private byte[] decryptPBE(byte[] cipherBytes) { PBECipherProvider pbecp = (PBECipherProvider) cipherProvider; final EncryptionMethod encryptionMethod = EncryptionMethod.forAlgorithm(algorithm); // Extract salt int saltLength = CipherUtility.getSaltLengthForAlgorithm(algorithm); byte[] salt = new byte[saltLength]; System.arraycopy(cipherBytes, 0, salt, 0, saltLength); byte[] actualCipherBytes = Arrays.copyOfRange(cipherBytes, saltLength, cipherBytes.length); // Determine necessary key length int keyLength = CipherUtility.parseKeyLengthFromAlgorithm(algorithm); // Generate cipher try { Cipher cipher = pbecp.getCipher(encryptionMethod, new String(password.getPassword()), salt, keyLength, false); // Write IV if necessary (allows for future use of PBKDF2, Bcrypt, or Scrypt) // byte[] iv = new byte[0]; // if (cipherProvider instanceof RandomIVPBECipherProvider) { // iv = cipher.getIV(); // } // Decrypt the plaintext return cipher.doFinal(actualCipherBytes); } catch (Exception e) { throw new EncryptionException("Could not decrypt sensitive value", e); } }