Hi, Marc, If you download the "not-yet-commons-ssl.jar" I'm working on, you can decrypt your file with the Java code I've included below. I tested using Sun Java 1.4.2. Notice the password in the example:
char[] pwd = "secret".toCharArray(); http://juliusdavies.ca/commons-ssl/download.html Unfortunately the jar file isn't properly setup to stream the decryption. Normally I'm decrypting PKCS #8 RSA Private Keys, and so I always read them into byte[] arrays. If you're decrypting big stuff, this code probably uses a lot of memory. Hopefully this will help get you started! import org.apache.commons.ssl.Util; import org.apache.commons.ssl.DerivedKey; import org.apache.commons.ssl.PKCS8Key; public static void main( String[] args ) throws Exception { FileInputStream fin = new FileInputStream( args[ 0 ] ); byte[] saltLine = new byte[ 16 ]; int[] status = Util.fill( saltLine, 0, fin ); if ( status[ 0 ] != saltLine.length ) { throw new IOException( "couldn't read salt-line from OpenSSL file" ); } byte[] salt = new byte[ 8 ]; System.arraycopy( saltLine, 8, salt, 0, 8 ); char[] pwd = "secret".toCharArray(); byte[] pass = new byte[pwd.length]; for ( int i = 0; i < pass.length; i++ ) { pass[ i ] = (byte) pwd[ i ]; } MessageDigest md5 = MessageDigest.getInstance( "MD5" ); int keySize = 64; DerivedKey dk = PKCS8Key.deriveKeyOpenSSL( pass, salt, keySize, md5 ); PKCS8Key.DecryptResult dr = PKCS8Key.decrypt( "DES", "CBC", dk, false, null, fin ); System.out.println( new String( dr.bytes ) ); } yours, Julius On 12/4/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Mon, Dec 04, 2006, Marc Saegesser wrote: > I have an existing application (which I don't control) that sends me files > that were encrypted using an openssl comand like: > > openssl enc -e -des -pass pass:<passphrase> > > I would like to decrypt these files inside a Java application and generate > response files that the client can decrypt using a similar openssl command. > > I've been trying to figure out how to do this using the javax.crypto API but > so far I haven't had any luck. I know the passphrase used to encrypt the > data but I haven't figured out the right way to use it to generate a key > using javax.crypto that is valid to decrypt the data. > > I'd appreciate any help or pointers Well you have to first implement EVP_BytesToKey() then use that to derive the appropriate DES key and IV based on the salt and passphrase. You are in luck because that function is compatible with PKCS#5 v1.5 when the key size is small enough which it is for DES. You can use the enc debugging options to make sure you get the right key and IV. Then finally use that key and IV to decrypt the data. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
-- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/