aspose file tools*
The moose likes Security and the fly likes 3des : password encrypted in oracle and is that encrypted password can be decrypt in java? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "3des : password encrypted in oracle and is that encrypted password can be decrypt in java?" Watch "3des : password encrypted in oracle and is that encrypted password can be decrypt in java?" New topic
Author

3des : password encrypted in oracle and is that encrypted password can be decrypt in java?

madhurao rao
Greenhorn

Joined: Mar 28, 2014
Posts: 1

Hi I am new to Cryptography, I have question in triple des(3des): encryption is done in Oracle function DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt , is that possible I can decrypt same in using java API.
I have only key and encrypted password to decrypt. I have tried couple of examples, when I decrypt in java , Ii am getting different value.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41839
    
  63
This should help: http://www.java2s.com/Code/Java/Security/TripleDES.htm


Ping & DNS - my free Android networking tools app
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1057
    
  10

There are several possible problem with the example that Ulf has referenced. It uses a random key and not one specified by the user. It assumes ECB block mode but the Oracle documentation does not say what block mode is used. It uses PKCS5 padding and there is no mention of padding used in the Oracle documentation.

Generating an appropriate SecretKey from a given set of bytes or even a String is not normally that difficult. The padding can be handled by constructing a decryption Cipher set for NoPadding and then looking a the decrypted data to see what padding has been applied. The difficult problem is likely to be deciding which block mode is used and then, if one of the feedback modes, then what IV has been used. My bet is that the block mode is either ECB or CBC and if CBC then the IV is probably all zeros.

I enjoy this sort of puzzle. If you can publish a key (obviously not your real important secret key) and some ciphertext created using that key then I will have a go at working out what parameters have been used. Publishing the associated cleartext would definitely speed up the process.

Please note - since both ciphertext and key bytes are normally binary data in order to publish the them you will need to encode them with something like base64 or Hex.

Edit: Looking once more at the Oracle documentation I see that an IV is required so one of the feedback block modes is being used. This is most likely to be CBC.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: 3des : password encrypted in oracle and is that encrypted password can be decrypt in java?