This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Security and the fly likes 2-key TDES and Java Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "2-key TDES and Java" Watch "2-key TDES and Java" New topic
Author

2-key TDES and Java

Filippo La Torre
Greenhorn

Joined: Jun 01, 2012
Posts: 6
Hi,

someone can tell me what to read or how to set up a 2-key TDES with two keys of 16 bytes with java?

thanks
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18756
    
  40

Filippo La Torre wrote:
someone can tell me what to read or how to set up a 2-key TDES with two keys of 16 bytes with java?



First, DES keys are only 56 bits long, and at 7 bits per byte, it is 8 bytes long. Triple DES, or 3DES, keys are three times longer, so hence, it is 24 bytes long.

"2-key triple DES" is 3DES with only 2 DES keys. How is this done? Simple. Key one is equal to key three. Meaning the key is still three times longer, but the last 8 bytes (of the 24 bytes) is the same as the first 8 bytes. The actual unique key is only 16 bytes long.


Java encryption .... http://docs.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html ... support 3DES with three keys, so if you want two key triple DES, you will need to take the 16 bytes and generate the 24 byte 3DES key, by duplicating the first eight bytes.

Henry

Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
Filippo La Torre
Greenhorn

Joined: Jun 01, 2012
Posts: 6
If I have two keys of 16 bytes, for example:

1) a123b456c789d000

2) zxcasdqwe123vbn0

I didn't understand how these become of 24 bytes

Thanks
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18756
    
  40

Filippo La Torre wrote:If I have two keys of 16 bytes, for example:

1) a123b456c789d000

2) zxcasdqwe123vbn0

I didn't understand how these become of 24 bytes

Thanks



Your second example doesn't make sense. Are you using string characters? If no, what base are you in -- as hexadecimal digits are only in the 0-9 and a-f range. Your first example, however, looks like a valid hexadecimal number (and it is eight bytes long).


Anyway, to answer your question....

As mentioned, triple DES uses DES keys, which are 56 bits long, or 8 bytes long (as one bit of each byte isn't used). If you want Triple DES with only two DES keys, you need to create the 24 byte key (needed by the java triple DES implementation) as follows....

k1) a1 23 b5 56 c7 89 d0 00

k2) b7 35 78 dc ff d4 f7 89

K = k1 k2 k1 = a1 23 b5 56 c7 89 d0 00 b7 35 78 dc ff d4 f7 89 a1 23 b5 56 c7 89 d0 00

Henry


Note: DES keys chosen randomly as examples -- no checking to confirm that the keys have correct parity, and hence, valid.

Filippo La Torre
Greenhorn

Joined: Jun 01, 2012
Posts: 6
Yes it's a hexadecimal sorry for the second key error.
I have now understand how create the 24 byte key.
Thanks!

But i don't understand how to use the key K with java Triple DES. I have read http://docs.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html, but i don't understand.
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18756
    
  40

Filippo La Torre wrote:Yes it's a hexadecimal sorry for the second key error.
I have now understand how create the 24 byte key.
Thanks!

But i don't understand how to use the key K with java Triple DES. I have read http://docs.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html, but i don't understand.


It is generally a good idea to TellTheDetails. We can't help you if we don't know what you don't understand.

Anyway, if you are looking for coding examples, here are some hints....

1. The triple DES algorithm is called "DESede".
2. The key class is the javax.crypto.spec.SecretKeySpec class, and the interface is the javax.crypto.SecretKey class.
3. The class that does the encryption is the javax.crypto.Cipher class.

So, if you do a javaranch seach, you can get a few examples...

http://www.coderanch.com/forums/jforum?module=search&action=search&forum=65&match_type=all&sort_by=time&search_keywords=DESede+SecretKey+Cipher

When I did the search, I got...

http://www.coderanch.com/t/567908/Security/Length-Encrypted-String-Longer-than
http://www.coderanch.com/t/424015/Security/Triple-Des-Pin-Encryption
http://www.coderanch.com/t/420261/Security/InvalidKeyException-DES

which seems to have examples that you can use.

Henry


Filippo La Torre
Greenhorn

Joined: Jun 01, 2012
Posts: 6
Sorry if I do not write clearly what is the problem, but I am new to the field of encryption / decryption.
Meanwhile, thanks for the help.
I wrote this class for tests.



SHAREDKEY is k1+k2+k3, k1=k3. It's hexadecimal format. k1+k2+k3 = 24 bytes.

I have a string in hexadecimal format, that is "crypted" and i want to decrypt to plain text form that is "plainText" and it's also hexadecimal. I have an error javax.crypto.BadPaddingException: Given final block not properly padded.
Filippo La Torre
Greenhorn

Joined: Jun 01, 2012
Posts: 6
I have finally solved.

I post the class to help others people.



Thanks!!!
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18756
    
  40

Filippo La Torre wrote:
I have a string in hexadecimal format, that is "crypted" and i want to decrypt to plain text form that is "plainText" and it's also hexadecimal. I have an error javax.crypto.BadPaddingException: Given final block not properly padded.


The reason you are getting this error is because the default padding requires you to provide a padding buffer -- an array of bytes that will be used as the padding.


Filippo La Torre wrote:I have finally solved.

I post the class to help others people.


Thanks for posting the solution -- but keep in mind that you have to match the mode and the padding with the other side. I am assuming that you have chosen to use Triple DES because you already have encrypted data, or another application that already uses Triple DES. You need to match the other applications mode and padding.

If there isn't another application, and you are writing both sides of the encryption, then I suggest that you use AES instead -- it is technically a stronger algorithm than Triple DES. And it can also take a 16 byte key -- which is much easier to create when you have two 8 byte keys.

Henry
 
wood burning stoves
 
subject: 2-key TDES and Java