Jamie,
Thanks for your help. Changed to DES3_CBC_PAD and it still was having
problems (but I like the fact that I don't have to do the padding now).
Found out that the way I was passing my encrypted string back from my
encrypt method (by converting a byte array to String) was the problem.
Apparently the String constructor that accepts a byte array has changed
behavior with JSE 1.3 (or else the default charset is different). Here's my
code (with salt and password nulled out for obvious reasons) and it works
now.
import com.netscape.jss.crypto.*;
import com.netscape.jss.*;
import com.netscape.jss.pkcs7.*;
import com.netscape.jss.util.*;
import java.security.spec.AlgorithmParameterSpec;
import java.io.*;
public class UtilTester extends Thread implements Runnable
{
// The following 3 variables are used to generate the encryption key
private static char[] passwd = {'x', 'x', 'x', 'x', 'x', 'x', 'x'};
private static byte[] salt = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00};
private static int iterations = 7; // sounds like a good number of
iterations to me
private static CryptoToken ct = null;
private static SymmetricKey sk = null;
private static EncryptionAlgorithm encAlg = null;
private static AlgorithmParameterSpec params = null;
static
{
try
{
CryptoManager cm = null;
KeyGenerator kg = null;
// If CryptoManger hasn't been initialized, then initialize it
synchronized(CryptoManager.class)
{
try
{
cm = CryptoManager.getInstance();
}
catch (CryptoManager.NotInitializedException e)
{
CryptoManager.initialize("secmod.db", "key3.db",
"cert7.db");
}
}
cm = CryptoManager.getInstance();
ct = cm.getInternalCryptoToken();
kg = ct.getKeyGenerator(PBEAlgorithm.PBE_SHA1_DES3_CBC);
PBEKeyGenParams pbekgParams = new PBEKeyGenParams(new
Password(passwd), salt, iterations);
kg.initialize(pbekgParams);
sk = kg.generate();
encAlg = EncryptionAlgorithm.DES3_CBC_PAD;
if( encAlg.getParameterClass().equals( IVParameterSpec.class ) )
{
params = new IVParameterSpec( kg.generatePBE_IV() );
}
}
catch (Exception e)
{
}
}
public static String encryptString(String str)
{
try
{
Cipher cipher = ct.getCipherContext(encAlg);
cipher.initEncrypt(sk, params);
byte[] encrypted = cipher.doFinal(str.getBytes());
printBytes("encrypted = ", encrypted);
return new String(encrypted, "iso-8859-1");
}
catch (Exception e)
{
}
return null;
}
public static String decryptString(String str)
{
try
{
Cipher cipher = ct.getCipherContext(encAlg);
cipher.initDecrypt(sk, params);
byte[] decrypted = cipher.doFinal(str.getBytes("iso-8859-1"));
printBytes("decrypted = ", decrypted);
return new String(decrypted);
}
catch (Exception e)
{
}
return null;
}
static public String byteToHex(byte b) {
// Returns hex String representation of byte b
char hexDigit[] = {
'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f'
};
char[] array = { hexDigit[(b >> 4) & 0x0f], hexDigit[b & 0x0f] };
return new String(array);
}
public static void printBytes(String name, byte[] array)
{
System.out.print(name);
for (int k = 0; k < array.length; k++)
System.out.print("0x" + byteToHex(array[k]) + "'");
System.out.println("");
}
public static void main(String args[])
{
String str = "this is a test of the emergency broadcasting system";
String encrypted = encryptString(str);
String decrypted = decryptString(encrypted);
System.out.println(decrypted);
if (decrypted == null || !decrypted.equals(str))
{
System.out.println("encryption failed");
}
}
}
