I have been writing an interface to the OpenSRS system in Java. This of
course means rewriting large portions of the Perl and PHP clients in Java
including the encryption routines.
So far my client will connect with OpenSRS send and receive XML messages up
to the challenge. However, when I send back the MD5/encrypted challege the
TCP connection drops. Obviously I have something wrong in the encryption
scheme. After studying the PHP implementation it appeared to me (with my
limited cryptography experience) that it was all simply using DES/Blowfish
with CBC and PKCS5Padding. Is this wrong? Or do I need to do padding and
or CBC manually like in PHP? Why? Any help at all that someone can provide
is appreciated, especially someone who understands the OpenSRS encryption
process in depth. Thanks...
Notes:
-I am sending 'RandomIV' + IV as a prefix to the encrypted message
-I am not decrypting challenge. I simply get the md5 hash and send it back
encrypted
-My total challenge response length is 40 which I believe is correct
-I am using JCE 1.2 with 'Blowfish/CBC/PKCS5Padding' or
'DES/CBC/PKCS5Padding'
-Tried different DES and blowfish keys by 'Generating new private key'
-I have tried ABA, BouncyCastle, and Sun encryption providers
-Key is mangled before use according to algorithm in PHP code
Scott Meeuwsen
API Technologies, LLC
