I'm trying to encrypt data using DES CBC PKCS#5 packing, but I am
unable to achive encryption results matching that of java.
For the sake of debugging the issue I'm using an encryption key of 8
bytes (all zero) and an iv token of 8 bytes (all zero) both in java
and in C++.
In Java using the SUN JCE security provider and the IBM JCE Security
provider I get consistent results that are correct. Using Crypto++ I
must be doing something wrong .. but I cant figure it out.
Here is the java function for reference
===========================================================
// This method encrypts the usreid/password with the middle 8
bytes of
// the generated secret key and an encryption token. Then it
returns the
// encrypted data in a byte array.
// plainText The byte array form userid/password to encrypt.
// initVector The byte array which is used to calculate the
// encryption token.
// targetPublicKey DERBY' public key.
// Returns the encrypted data in a byte array.
public byte[] encryptData(byte[] plainText,
int securityMechanism,
byte[] initVector,
byte[] targetPublicKey) throws
SqlException {
byte[] cipherText = null;
byte[] cipherText2 = null;
java.security.Key key = null;
if (token_ == null) {
// token_ = calculateEncryptionToken(securityMechanism,
initVector);
// hardcode iv token to all zeros for debugging purposes
token_ = new byte[8];
token_[0]=0;
token_[1]=0;
token_[2]=0;
token_[3]=0;
token_[4]=0;
token_[5]=0;
token_[6]=0;
token_[7]=0;
}
// Hardcode the security key for debugging purposes - all
zeros
secKey_ = new byte[8];
secKey_[0]=0;
secKey_[1]=0;
secKey_[2]=0;
secKey_[3]=0;
secKey_[4]=0;
secKey_[5]=0;
secKey_[6]=0;
secKey_[7]=0;
try {
// //use this encryption key to initiate a
SecretKeySpec object
// secKey_ = generatePrivateKey(targetPublicKey);
javax.crypto.spec.SecretKeySpec desKey = new
javax.crypto.spec.SecretKeySpec(secKey_, "DES");
key = desKey;
// } else {
// //use this encryption key to initiate a
SecretKeySpec object
// javax.crypto.spec.DESKeySpec desKey = new
javax.crypto.spec.DESKeySpec(secKey_);
// if (secretKeyFactory_ == null) {
// secretKeyFactory_ =
javax.crypto.SecretKeyFactory.getInstance("DES", providerName);
// }
// key = secretKeyFactory_.generateSecret(desKey);
// }
//We use DES in CBC mode because this is the mode used in
PROTOCOL. The
//encryption mode has to be consistent for encryption and
decryption.
//CBC mode requires an initialization vector(IV)
parameter. In CBC mode
//we need to initialize the Cipher object with an IV,
which can be supplied
// using the javax.crypto.spec.IvParameterSpec class.
javax.crypto.Cipher cipher =
javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding", "SunJCE"); //
providerName
javax.crypto.Cipher cipher2 =
javax.crypto.Cipher.getInstance("DES/CBC/PKCS5Padding", "IBMJCE"); //
providerName
//generate a IVParameterSpec object and use it to initiate
the
//Cipher object.
javax.crypto.spec.IvParameterSpec ivParam = new
javax.crypto.spec.IvParameterSpec(token_);
javax.crypto.spec.IvParameterSpec ivParam2 = new
javax.crypto.spec.IvParameterSpec(token_);
//initiate the Cipher using encryption mode, encryption
key and the
//IV parameter.
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key,
ivParam);
cipher2.init(javax.crypto.Cipher.ENCRYPT_MODE, key,
ivParam2);
//Execute the final phase of encryption
cipherText = cipher.doFinal(plainText);
cipherText2 = cipher2.doFinal(plainText);
} catch (java.security.NoSuchProviderException e) {
throw new SqlException(agent_.logWriter_, e,
"java.security.NoSuchProviderException is caught "
+ "when encrypting data '" + e.getMessage() +
"'");
} catch (java.security.NoSuchAlgorithmException e) {
throw new SqlException(agent_.logWriter_, e,
"java.security.NoSuchAlgorithmException is caught "
+ "when encrypting data '" + e.getMessage() +
"'");
} catch (java.security.InvalidKeyException e) {
throw new SqlException(agent_.logWriter_, e,
"java.security.InvalidKeyException is caught "
+ "when encrypting data '" + e.getMessage() +
"'");
} catch (javax.crypto.NoSuchPaddingException e) {
throw new SqlException(agent_.logWriter_, e,
"javax.crypto.NoSuchPaddingException is caught "
+ "when encrypting data '" + e.getMessage() +
"'");
} catch (javax.crypto.BadPaddingException e) {
throw new SqlException(agent_.logWriter_, e,
"javax.crypto.BadPaddingException is caught "
+ "when encrypting data '" + e.getMessage() +
"'");
} catch (java.security.InvalidAlgorithmParameterException e) {
throw new SqlException(agent_.logWriter_, e,
"java.security.InvalidAlgorithmParameterException is caught "
+ "when encrypting data '" + e.getMessage() +
"'");
} catch (javax.crypto.IllegalBlockSizeException e) {
throw new SqlException(agent_.logWriter_, e,
"javax.crypto.IllegalBlockSizeException is caught "
+ "when encrypting data '" + e.getMessage() +
"'");
/* } catch (java.security.spec.InvalidKeySpecException e) {
throw new SqlException(agent_.logWriter_, e,
"javax.crypto.IllegalBlockSizeException is caught "
+ "when encrypting data '" + e.getMessage() +
"'"); */
}
return cipherText;
}
==================================================================
and a snippet of the C++ code for reference as well.
char szEncryptionKey[CryptoPP::DES::DEFAULT_KEYLENGTH];
char iv[CryptoPP::DES::BLOCKSIZE ];
char szEncryptedUserID[512];
char szEncryptedPassword[512];
char szPaddedUserID[256];
char szPaddedPassword[256];
char szDecryptedUserID[512];
char szDecryptedPassword[512];
memset(szEncryptionKey,0,8);
memset(iv,0,8);
sprintf(szPaddedUserID, "%s", GetDatabaseMessage()-
>GetDatabaseUserName());
sprintf(szPaddedPassword, "%s", GetDatabaseMessage()-
>GetDatabasePassword());
int nSizeUserID = strlen(szPaddedUserID);
int nSizePassword = strlen(szPaddedPassword);
CryptoPP::DESEncryption desE((const byte *)szEncryptionKey,
CryptoPP::DES::DEFAULT_KEYLENGTH);
CryptoPP::CBC_Mode_ExternalCipher::Encryption modeE(desE, (const byte
*)iv);
std::string ciphertext;
CryptoPP::StreamTransformationFilter cryptoEnc(modeE, new
CryptoPP::StringSink( ciphertext ) ,
CryptoPP::StreamTransformationFilter::PKCS_PADDING);
cryptoEnc.Put((const byte *)szPaddedUserID,strlen(szPaddedUserID));
cryptoEnc.MessageEnd();
==================================================================
ciphertext in C++ does not match the ciphertext in java.
Thanks
lm
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the "Crypto++ Users"
Google Group.
To unsubscribe, send an email to [EMAIL PROTECTED]
More information about Crypto++ and this group is available at
http://www.cryptopp.com.
-~----------~----~----~----~------~----~------~--~---
