Get your CodeRanch badge!*
The moose likes Security and the fly likes Encrypt in Java, Decrypt in IBM DataPower Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Encrypt in Java, Decrypt in IBM DataPower" Watch "Encrypt in Java, Decrypt in IBM DataPower" New topic
Author

Encrypt in Java, Decrypt in IBM DataPower

Dana Spice
Greenhorn

Joined: May 29, 2001
Posts: 5
Hello,

I have an interesting problem. My lack of in-depth cryptor knowledge is hurting me here. I am tasked with encrypting some data in a java app and then decrypting that data inside IBM's DataPower SOA appliance. I'm so close I can taste it...I think! Here are the details.

1 - I've created an AES key, and saved a jvm version of it and a non-jvm version of if it (via .getEncoded() for use within DataPower).
2 - I encrypt some test data in the java app using the jvm version of the key. Below is the code I use to encrypt (its a mashup of several methods for pasting convenience):



3 - I upload the non jvm version of the key to DataPower (using the Crypto Shared Secret Key option)

4 - I take the resulting base 64 encoded encrypted value and pass it to DataPower via an XSL stylesheet. The DataPower Decrypt function within the style sheet is as follows:



Now, the decryption works great.....except the first 16 characters are lost. So if the encrypted data is "Hi from the datapower soa appliance", the result from DataPower is "apower soa appliance".

Conversely, if I encrypt data in DataPower and decrypt is in my java app, there are 16 EXTRA characters in front of the decrypted data. It seems like I'm just missing something obvious....anyone have any ideas? If you need more details, please let me know - I'm sure I left some crucial piece of information out while writing this!

Thanks!
greg stark
Ranch Hand

Joined: Aug 10, 2006
Posts: 220
You are close, you are just missing the IV. You have to arrange for its transmission yourself, typically by prepending the cipher with the IV. You need to find out the DataPower side takes an IV also.


Nice to meet you.
Dana Spice
Greenhorn

Joined: May 29, 2001
Posts: 5
Thanks for the information...now I just need to go research what you mean by "IV" and "arrange for its transmission"! I assume you mean the byte array I create in the java portion - that needs to be transmitted with the encrypted data?

Thanks again!
Dana Spice
Greenhorn

Joined: May 29, 2001
Posts: 5
Got it working!

As an FYI, on the java side, after I encrypted the data (cipher.doFinal()) I prepended the resulting byte[] with the iv byte[], then base64 encoded it and sent it along its merry way.

Thanks!
Pat Ana
Greenhorn

Joined: May 13, 2009
Posts: 1
Dana Spice wrote:Hello,

I have an interesting problem. My lack of in-depth cryptor knowledge is hurting me here. I am tasked with encrypting some data in a java app and then decrypting that data inside IBM's DataPower SOA appliance. I'm so close I can taste it...I think! Here are the details.

1 - I've created an AES key, and saved a jvm version of it and a non-jvm version of if it (via .getEncoded() for use within DataPower).
2 - I encrypt some test data in the java app using the jvm version of the key. Below is the code I use to encrypt (its a mashup of several methods for pasting convenience):



3 - I upload the non jvm version of the key to DataPower (using the Crypto Shared Secret Key option)

4 - I take the resulting base 64 encoded encrypted value and pass it to DataPower via an XSL stylesheet. The DataPower Decrypt function within the style sheet is as follows:



Now, the decryption works great.....except the first 16 characters are lost. So if the encrypted data is "Hi from the datapower soa appliance", the result from DataPower is "apower soa appliance".

Conversely, if I encrypt data in DataPower and decrypt is in my java app, there are 16 EXTRA characters in front of the decrypted data. It seems like I'm just missing something obvious....anyone have any ideas? If you need more details, please let me know - I'm sure I left some crucial piece of information out while writing this!

Thanks!


Hi, I need to do the reverse, encrypt in datapower and decrypt in Java

Encrypt in DP
<xsl:param name="dpconfig:algorithm" select="'http://www.w3.org/2001/04/xmlenc#aes128-cbc'" />
<xsl:variable name="cipherstring">
<xsl:value-of select="dp:encrypt-string($algorithm2,'name:ASE128bitkey,$plainText)"/>
</xsl:variable>

Decrypt in Java

get Key:
java.net.URL url =config.getServletContext().getResource("/secreyKey.der");
InputStreamReader inputreader = new InputStreamReader(url.openStream());
BufferedReader input =new BufferedReader(inputreader);
byte[] key=input.readLine().getBytes();

Init Cipher
byte[] ivAES = {(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22};
IvParameterSpec ivspec = new IvParameterSpec(ivAES);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
cipher.init(Cipher.DECRYPT_MODE,skeySpec,ivspec);

Set Encrypt Text
cipher.init(Cipher.DECRYPT_MODE,skeySpec,ivspec); //sun.misc
byte[] = decoder.decodeBuffer( request.getParameter("encryptedText");
cipher.update(decodedVal);
cipher.doFinal();

Getting following exception:

javax.crypto.BadPaddingException: Given final block not properly padded.
Let me know if we need to change anything in dp/java ends




Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39544
    
  27
patana patana wrote:
get Key:
java.net.URL url =config.getServletContext().getResource("/secreyKey.der");
InputStreamReader inputreader = new InputStreamReader(url.openStream());
BufferedReader input =new BufferedReader(inputreader);
byte[] key=input.readLine().getBytes();


Hello "patana patana"-

Welcome to JavaRanch.

On your way in you may have missed that we have a policy on screen names here at JavaRanch. It must consist of a first name and a last name, and not be obviously fictitious. Since yours does not conform with it, please take a moment to change it, which you can do using the "My Profile" link at the top of the page.

As to your question, you can't treat the key as text (which is what you're doing if you use a Reader or Writer with it). It's binary data, so you need to use the ...Stream classes for reading and writing it.


Ping & DNS - updated with new look and Ping home screen widget
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Encrypt in Java, Decrypt in IBM DataPower
 
Similar Threads
BadPaddingException
AES decryption problem
encoding in java and decoding in perl
Triple DES decryption
javax.crypto difficulties