• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

how do i get different results for blowfish/ECB/HEX encryption?

 
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am trying to get same result as tool webnet77.
http://webnet77.com/cgi-bin/helpers/blowfish.pl

I am using info for tool-

ALGORITM = "Blowfish";
HEX KEY = "92514c2df6e22f079acabedce08f8ac3";
PLAIN_TEXT = "sangasong@song.com"
Tool returns-
CD3A08381467823D4013960E75E465F0B00C5E3BAEFBECBB

I tried with java code with value -

final String ALGORITM = "Blowfish";
final String KEY = "92514c2df6e22f079acabedce08f8ac3";
final String PLAIN_TEXT = "sangasong@song.com";
byte[] decodedHex = DatatypeConverter.parseHexBinary(KEY);
byte[] keyInBase64 = Base64.decodeBase64(decodedHex);
String meth = hexToString(KEY);

MessageDigest sha = MessageDigest.getInstance("SHA-1");
Key skey = new javax.crypto.spec.SecretKeySpec(raw, "AES");

try {
byte[] encrypted = encrypt(decodedHex, PLAIN_TEXT);
System.out.println( "Encrypted hex: " + Hex.encodeHexString(encrypted));

byte[] encrypted1 = encrypt(keyInBase64, PLAIN_TEXT);
System.out.println( "Encrypted byte64: " + Hex.encodeHexString(encrypted1));

byte[] encrypted2 = encrypt(meth.getBytes(), PLAIN_TEXT);
System.out.println( "Encrypted method: " + Hex.encodeHexString(encrypted2));

} catch (GeneralSecurityException e) {
e.printStackTrace();
}

private static byte[] encrypt(byte[] key, String plainText) throws GeneralSecurityException {

SecretKey secret_key = new SecretKeySpec(key, "Blowfish");

Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, secret_key);

return cipher.doFinal(plainText.getBytes());
}

Result -

Encrypted hex: 525bd4bd786a545fe7786b0076b3bbc2127425f0ea58c29d
Encrypted byte64: 1a2abceed959cef8f5b2dcb668069c1580d736dda0832703
Encrypted method: 2c87b7682091053ad1bdf945368f959b5edf064b58499e18

Please help to get result same as tool.

thanks a lot.
 
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Even though the key string contains only hex characters it turns out that the bytes of the key are NOT obtained by hex decoding but obtained from


P.S. Before posting any code please please please remove redundant code. I spent more time removing the redundant code than I did in finding the solution.
 
sadhna singh
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Richard.
If i do get bytes for key using KEY.getBytes("ASCII");
it fails as illegal key size.

java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)

P.S- On another note there is no redundancy in code. same method called thrice with different key bytes to show how its giving different result.

complete Java Code here---

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;

public class Test{

public static void main(String[] args) throws Exception {
final String KEY = "92514c2df6e22f079acabedce08f8ac3";
final String PLAIN_TEXT = "sangasong@song.com";
byte[] keyBytes = KEY.getBytes("ASCII");

try {

byte[] encrypted = encrypt(keyBytes, PLAIN_TEXT);
System.out.println( "Encrypted hex: " + Hex.encodeHexString(encrypted));

} catch (GeneralSecurityException e) {
e.printStackTrace();
}
}
private static byte[] encrypt(byte[] key, String plainText) throws GeneralSecurityException {

SecretKey secret_key = new SecretKeySpec(key, "Blowfish");

Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, secret_key);

return cipher.doFinal(plainText.getBytes());
}
}
 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
[quote=sadhna singh]If i do get bytes for key using KEY.getBytes("ASCII");
it fails as illegal key size.
[/quote]

That is most likely because you have not installed the Unlimited Strength jars in your JRE. Go to the JDK download page and follow the instructions for installing the Unlimited Strength jars.

You should note that :-

a) The industry standard for block encryption is AES and not Blowfish. One never gets sacked for using the industry standard so unless you re trying to match some legacy system then re-think your use of Blowfish.

b) Your code by default uses ECB block mode and one should never use ECB since it is generally considered insecure in that it allows splicing of cipher text and allows an observer to detect that two bits of ciphertext come from the same cleartext. This applies to any block cipher including AES and Blowfish. One should use one of the feedback block modes such as CBC with a random IV.

c) By defining the key in terms of just ASCII characters you are significantly reducing the search space required to brute force breaking the key.
 
sadhna singh
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks again Richard.
I have installed the Unlimited Strength jars in JRE before posting this question here.

your suggestions are welcomed. but i posted here and need help in solving my problem here.
Agree on all suggestion but real problem is as below so cant change algo or ECB .

a) The industry standard for block encryption is AES and not Blowfish. One never gets sacked for using the industry standard so unless you re trying to match some legacy system then re-think your use of Blowfish.

I agree but unfortunately ,I can not change as client is using it at there end for encryption. they use webnet77 tool and send us the encrypted code and key.
we decrypt at our end. So i am forced to get same output as that tool.


b) Your code by default uses ECB block mode and one should never use ECB since it is generally considered insecure in that it allows splicing of cipher text and allows an observer to detect that two bits of ciphertext come from the same cleartext. This applies to any block cipher including AES and Blowfish. One should use one of the feedback block modes such as CBC with a random IV.

Client send us the Key, mode ECB and encoding HEX.


 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

sadhna singh wrote:
I have installed the Unlimited Strength jars in JRE before posting this question here.



I'm not convinced you have installed the Unlimited Strength jars correctly since I only see and illegal key size exception when I use a JRE without installing the Unlimited Strength jars .

Also, your second code posting has 3 fundamental compilation errors (JDK6, JDK7 and JDK8) .
 
sadhna singh
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
May be not installed correctly.
I have done below step to do so-

1- http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jce_policy-6-oth-JPR
Downloaded the version 6
2- Unzip the downloaded zip
3- Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars were already there so did overwrite them)

I thought IDE will help to do minor imports n fixes. Anyways i have fixed n edited my second code.no more compilation error.
Can we now talk on real problem?
 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What can I say ! After fixing the compilation errors in your latest code it works for me without an exception as long as I have the Unlimited Strength jar installed. If you are working on Windows make sure you do this for both the JDK and the JRE. If you have done this make sure you are using the JRE that you think you are and not some version that does not have the Unlimited Strength jar installed.
 
sadhna singh
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Richard for trying.
may i know what you are getting as result when run the code at your end???

 
sadhna singh
Greenhorn
Posts: 29
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Richard for helping me.

Its working now. and i am getting same result as tool.
I copied the JCE jar files in JDK and JRE both.
 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
[quote=sadhna singh]Thanks Richard for trying.
may i know what you are getting as result when run the code at your end???

[/quote]

I'm getting the value you expected in your OP i.e.
[code=java]
Encrypted hex: cd3a08381467823d4013960e75e465f0b00c5e3baefbecbb[/code]

Note - I get lower case because my hex encoder produces lower case by default.
 
reply
    Bookmark Topic Watch Topic
  • New Topic