This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Hi I am new to Cryptography, I have question in triple des(3des): encryption is done in Oracle function DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt , is that possible I can decrypt same in using java API.
I have only key and encrypted password to decrypt. I have tried couple of examples, when I decrypt in java , Ii am getting different value.
There are several possible problem with the example that Ulf has referenced. It uses a random key and not one specified by the user. It assumes ECB block mode but the Oracle documentation does not say what block mode is used. It uses PKCS5 padding and there is no mention of padding used in the Oracle documentation.
Generating an appropriate SecretKey from a given set of bytes or even a String is not normally that difficult. The padding can be handled by constructing a decryption Cipher set for NoPadding and then looking a the decrypted data to see what padding has been applied. The difficult problem is likely to be deciding which block mode is used and then, if one of the feedback modes, then what IV has been used. My bet is that the block mode is either ECB or CBC and if CBC then the IV is probably all zeros.
I enjoy this sort of puzzle. If you can publish a key (obviously not your real important secret key) and some ciphertext created using that key then I will have a go at working out what parameters have been used. Publishing the associated cleartext would definitely speed up the process.
Please note - since both ciphertext and key bytes are normally binary data in order to publish the them you will need to encode them with something like base64 or Hex.
Edit: Looking once more at the Oracle documentation I see that an IV is required so one of the feedback block modes is being used. This is most likely to be CBC.