AndroidSnippets | Cattaka 's snippets for Android | Learning library

To directly answer your question: you can simply generate a random IV and prefix it to the ciphertext. You need to do this before encoding the ciphertext to hexadecimals. Then during decryption first decode, then "remove" the IV bytes, initialize the IV and finally decrypt the ciphertext to obtain the plaintext.

Note that the IV will always be 16 bytes for AES in CBC mode, so there is no direct need to include the IV length anywhere. I used quotes around "remove" as both IvParameterSpec as Cipher.doFinal accept buffers with offset and length; there is no need to copy the bytes to different arrays.

Notes:

• keys should not be strings; lookup PBKDF's such as PBKDF2 to derive a key from a password or pass phrase;
• CBC is generally vulnerable to padding oracle attacks; however, by keeping to PHP's zero padding you may have avoided attacks by accident;
• CBC doesn't provide integrity protection, so note that adversaries may change the ciphertext without decryption failing;
• if the underlying code that uses the text generates errors then you may be vulnerable to plaintext oracle attacks (padding oracle attacks are only part of the larger group of plaintext oracles);
• your Java code is unbalanced; the encrypt and decrypt mode should either perform hex encoding / decoding or they should not;
• the exception handling is of course not good (although that may be just for the example);
• String#getBytes() will use UTF-8 on Android, but it may use Windows-1252 on Java SE on Windows, so this is prone to generating the wrong key if you're not careful - always define the character set to use.

To use a shared secret to communicate, try TLS in pre-shared secret mode, defined by one of the PSK_ cipher suites.