Hello,
I'm trying to encrypt a few bytes (as a trial run) with the same key
and IV with Blowfish in CBC mode and "standard PKCS" padding using
OpenSSL in a C++ app and also using SUN's Java crypto libraries. The
output ciphertext is different in both places which means that I
cannot get them to interoperate - cannot encrypt in OpenSSL and
decrypt in Java due to a BadPaddingException.
I'm pasting some code below that I've written (minus error checking
etc for brevity) Is there something I can do differently in OpenSSL to
get the same output - perhaps setting the key and IV differently so as
to generate the same output ciphertext as Java is returning?
C++ code using OpenSSL:
unsigned char testplaintext[10] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
unsigned char ciphertext[100] = {0};
int outlen, tmplen;
unsigned char key[56] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,
14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30,
31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47,
48, 49, 50, 51, 52, 53, 54, 55, 56};
unsigned char iv[8] = {1, 2, 3, 4, 5, 6, 7, 8};
EVP_CIPHER_CTX ctx;
EVP_CIPHER_CTX_init(&ctx);
EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv);
EVP_EncryptUpdate(&ctx, ciphertext, &outlen, testplaintext, 10);
EVP_EncryptFinal_ex(&ctx, ciphertext + outlen, &tmplen);
outlen += tmplen;
EVP_CIPHER_CTX_cleanup(&ctx);
// now "ciphertext" contains the output encrypted bytes.
Java code doing the same:
byte[] testplaintext = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10};
byte[] testkey = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49,
50, 51, 52, 53, 54, 55, 56};
byte[] testivbytes = {1, 2, 3, 4, 5, 6, 7, 8};
IvParameterSpec testiv = new IvParameterSpec(testivbytes);
SecretKeySpec testsks = new SecretKeySpec(testkey, 0, 56, "Blowfish");
Cipher testcipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
testcipher.init(Cipher.ENCRYPT_MODE, testsks, testiv);
byte[] testciphertext = testcipher.doFinal(testplaintext);
// now "testciphertext" contains the output encrypted bytes.
When I dump the bytes in the C++ "ciphertext" and Java
"testciphertext" byte arrays they are different. Any suggestions?
Looking through the OpenSSL code, it appears that the key bytes we
pass in are not used directly, rather some extra operations are done
before using it as the key, so maybe that is causing the mismatch in
output ciphertext. Is there a way to force OpenSSL to use the key we
provide unmodified?
Regards,
Vishal
--
"Thou shalt not follow the null pointer for at it's end madness and chaos lie."
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
