I'm converting a project written in C++ that uses the Windows Crypto API to Java. I downloaded the crypto jar from bouncycastle.org and it works great within Java but I'm having problems when unittesting the decryption within Java of a C++ encrypted string. Does anyone have any pointers at web sites / books that cover this type of conversion effort?
The C++ code uses RC4. The encrypted data is actual hex-encoded (that's what the hexStringToByteArray call is all about). The Java code to decrypt looks like this :
The problem is that the C++ code generates an encrypted string that is different from the bouncycastle given the same input string and key. The MD5 hash between the two code bases are identical. I'm not sure whether the cipher text (session key) produced by :
<code> KeyParameter keyParambc = new KeyParameter(hash); </code>
in C++ are actually producing something that is the same length. I think that may be the problem. In the Java code I can do :
<code> keyParambc.getKey().length; </code>
to determine the length of the cipher text but I can't figure out how to do the same thing via Microsoft's Crypto API. I'm assuming that this is the issue but, in any case, the C++ code generates an encrypted string that is different from the bouncycastle given the same input string and key.
Joined: Oct 27, 2005
Well, the solution was certainly odd. I'm not sure why but the Microsoft CryptoAPI discards a number of the bytes in the hash. If I do the following in the Java code :
That is, just use the first 5 bytes of the generated hash and zero out the remainder then I get the same encrypted string in Java that I get in the C++ code. I need to test some more to verify but that appears to work.