I think you'll get better results if you
encAlg = EncryptionAlgorithm.DES3_CBC_PAD;
and skip the pad() and unpad() calls.
Doug Davies wrote:
> Ok, more info... SORRY... here's the initialization stuff, if it helps. I
> notice that if I go smaller than 7 on the iterations, I get a different
> exception (Padding octet is less than 1). I blanked at the passwd and salt
> for obvious reasons.
>
> private static char[] passwd = {'x', 'x', 'x', 'x', 'x', 'x', 'x'};
> private static byte[] salt = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
> 0x00};
> private static int iterations = 7; // sounds like a good number of
> iterations to me
>
> private static CryptoToken ct = null;
> private static SymmetricKey sk = null;
> private static EncryptionAlgorithm encAlg = null;
> private static AlgorithmParameterSpec params = null;
>
> static
> {
> try
> {
> CryptoManager cm = null;
> KeyGenerator kg = null;
>
> // If CryptoManger hasn't been initialized, then initialize it
> synchronized(CryptoManager.class)
> {
> try
> {
> cm = CryptoManager.getInstance();
> }
> catch (CryptoManager.NotInitializedException e)
> {
> String classDir = ServerInfo.getINIPath() +
> File.separator;
> CryptoManager.initialize(classDir + "secmod.db",
> classDir + "key3.db", classDir + "cert7.db");
> }
> }
>
> cm = CryptoManager.getInstance();
> ct = cm.getInternalCryptoToken();
>
> kg = ct.getKeyGenerator(PBEAlgorithm.PBE_SHA1_DES3_CBC);
> PBEKeyGenParams pbekgParams = new PBEKeyGenParams(new
> Password(passwd), salt, iterations);
> kg.initialize(pbekgParams);
> sk = kg.generate();
>
> encAlg = PBEAlgorithm.PBE_SHA1_DES3_CBC.getEncryptionAlg();
> if( encAlg.getParameterClass().equals( IVParameterSpec.class ) )
> {
> params = new IVParameterSpec( kg.generatePBE_IV() );
> }
> }
> catch (Exception e)
> {
> }
> }
>
>
>
>
