[Solved] java.security.InvalidKeyException: Parameters missing

You may get InvalidKeyException: Parameters missing error while performing AES encryption or decryption for password or any sensitive information. The exception stack trace look like this:

Error while decrypting: java.security.InvalidKeyException: Parameters missing

Solution to InvalidKeyException

Use IvParameterSpec class which specifies an initialization vector (IV). An initialization vector is necessary for any cipher in any feedback mode, e.g. CBC.

private static String secretKey = "boooooooooom!!!!";
private static String salt = "ssshhhhhhhhhhh!!!!";

public static String decrypt(String strToDecrypt, String secret) {
    try 
    {
        byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
        IvParameterSpec ivspec = new IvParameterSpec(iv);
        
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), 65536, 256);
        SecretKey tmp = factory.generateSecret(spec);
        SecretKeySpec secretKey = new SecretKeySpec(tmp.getEncoded(), "AES");
        
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
        cipher.init(Cipher.DECRYPT_MODE, secretKey, ivspec);
        return new String(cipher.doFinal(Base64.getDecoder().decode(strToDecrypt)));
    } 
    catch (Exception e) {
        System.out.println("Error while decrypting: " + e.toString());
    }
    return null;
}

Java AES 256 Encryption Decryption Example

Happy Learning !!

Ref: Class InvalidKeyException