This week's book giveaway is in the Mac OS forum.
We're giving away four copies of a choice of "Take Control of Upgrading to Yosemite" or "Take Control of Automating Your Mac" and have Joe Kissell on-line!
See this thread for details.
The moose likes Security and the fly likes Rijndael with a 256 Keybits Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "Rijndael with a 256 Keybits" Watch "Rijndael with a 256 Keybits" New topic
Author

Rijndael with a 256 Keybits

amol gholap.rock
Greenhorn

Joined: Feb 16, 2011
Posts: 12
Please help me for
Rijndael Encryption Algorithm with 256 Keybits
Am not getting any proper doc on the sites

Thanks in advance.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42047
    
  64
Rijndael is now called "AES". See the SecurityFaq for some links around that.


Ping & DNS - my free Android networking tools app
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1064
    
  10

Do you mean AES rather than Rijndael ? AES implements a 'subset' of Rijndael allowing a 128 bit block size and 128, 256 or 384 bit key. It is common in the literature to refer to Rijndael when AES is actually meant.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1064
    
  10

Richard Tookey wrote:Do you mean AES rather than Rijndael ? AES implements a 'subset' of Rijndael allowing a 128 bit block size and 128, 256 or 384 bit key. It is common in the literature to refer to Rijndael when AES is actually meant.


Correction : Silly me - 128, 192 and 256 bit keys !!!
amol gholap.rock
Greenhorn

Joined: Feb 16, 2011
Posts: 12
Yes i mean AES-Rijndael

Its requirement in my project to encrypt the text by using given public key assigned to you.
Use Rijndael Encryption
Algorithm with 256 Keybits
for encrypting XML.


I have written the sample xml (or text to be encrypted) and expected output for the file below which is provided by My supplier.
this what i want to do as this is the requirement in my project.
But am not able to encrypt the same in as given in encrypted form.
Please help to encrypt the code.

The text or xml is as below-

<?xml version="1.0" encoding="utf-8" ?><policy><identity><sign>b4e412a4-0cb7-49e5-a6b0-51e67f3b66b2</sign><branchsign>c1e3d1f6-916a-456e-957c-b1fdf484d33b</branchsign><username>Dummy_TA</username><reference>81aa151f-a8a4-4fda-9419-d38c235f826d</reference></identity><plan><categorycode>6B123144-2E3A-490E-BAEB-B59F09327B7C</categorycode><plancode>87e831b3-16be-49c9-994d-c2b52e9af113</plancode><basecharges>382</basecharges><riders><ridercode percent=""></ridercode></riders><totalbasecharges>382</totalbasecharges><servicetax>8</servicetax><totalcharges>390</totalcharges></plan><traveldetails><departuredate>24-NOV-2012</departuredate><days>6</days><arrivaldate>29-NOV-2012</arrivaldate></traveldetails><insured><passport>555</passport><contactdetails><address1>test</address1><address2>test</address2><city>test</city><district>test</district><state>test</state><pincode>400709</pincode><country>test</country><phoneno>45455</phoneno><mobile>9898986532</mobile><emailaddress>abc@abc.com</emailaddress></contactdetails><name>Amol</name><dateofbirth>20-Aug-1984</dateofbirth><age>28</age><trawelltagnumber /><nominee>self</nominee><relation /><pastillness /></insured><otherdetails><policycomment /><universityname /><universityaddress /></otherdetails></policy>

the encrypted text is-
correct output-

iCpAyJIGfdMZI1NeON3mdj8OFz7xr1x4KskY1YPSopb49O7YUTqbCY8OGmw+vc1wKkA7W491JEvClc6y3/fbvIeT4ggQoRvYPEKE92EevkcLFAd6R8vUuP2V2L2lIcIDdDjSSTULK7pXERV2PX/LiHOSp2bD1eeJ1M72e0toXOSknte2oX80Zvo9KHDUtzB735M0pM8ziRgvBD/L4tq6u60FMxnPT5D0vH7bVVOHeJshgoKmYLRwZPNkcmMbIFAe7l+LAMTACgWKAtYWriHPQQjXHypHiFizKe8GR+7pALck7bv7xaCCLWFLRRlU8UqhgfmcZ0nOLzG65xuBeGKGo5ckzPt8K8jUOhARsnI2YRmumLgxrBW5SAhky7oQ+V3+U4Be2P5gJrQd8JJCyEoHtXvg40b5WZ27FPow64zqYpmNJsBCC80VLRlQzrSCjsRB/wsUFJjTZXEZdaCEbG0JaZSYxQKz+nY9Cq+JL+MTcGmCITUI6JiP+KoODvrIAJ4KBMBNGEX9PMqE2W0u8sjOp0dANawNAISObjgMheeO/WwBC7+1yHk0SiF4cdBULXHmhy2Z2M133NCuA23cUtuDQ5Mo4zPWPNW9wMAPuEWT2gBCGEWHINe1kzVUgKBV/YCDpuyTjiVDK86q68WcbfG/A6honRIjeikyB6Xd0Lt4HB5cKGi9ThBYSwLh6Yr1bclSntSJKsI7NWWCcJEV2EaDdvbG1Cjz03EXFHob7ymCliGt2IoYLn+0mpRjQVqazIJa9x8ajlvtcSaaEh6/+A4mvbEWgIBLFBDpXOyeB+k6m0p0cMI8aoQG7OJFcsFI9WAjwsZ+upI3RiEEC6mzThwqt//3TYXAtM9/lX8LHGx07s9K/y234KDTnDvtQ9oxfVgzIf2C1b4rXwnSA1HlySj+0V0btFHMEmMSLtC5LZBzNHXHK5hFd1EtcfnWI7s5mCnCw9KdiLUMUFxfKgE7MuiRdP2Susuo1hmJW1/VNdU6foa1/cdU1y7b5GnEU9BGmK89/FvfRriDhfSD+KFkn3X+v/S8gS++pohzJlj3f1hd/AamyjxUCaFSEVW6g0c0xiKiXbQdh75o5hZ/7LbFfHAWgGYtlnzGjTY594xGWBYmDoQHD5PrN2llheZRDqrQbFrJbLnzRbJ8OXv/zOB4NxjtVyFqG24XPwr5FLoNsi2X6QNpVFjcwTyh+rpvRGrFibgmaSa+AjgGhN82k7bQMZiB4ghBTO6zcM9ZH+NSDgOTwKbc61lkSItPofcI7pgp7/0c43CDnQc3qY8rwgYMFpkrWZ4uL9yv8XZtWVoJG4YyLl7hzxuSKXAH4duVrG1HSgj7wzUtBJ9x5evrhnZHcanI+1LVJK4ZD3kSk53DEgZr48JOROzR5+IpU5NpERbwoOXSykLyE8ZmPNGRNCOSIsNxHhb32FkJLIUJZTgG4vuCmj6f3k+IviwNpDht/KywBw2jommr6uxzkQEkztL55sl+SfZztB5Umg2n7hkeG7EMcJPbtTUb6g1LzOHmOOSTTuitTSe09aS5MiUNTsPOcQEzJYzgNfUsD5LI2LLDbB4XLqLRA8JqK7oxDy2uHnWlP9HsBtiJPi40Vp5paswZ5vW/1vDfsbtGQirrr0t6SCJKo5ix7dPeOYl6HQPku5vVRl7caiGZvHfJoIpuQnsyUR34eIR16f/ihAqyXKzhAHrJH7TYmRXAZSu1W5RDcFGZ8ZAGyCKbmZa0d4aamnim0tDXQLAkmfPsMNKY9x0It0u1H5/PGAcevzedHmzgxXwVPd6E7ZrXFKB4PB7DJkHhuvkWCVj4+y/QfCoR+BspCHYWwa/zlUXjf1f1g6N+ZTpMnP0Rb34vrap/Kte1Hw0RRVqBC1Hw3CDvIbeWsyO6k4m86/tk6hGlZ+eLaC8QsyULRzBlv+J0ZlQwrkmCvLUc3F26S1NdK4kPLPNygftDOXjnCBu7mEt8Ecjou4USk5a7+3fehWweFp4hZIhUFCropg2CNO69bCHMADBHH+X5RYTPYHZxdJvTjLJX1BCww4ly5jOz9/H82OzByOXsuKmy5xGFcarYqILGHbzmxgtAYLMfu11ltNUBoVQhWy+WTlmIBqo/QsmOB/CReHuUQufpVolEOBkVUUgfPh47lVy9s2KXl1JQV1J89tc+/9HwwvBFyv5pnzVJYfLrjMaS3k5pc8pOj5V1HkBfLmM/bCXPDFo+eME8R4KXL03nt39ImLyqxHfaObKmcZ7O37gl3m/5aDkNUdmWTa5gztWcF5HElGxQpR3521sgcgMV8breXf9romEv

Key used is : b4e412a4-0cb7-49e5-a6b0-51e67f3b66b2

the encrypted output given by my supplier which is correct but am not able to encrypt the file with the same output am getting different out put which is as below-
Incorrect output-

jxbnIyRUpxt7qgMITfsFtbPzKTeYmEbIrX7rtkhTQjYV0bdTgsCUQyUA0wQWV3QQuMZhXhxbWJX9
aE2UhvKbSWXCBoKlzaBnccqiO5PcfQUVpleBsUSOJwdf5S0U25onhR6kMHpzjMhdk8X2+DFkx73W
aPIE3G/2Vqpl0m7hoLqq+/Vun3+68VClLlInSAa286Gzj69GEEuXeSSQXlj0BK3SUIG8BQuj5zkD
b91wAALnyXFzNDd8COBiidP1lmf1+xvf/eyz8OkFLUoDTQqOjxf18dRpy4t1J6E7fma+lMJQcAeT
Woout3Uol/YrlifGe3dqnVs0Wc9rnARHbTNB3ChtUjBNbuG2kaGpFbp90FsYnW7mKE0tb7kkbCz2
37mY5q7oEw6sUgcXYfjzQnV2WYjMcEmIAxzdqYBWESb2dFsVCmSGNVx7uaMdFIYEUy2QGFqum3RR
7NiCrOQbiGBQzYhC7pvqDro/yg2dg6ngY27OF9ZOGEY1xhC6n26pre4QJfnNG4RJFJnbiJMTXoQW
vBN882BbP6K01k0tyyHRfdOMgpQY8Px34pz7O7hIeYqBUYbC4bUXq1f4og1iBsFwacTrRwkmESQQ
KkClriHifUeyLyZ7l8FzBLyewA86iJ15lptdiTVFjp5ci8ojpV1NW1HJqJKNNnyA/M85Toh14GNx
WyheXuyuUfqkPkXGxAFKSvrFWcwzkFVDAuOHyH7WwfhgQEPy2bQ4bwEYtJlcZ1HJ3ezo2Z4ddsli
+4KsGtSf/JLeRPMg0qCWfYCxO9+bNUn12QqXfFpJN8qFKy5NxizV3K11M/dWxZLLH4reEEWi7fhl
7Du+B2BC4Nsnap57MmmAitE137kPeMGakLwSeDqY6bvVD7kHH68X4dPjpl2pTgZxhexu+kzXreT9
HrxoHWA8+2sD0nsdW+LiAqD8FhFOZ2ARiqN5JFFwpO07DwE7E8W0eRDBZZ3lJ1IEeRF8Gb0mXoNu
dztqhrzoFwYcN1S84BVkVXOiIlFMbiV0IpBkMxJjDOQZTuF1K+3rKoEd0EFyp0R0RkYw7uRFpYBN
swG24RXrSg10AJeYDX7eI12MQHxuYdOJjJI1NKMsEpeE4YX29xJYs0a3Whem8FHwlShQN562H827
il6+ITsfqKGYC4KQosS9cQDwdH1Qqp1NAGlAa5vk7Vbgi169hjSY03cw3F7mwUbyrwClC2+hrLLN
ikyI5RAu+h+lRBSE8G+HWocr4nFaks0LE3DWEtkpvbV9gx/Uj6M327W6+q1/9qZfDLIacuiFox/5
73s/BMto4qclt4a2BlIbTGVVNN2h6Sq7R2UCVUnRIrrE5zWTNvUHWJYrygGc634rfY+LTECIjswW
Rbsyy85t46cG4yrytx6ved+8kkxOFvkq++cgQkrug1RH9wkLfYM+1NZ7ZLoXIfq+XD0uulXkzVxX
vPdlVJUzu5sQjr5h35wn86mwbougO5Lh0eyI1fGk9Bc2nMgJo22OBfOx1/ItTZPcAmQH/hSMjCBs
Ej6KjiYduKFYJIGj5LniOMTIWJTKjNO0yAd5LQwg5hW8aAd4FWDu45sPO44Z4Jcd3mUkae5cLfjU
m8qqorZRpaTYcwggEKTTkQFaccPkMbxKhx+Yx0nkVSaGvVA8+KrfcRBZV+kxRR7eyxf9IuO4eKC2
EBA/clbmk4z53w==

Please advise me.

Thank you very much.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1064
    
  10

The only logical way I can conceive of making that key 256 bits is if I remove the '-' chars and convert the resulting 32 characters to bytes. Since all the characters, other than the '-', are in the set [0-9a-f] you would have a key entropy no greater than 128 bits so an effective key length of no greater than 128 bits which defeats the object of using AES 256 in the first place !

Your supplier must have given you more information (block mode, padding, how to convert the key string to key bytes etc) and without this and a view of your code I would need to do significant detective work to stand a chance of finding a solution to the problem. Since you are getting paid for this and not me I'm not willing to put in the effort.


P.S. I note that your decrypted result has been Base64 encoded which can't possibly be required.
amol gholap.rock
Greenhorn

Joined: Feb 16, 2011
Posts: 12
Hi,

I have the code but its given in VB language..

i am the java guy ,dont have the knowledge of VB.
and my application is in JAVA.
amol gholap.rock
Greenhorn

Joined: Feb 16, 2011
Posts: 12
At least give me some standard code with (Rijndeal Algo)256 keybit ,so that i can proceed.or any ref site if you can.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1064
    
  10

amol gholap.rock wrote:Hi,

I have the code but its given in VB language..

i am the java guy ,dont have the knowledge of VB.
and my application is in JAVA.


I can read VB so post the VB and your Java code.

I have spend quite a lot of time making Java encryption compatible with .NET encryption. The Microsoft libraries have some esoteric peculiarities when it comes to key generation and most of the time that is where the major problem is.
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1064
    
  10

amol gholap.rock wrote:At least give me some standard code with (Rijndeal Algo)256 keybit ,so that i can proceed.or any ref site if you can.


There is no standard code since everything depends on the other algorithms used with your basic AES code. I have run 4 different key derivations from your key string and none of them give any hint of being correct. I need to see both your Java and VB to help any further.
amol gholap.rock
Greenhorn

Joined: Feb 16, 2011
Posts: 12
Please have the VB code as below-

amol gholap.rock
Greenhorn

Joined: Feb 16, 2011
Posts: 12
Please note the above code will produce the proper output.

And am trying to convert the same in java but yet not successful.

Thanku..
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1064
    
  10

This is like extracting teeth without an anaesthetic ! That VB looks to be just a library that primarily wraps parts of the .NET crypto library. You have not showed either the VB test harness that uses that to create your ciphertext (you do have one don't you?) or the Java you have written to try to emulate the VB test harness and decrypt the ciphertext.

I suspect I am wasting my time but one last try. The devil is in the detail and until I know exactly how you are using that library I can't help.



Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1064
    
  10

I have done 95% of the work for you. The 256 bit key bytes are obtained by using the ASCII bytes of the key string truncated to a length of 32 bytes (the last 4 chars are not used), CBC block mode is used and PKCS5Padding is used. You need therefor to create a cipher of "AES/CBC/PKCS5Padding". The last 5% is to find the IV to use. I assumed it would be the default set in the VB you provided but it isn't.

I have now done 99% of the work for you. The IV is the ASCII bytes of the string "KHO031720" padded with zeros to the block size (16 bytes).

All you have to do is to modify your Java to reflect all of this.

Note - using CBC with a fixed IV has a security flaw because it means that a particular cleartext will always produce the same ciphertext. It is better to use a random IV and to prefix the ciphertext with this random IV. This will produce a different ciphertext for each value of IV and an observer will not be able to deduce from the ciphertext that the same cleartext is being encrypted. The IV does not have to be kept secret.

Note 2 - since the key string is truncated to 32 bytes and assuming that for all 32 bytes only the characters 0-9, a-f and - are allowed then your maximum effective key length is 131 bits !

Note 3 - The cleartext you published is not compatible with the ciphertext. The decrypted XML is formatted/indented on multiple lines but that you posted is just one line without any formatting.
 
GeeCON Prague 2014
 
subject: Rijndael with a 256 Keybits