also I use JCSystem class functions to get my card's persistent and transistent memory , so with this class not working on JCRE 2.1.2 I have problem to read my free memories too .
  So I'll appreciate your help on this matter too.
  Best Regards,
  Vivian

  Hi Vivian,
  I don't seem to have any problem with the code you posted. What is the error you are getting? Is it with the compiler or with the CAP file converter? If it is a compiler error, you will need to ensure that the Java Card API jar is in your build path.
  Here is a simple class that works with JC 2.1.1 (which will work with JC 2.1.2 as well). I have confirmed that this applet compiles and will return encrypted data to the caller.
  package test;
  import javacard.framework.APDU;
  import javacard.framework.Applet;
  import javacard.framework.ISO7816;
  import javacard.framework.ISOException;
  import javacard.framework.JCSystem;
  import javacard.security.DESKey;
  import javacard.security.KeyBuilder;
  import javacard.security.RandomData;
  import javacardx.crypto.Cipher;
  * Test JC2.1.1 applet for random DES key.
  * @author safarmer - 1.0
  * @created 24/11/2009
  * @version 1.0 %PRT%
  public class TestApplet extends Applet {
      private DESKey key;
      private Cipher cipher;
       * Default constructor that sets up key and cipher.
      public TestApplet() {
          RandomData rand = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
          short lenBytes = (short) (KeyBuilder.LENGTH_DES / 8);
          byte[] buffer = JCSystem.makeTransientByteArray(lenBytes, JCSystem.CLEAR_ON_DESELECT);
          key = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES, false);
          rand.generateData(buffer, (short) 0, lenBytes);
          key.setKey(buffer, (short) 0);
          cipher = Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M1, false);
      public static void install(byte[] bArray, short bOffset, byte bLength) {
          // GP-compliant JavaCard applet registration
          new TestApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
      public void process(APDU apdu) {
          // Good practice: Return 9000 on SELECT
          if (selectingApplet()) {
              return;
          byte[] buf = apdu.getBuffer();
          switch (buf[ISO7816.OFFSET_INS]) {
              case (byte) 0x00:
                  cipher.init(key, Cipher.MODE_ENCRYPT);
                  short len = cipher.doFinal(buf, ISO7816.OFFSET_CDATA, buf[ISO7816.OFFSET_LC], buf, (short) 0);
                  apdu.setOutgoingAndSend((short) 0, len);
                  break;
              default:
                  // good practice: If you don't know the INStruction, say so:
                  ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
  }Cheers,
  Shane

• How to encrypt excel file data using triple DES algorithm in oracle

  Hi,
  I would like to know the process or script to encrypt/decrypt the excel file data using triple DES algorithm in oracle.

  I'm not quite sure your requirement.... do you mean when uploading files to be stored in the database ?

• Fulldisk encryption with a gpg encrypted key?

  Hi all, anyone know if it is possible to encrypt a root partition using a gpg encrypted key?
  To create it and open it I would use something like this.
  #dd if=/dev/urandom bs=512 count=4|gpg –symmetric –a > ./rootkey.gpg
  #gpg --quiet --decrypt rootkey.gpg | cryptsetup -v --cipher serpent-cbc-essiv:sha256 --key-size 256 luksFormat /dev/sda3
  #gpg --decrypt key.gpg 2>/dev/null | cryptsetup luksOpen /dev/sda3 root
  which works, if i can manually enter the commands to decrypt the drive, but how would i do that at boot? i was reading a article on the gentoo wiki about creating custom scripts etc etc to handle it all. can something similar be applied in arch linux? if this is at all possible is there somewhere where i can find some documentation regarding doing this?
  cheers.

  Nothing wrong with using LUKS, and in a way I am still using LUKS but what I am doing here is having a key file encrypted using GnuPG and stored between the MBR and first partition. In my modified /lib/initcpio/hooks/encrypt script it will ask for the password for the keyfile to decrypt the root partition and if an incorrect password is entered more than say 3 times it will shred the keyfile making the root partition impossible to ever decrypt. For a backup for myself I will have a copy of the gpg encrypted key stored somewhere on the web.
  So basically adding a whole new layer of security to the system. The more layers of security you can add the better.
  I do know this is a little over board, but its more for the fun of doing it. In a strange sort of nerdy way
  But back to what you were saying about the libraries? From the archlinux wiki
  These options allow users to add files to the image. Both BINARIES and FILES are added before hooks are run, and may be used to override files used or provided by a hook. BINARIES are dependency-parsed, meaning any required libraries will also be added. FILES are added as-is. For example:
  So I shouldn't have to worry about them.

• Installation with LVM and gpg-encrypted key, what to tell Grub

  Hi,
  after years of using Gentoo Linux I grew tired of the compilation effort, so I decided to give Arch Linux a shot. I like the idea of a basic system which I can fit to my needs instead of a bloated distribution.
  I want to encrypt my disk and did this with the following tutorials:
  Official Arch Linux Install Guide
  DM Crypt with LUKS
  Basic Cryptsetup
  Gentoo DM-Crypt with LUKS
  So far, the installation worked well, but I'm stuck with this problem:
  I have a gpg encrypted key stored on a SD-Card.
  My mkinitcpio.conf has the hook line:
  HOOKS="base udev autodetect pata scsi sata mmc usbinput fsck keymap encrypt lvm2 filesystems
  /etc/default/grub contains:
  GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda6:vg root=/dev-mapper/vg-root ro cryptkey=/dev/mmcblk0p1:jfs:/Key.gpg"
  However, if I am booting, there are the following outputs:
  No key available with this passphrase.
  Invalid keyfile. Reverting to passphrase.
  A password is required to access the vg volume:
  Enter passphrase for /dev/sda6:
  So, obviously, he isn't able to gpg-decrypt the key, or am I missing something?
  I do really need some help at this point.

  On my gentoo installation, I had to tell cryptsetup to use the decrypted key as password for the new key. In fact
  gpg -q -d <GPG-Keyfile> | cryptsetup luksOpen /dev/<encryptedPartition> <cryptContainer>
  did exactly what I wanted.
  I wanted to have my system highly secured, so a password-protected keyfile on an extern medium was the best choice.
  Edit: There has been another tutorial: System encryption with gpg encrypted keys, but it's out of date.
  Last edited by iarumas (2012-12-05 22:50:34)

• How encrypt msg with Public Key ?

  I want to encrypt my Session Key with the public key of the recipient but how can I do ?
  I know how to encrypt with the Secret Key but not with the Public Key.
  Thanks for response
  Nicolas

  It depends on the cryptosystem of which the public key you are having.
  If it is of RSA then you have to get the cipher of RSA and pass the session key bytes as input to it.

• Can No Longer Read Uninstall Keys with vbscript package run by SCCM

  Hi, 
  I've been using vbscript packages in SCCM for over a decade, and one thing I do is use the registry to determine if I need to uninstall an old program with the Value:
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
  or
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
  Example code snip:
  UnstKey = "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81BE0B17-563B-45D4-B198-5721E6C665CD}"
  UnstVal = wshShell.RegRead(UnstKey & "\UninstallString")
  If I run this manually, it works great, but all of a sudden, when I run a vbscript like this in SCCM it now returns: 
  Invalid root in registry key "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{...}\UninstallString"
  I normally run everything whether or not a user is logged on as System, but I did a test, and it even fails if I run the package as the user, which really surprised me. I check permissions in registry key, and Everyone has read, System has Modify.
  This code was working about a month ago. No changes to SCCM that I know. Sadly, we are still running 2007 SP2
  Please help!

  If anyone else stumbles on this issue, you're almost certainly running into the issue with 64bit clients.  Config Manager Agent runs as a 32bit process so won't read the registry key from the location you're expecting.  This uninstall strings will
  be in the following location:
  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
  If you need an existing VBScript to run you'll want to call the following:
  %windir%\Sysnative\wscript.exe 
  Hope this helps.  I should have spotted this with my Config Manager earlier.  Had me scratching my head for a while.

• How to read an internal table with more than  one (2 or 3) key field(s).

  how to read an internal table with more than  one (2 or 3) key field(s). in ecc 6.0 version

  hi ,
  check this..
  report.
  tables: marc,mard.
  data: begin of itab occurs 0,
        matnr like marc-matnr,
        werks like marc-werks,
        pstat like marc-pstat,
        end of itab.
  data: begin of itab1 occurs 0,
        matnr like mard-matnr,
        werks like mard-werks,
        lgort like mard-lgort,
        end of itab1.
  parameters:p_matnr like marc-matnr.
  select matnr
         werks
         pstat
         from marc
         into table itab
         where matnr = p_matnr.
  sort itab by matnr werks.
  select matnr
         werks
         lgort
         from mard
         into table itab1
         for all entries in itab
         where matnr = itab-matnr
         and werks = itab-werks.
  sort itab1 by matnr werks.
  loop at itab.
  read table itab1 with key matnr = itab-matnr
                            werks = itab-werks.
  endloop.
  regards,
  venkat.

• Read "Qualified Range Key Generation" with Java API.

  Hi guru,
  I use MDM 5.5 SP6.
  In MDM Console I read Qualified Range Key Generation it in "ADMIN -> Remote Systems -> Qualified Range".
  I have to get "Qualified Range Key Generation" with Java API.
  It's possible?

  Hi Rocco,
  I am also thinking  of same scenario.I thought it is possible in Java Apis by calling the webservices for MDM.there is a service of "get key mapping" where we can pass this "Qualified key range" as  parameter.In MDM we have to define a look up table for that key ranges .We will access that table through JAVA API and then link it with the key mapping service .
  If u find any solution to apply this ,please share.
  thanks and regards
  Ank

• Sending the key with Socket

  Hello!
  I have made an application that encrypts a byte[], sends it to a server.
  And after that i am trying to decrypt it. But that gives me problem.
  The exception i get is:
  BadPaddingException: javax.crypto.BadPaddingException: Given final block not properly padded.
  This is my code.
  The client
  import java.net.*;
  import java.io.*;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  import java.security.*;
  import java.security.spec.*;
  import java.util.*;
  class Client
    public static void main(String a[])
      Socket socket = null;
      try
        // Create Key
        KeyGenerator kg = KeyGenerator.getInstance("DES");
        SecretKey secretKey = kg.generateKey();
        // Create Cipher
        Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
        desCipher.init(Cipher.ENCRYPT_MODE, secretKey);
        socket = new Socket("localhost", 3000);
        DataOutputStream dataOutputStream = new DataOutputStream(socket.getOutputStream());
        ObjectOutputStream out = new ObjectOutputStream(socket.getOutputStream());
        File file = new File("Mattias.jpg");
        FileInputStream fileInputStream = new FileInputStream(file);
        byte[] bytes = new byte[(int)file.length()];
        fileInputStream.read(bytes);
        fileInputStream.close();
        byte[] encryptedBytes = new byte[(int)file.length()];
        encryptedBytes = desCipher.doFinal(bytes);
        out.writeInt((int)file.length());
        out.writeObject((Object)secretKey);
        dataOutputStream.write(encryptedBytes);
        out.flush();
        dataOutputStream.flush();
        out.close();
        dataOutputStream.close();
      catch(IOException e)
        e.printStackTrace();
      catch (NoSuchPaddingException e)
        System.err.println("Padding problem: " + e);
      catch (NoSuchAlgorithmException e)
        System.err.println("Invalid algorithm: " + e);
      catch (InvalidKeyException e)
        System.err.println("Invalid key: " + e);
      catch (IllegalBlockSizeException e)
        System.err.println("IllegalBlockSizeException: " + e);
      catch (BadPaddingException e)
        System.err.println("BadPaddingException: " + e);
      finally
        try
          socket.close();
        catch(IOException e)
          e.printStackTrace();   
  The server
  import java.net.*;
  import java.io.*;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  import java.security.*;
  import java.security.spec.*;
  import java.util.*;
  class Server
    public static void main(String a[]) throws IOException
      new Server().listen(3000);
    public void listen(int port) throws IOException
      ServerSocket serverSocket = new ServerSocket(port);
      new SocketHandler(serverSocket.accept()).start();
    class SocketHandler extends Thread
      Socket socket = null;
      SocketHandler(Socket socket)
        this.socket = socket;
      public void run()
        try
          SecretKey secretKey = null;
          File file = new File("file.jpg");
          OutputStream fileOutputStream = new FileOutputStream(file);
          BufferedInputStream bufferedInputStream = new BufferedInputStream(socket.getInputStream());
          ObjectInputStream in = new ObjectInputStream(socket.getInputStream());
          int fileSize = in.readInt();
          byte[] encryptedBytes = new byte[fileSize * 8];
          byte[] bytes = new byte[fileSize];
          secretKey = (SecretKey)in.readObject();
          // Create Cipher
          Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
          desCipher.init(Cipher.DECRYPT_MODE, secretKey);
          int i = -1;
          while (true)
            i = bufferedInputStream.read(encryptedBytes, 0, encryptedBytes.length);
            bytes = desCipher.doFinal(encryptedBytes);
            if (i == -1)
              break;
            fileOutputStream.write(bytes, 0, i);
          bufferedInputStream.close();
          fileOutputStream.flush();
          fileOutputStream.close();
        catch (IOException ioe)
          ioe.printStackTrace();
          catch(ClassNotFoundException cnfe)
          cnfe.printStackTrace();
        catch (NoSuchPaddingException e)
          System.err.println("Padding problem: " + e);
        catch (NoSuchAlgorithmException e)
          System.err.println("Invalid algorithm: " + e);
        catch (InvalidKeyException e)
          System.err.println("Invalid key: " + e);
        catch (IllegalBlockSizeException e)
          System.err.println("IllegalBlockSizeException: " + e);
        catch (BadPaddingException e)
          System.err.println("BadPaddingException: " + e);
        finally
          try
            socket.close();
          catch (IOException ioe)
            ioe.printStackTrace();
  }What am i doing wrong? How should i solve it?

  This looks suspect -DataOutputStream dataOutputStream = new DataOutputStream(socket.getOutputStream());
        ObjectOutputStream out = new ObjectOutputStream(socket.getOutputStream());It is normally a bad idea to attach a single OutputStream to 2 or more 'filter' streams.
  You could always sent the data as an object i.e.out.writeObject(encryptedBytes);Also, you make the assumption that the encrypted length is the same as the file length. With PKCS5Padding this is never the case since it pads with 1 to 8 bytes to make up to the block size. This is probably the cause of the BadPaddingException. If you send the encrpted data over as an object then you don't need to send the length.
  Your stream uses in the client and server differ. You have no DataInputStream in the server to match the DataOuputStream in the client. To be safe, stick to Object streams or Data streams but don't mix.
  P.S. Isn't sending the key with the cipher text a litte insecure!!!