jQuery in Action, 3rd edition
The moose likes Security and the fly likes Problem encrypting in Triple-DES Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Problem encrypting in Triple-DES" Watch "Problem encrypting in Triple-DES" New topic

Problem encrypting in Triple-DES

Tom Katz
Ranch Hand

Joined: Aug 19, 2002
Posts: 169
Here's my scenario.
* I'm receiving a public RSA key from a C application (using openSSL library)
* I create an RSA key from the bytes I'm getting.
* I use RSA key to encrypt a string (known to the C code), and verify that the encryption works
* I generate a payload(Triple-DES) key, encrypt it using the RSA Key, then send the raw bytes to the C code for use
* C++ code verifies for itself that it can use the tripleDes key created from my bytes to encrypt/decrypt a string
* If everythings succeeded up to this point, I once again encrypt the 'known' data - this time with the triple DES key

Currently when the C code receives my triple-DES encrypted known data, it's the right length, but when it uses the key it created earlier from my bytes to do the decryption, the known data's not there. I may be missing something basic about the key exchange, but I've yet to catch it. I've tried both instantiating the desEde key as a Key and SecretKey. Am I correct that I can be using just one desEde key for everything? Or at least to encrypt the data?
(NOTE: All the stuff that I need to do from java has already been done in a C++ client using Crypto5.1, and I'm getting what I can from that code...)

The C code is expecting a 32-byte array with which to construct the TripleDES(DesEde) Key for use. I havent found the exact C++ client code that encodes the 32 byte array (not for lack of looking).

I went with what seemed the standard procedure, constructing the 32 byte[] the Triple-Des key's first 16 bytes. Here's how I coded it:

All desKeyBytes = 7af82094eaf8a2a28345b3a29152d38c7af82094eaf8a2a2
first 16 bytes = 7af82094eaf8a2a28345b3a29152d38c
desKeyBytes = 070a0f08020009040e0a0f080a020a02080304050b030a02090105020d03080c

Here's how I (try to) encrypt the known data (a String - length=61). The EncodedBuffer class is one thats used for writing/reading bytes, and it works plenty of other places in the code, so I'm reasonably certain it works just fine.

paddedBytes = 3
encryptedLen = 64
plain text, x 0= XXXXXXXX
plain text, x 8= XXXXXXXX
plain text, x 16=XXXXXXXX
plain text, x 24=XXXXXXXX
plain text, x 32=XXXXXXXX
plain text, x 40=XXXXXXXX
plain text, x 48=XXXXXXXX
encryptedBuffer.getNumberOfBytesInput = 56
paddingBuffer.getNumberOfBytesInput = 5
padChar = 3
padded buffer = XXXXX
paddingBuffer.getNumberOfBytesInput = 8
encryptedBytes.length = 8
Tom Katz
Ranch Hand

Joined: Aug 19, 2002
Posts: 169
one correction, the 4th * at top of post should read 'The C code', not C++.

And they didnt transfer over when I copied, but there are three byte indicators in this line of the output:

padded buffer = XXXXX***

...representing the padding
Tom Katz
Ranch Hand

Joined: Aug 19, 2002
Posts: 169
Well, I also tried encoding those 24 bytes in base64 (didnt work) and adding an 8Byte Initialization Vector to the bytes (while using same IV to initialize the cypher) - once again, didnt work.

Man, I just wish everything was written in java, would make this so much easier!!!
Tom Katz
Ranch Hand

Joined: Aug 19, 2002
Posts: 169
aHA! Needed to be using a cypher in CBC mode, not ECB. Pretty sure that was my whole problem.
I agree. Here's the link: http://aspose.com/file-tools
subject: Problem encrypting in Triple-DES
It's not a secret anymore!