Hello, I'm trying to encrypt a few bytes (as a trial run) with the same key and IV with Blowfish in CBC mode and "standard PKCS" padding using OpenSSL in a C++ app and also using SUN's Java crypto libraries. The output ciphertext is different in both places which means that I cannot get them to interoperate - cannot encrypt in OpenSSL and decrypt in Java due to a BadPaddingException.
I'm pasting some code below that I've written (minus error checking etc for brevity) Is there something I can do differently in OpenSSL to get the same output - perhaps setting the key and IV differently so as to generate the same output ciphertext as Java is returning? C++ code using OpenSSL: unsigned char testplaintext[10] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}; unsigned char ciphertext[100] = {0}; int outlen, tmplen; unsigned char key[56] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56}; unsigned char iv[8] = {1, 2, 3, 4, 5, 6, 7, 8}; EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); EVP_EncryptUpdate(&ctx, ciphertext, &outlen, testplaintext, 10); EVP_EncryptFinal_ex(&ctx, ciphertext + outlen, &tmplen); outlen += tmplen; EVP_CIPHER_CTX_cleanup(&ctx); // now "ciphertext" contains the output encrypted bytes. Java code doing the same: byte[] testplaintext = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}; byte[] testkey = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56}; byte[] testivbytes = {1, 2, 3, 4, 5, 6, 7, 8}; IvParameterSpec testiv = new IvParameterSpec(testivbytes); SecretKeySpec testsks = new SecretKeySpec(testkey, 0, 56, "Blowfish"); Cipher testcipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); testcipher.init(Cipher.ENCRYPT_MODE, testsks, testiv); byte[] testciphertext = testcipher.doFinal(testplaintext); // now "testciphertext" contains the output encrypted bytes. When I dump the bytes in the C++ "ciphertext" and Java "testciphertext" byte arrays they are different. Any suggestions? Looking through the OpenSSL code, it appears that the key bytes we pass in are not used directly, rather some extra operations are done before using it as the key, so maybe that is causing the mismatch in output ciphertext. Is there a way to force OpenSSL to use the key we provide unmodified? Regards, Vishal -- "Thou shalt not follow the null pointer for at it's end madness and chaos lie." ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]