Base-64 encoding a string results in a longer string than you started with.
Think of it this way. You had an array with 8 significant bits in each byte. You end up with a string with only 6 of the bits being important (hence the 64 in the name, base-64, because 2^6 = 64) so it has to be longer by roughly 1/3.
Working backwards, AES encryption using the modes you have will add 16 bytes of padding so the result will be 16 bytes longer than what you fed it. That means you give it 1024 and encryption (before the base-64 encoding) will result in a length of 1040 bytes.
The arithmetic works this way:
1024 bytes + 16 padding = 1040 bytes
1040 bytes is not divisible by 3 (as required by base-64) so add 1 byte
1041 bytes * 8 = 8328 bits / 6 = 1388
1388 base-64 characters
PART 2
The reason you have extra bytes on the end is in this code:
byte[] buff = new byte[1024];
while((read = bIs.read(buff)) != -1)
{
byte[] enc = encrypt(buff);
bOs.write(enc, 0, enc.length);
}
On the last read, it does not read a full 1024 bytes into the buffer. The bytes from the previous read are still there.
The variable 'read' holds the number of bytes actually read. Notice how that variable isn't used. But you are encrypting the entire buffer, not just the first 'read' number of bytes.
You can fix this by passing the value of 'read' into your 'encrypt' method and using the alternate form of the doFinal(buff, 0, read)
method to just encrypt what was read.
Change this line:
byte[] enc = encrypt(buff, read);
And this one:
public byte[] encrypt(byte[] plainText, int len) throws Exception
And this one:
byte[] enc = Base64.encodeBase64(cipher.doFinal(plainText, 0, len));
You will need to do something similar to your decrypt because it may not have 1388 bytes to read the last time and the old bytes will be in the buffer. (You don't have this problem now because you always encrypt 1024 bytes. It's just that some of them are wrong if the file has a short read on the last block.)