aspose file tools*
The moose likes Security and the fly likes Diffie Hellman with DES Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Diffie Hellman with DES" Watch "Diffie Hellman with DES" New topic
Author

Diffie Hellman with DES

Partheban Udayakumar
Ranch Hand

Joined: Jul 04, 2013
Posts: 267

Hi,

I am trying Diffie Hellman key generation with DES encryption. My code is a sample code from exampledepot.8waytrips.com. When I compile it in Java, it works fine but when I generate the key in Java and send it to J2ME, it throws java.security.InvalidKeyException

Key generation code is



I send the byte[] to a servlet and send it to J2ME client with the servlet code below



Key receiving code is


and the encryption is done with the following code



The stack trace is

java.security.InvalidKeyException
at javax.crypto.Cipher.init(), bci=185
at javax.crypto.Cipher.init(), bci=4
- red.DEScrypters.<init>(DESwithDH.java:102)
- red.DESwithDH.connect(DESwithDH.java:79)
- red.DESwithDH.commandAction(DESwithDH.java:63)
at javax.microedition.lcdui.Display$ChameleonTunnel.callScreenListener(), bci=39
at com.sun.midp.chameleon.layers.SoftButtonLayer.processCommand(), bci=62
at com.sun.midp.chameleon.layers.SoftButtonLayer.commandSelected(), bci=14
at com.sun.midp.chameleon.layers.MenuLayer.pointerInput(), bci=150
at com.sun.midp.chameleon.CWindow.pointerInput(), bci=80
at javax.microedition.lcdui.Display$DisplayEventConsumerImpl.handlePointerEvent(), bci=52
at com.sun.midp.lcdui.DisplayEventListener.process(), bci=346
at com.sun.midp.events.EventQueue.run(), bci=130
at java.lang.Thread.run(Thread.java:723)
java.lang.IllegalStateException
at com.sun.midp.crypto.BlockCipherBase.doFinal(), bci=18
at com.sun.midp.crypto.DES.doFinal(), bci=8
at com.sun.j2me.crypto.Cipher.doFinal(), bci=8
at javax.crypto.Cipher.doFinal(Cipher.java:1970)
- red.DEScrypters.encrypt(DESwithDH.java:114)
- red.DESwithDH.connect(DESwithDH.java:80)
- red.DESwithDH.commandAction(DESwithDH.java:63)
at javax.microedition.lcdui.Display$ChameleonTunnel.callScreenListener(), bci=39
at com.sun.midp.chameleon.layers.SoftButtonLayer.processCommand(), bci=62
at com.sun.midp.chameleon.layers.SoftButtonLayer.commandSelected(), bci=14
at com.sun.midp.chameleon.layers.MenuLayer.pointerInput(), bci=150
at com.sun.midp.chameleon.CWindow.pointerInput(), bci=80
at javax.microedition.lcdui.Display$DisplayEventConsumerImpl.handlePointerEvent(), bci=52
at com.sun.midp.lcdui.DisplayEventListener.process(), bci=346
at com.sun.midp.events.EventQueue.run(), bci=130
at java.lang.Thread.run(Thread.java:723)


"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
--- Martin Fowler
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1084
    
  10

That exception will get thrown if sk.length is not equal to 8 !

Note - without even looking at your DH code you have created an insecure system. When you specify

this is equivalent to
ECB mode is insecure.

Note 1 - even more insecure - you are doing all the key generation in the servlet and then passing the key in the clear to the client! What is the point of encryption if you publish the key to the whole world? That is not not not how DH functions. The client and server have a dialogue and both participate in the generation and at no point is anything that cannot be public passed between the client and the server. You need to spend more time reading about DH to make sure you understand it fully! Take a look at this .

Partheban Udayakumar
Ranch Hand

Joined: Jul 04, 2013
Posts: 267

Richard,

I am sorry this took so long to reply but I forgot that I posted this. I saw this when I was going through my profile now. Ya I get it, its very insecure to transfer keys from server to client. Thanks by the way for replying. I am sorry again I took to long to reply.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Diffie Hellman with DES