I have no idea if your C++ code is correct, but I wrote some java code the correctly does that java side. Download "not-yet-commons-ssl.jar" and try this utility class: org.apache.commons.ssl.OpenSSL
Here are the instructions to use it: http://juliusdavies.ca/commons-ssl/pbe.html In your case probably something like this will work: byte[] encrypted = OpenSSL.encrypt("bf-cbc", key, iv, data); yours, Julius On Sun, Apr 27, 2008 at 10:50 PM, Vishal Rao <[EMAIL PROTECTED]> wrote: > Hello, > > I'm trying to encrypt a few bytes (as a trial run) with the same key > and IV with Blowfish in CBC mode and "standard PKCS" padding using > OpenSSL in a C++ app and also using SUN's Java crypto libraries. The > output ciphertext is different in both places which means that I > cannot get them to interoperate - cannot encrypt in OpenSSL and > decrypt in Java due to a BadPaddingException. > > I'm pasting some code below that I've written (minus error checking > etc for brevity) Is there something I can do differently in OpenSSL to > get the same output - perhaps setting the key and IV differently so as > to generate the same output ciphertext as Java is returning? > > C++ code using OpenSSL: > > unsigned char testplaintext[10] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}; > unsigned char ciphertext[100] = {0}; > int outlen, tmplen; > > unsigned char key[56] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, > 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, > 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, > 48, 49, 50, 51, 52, 53, 54, 55, 56}; > unsigned char iv[8] = {1, 2, 3, 4, 5, 6, 7, 8}; > > EVP_CIPHER_CTX ctx; > EVP_CIPHER_CTX_init(&ctx); > EVP_EncryptInit_ex(&ctx, EVP_bf_cbc(), NULL, key, iv); > EVP_EncryptUpdate(&ctx, ciphertext, &outlen, testplaintext, 10); > EVP_EncryptFinal_ex(&ctx, ciphertext + outlen, &tmplen); > outlen += tmplen; > EVP_CIPHER_CTX_cleanup(&ctx); > > // now "ciphertext" contains the output encrypted bytes. > > Java code doing the same: > > byte[] testplaintext = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}; > byte[] testkey = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, > 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, > 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, > 50, 51, 52, 53, 54, 55, 56}; > byte[] testivbytes = {1, 2, 3, 4, 5, 6, 7, 8}; > IvParameterSpec testiv = new IvParameterSpec(testivbytes); > SecretKeySpec testsks = new SecretKeySpec(testkey, 0, 56, "Blowfish"); > Cipher testcipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); > testcipher.init(Cipher.ENCRYPT_MODE, testsks, testiv); > byte[] testciphertext = testcipher.doFinal(testplaintext); > > // now "testciphertext" contains the output encrypted bytes. > > When I dump the bytes in the C++ "ciphertext" and Java > "testciphertext" byte arrays they are different. Any suggestions? > > Looking through the OpenSSL code, it appears that the key bytes we > pass in are not used directly, rather some extra operations are done > before using it as the key, so maybe that is causing the mismatch in > output ciphertext. Is there a way to force OpenSSL to use the key we > provide unmodified? > > Regards, > Vishal > > -- > "Thou shalt not follow the null pointer for at it's end madness and chaos > lie." > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > -- yours, Julius Davies 250-592-2284 (Home) 250-893-4579 (Mobile) http://juliusdavies.ca/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]