Re: Encrypt in Java and decrypt in Openssl (and vice versa)
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> The block size of AES is 128 bits, you therefore need 16 characters or 32 hex digits in the IV. Steve. -- Thanks for the reply, I figured that out earlier too, by re-reading the documentation I have on hand. I always had the impression that if I do in Java Cipher cipher = Cipher.getInstance("AES"); it is equivalent to Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); That is obviously not true. After changing that, that helped a bit. And after changing the IV to 16 bytes, I got something going, . Now, IV is hard-coded to unsigned char * _iv[16]; for (int i = 0; i < 16; i++) _iv[i] = '1' + i; in both Java and C. But it's still not totally right. Encrypted msg (just text) from Java is decoded "almost" correctly. The msg consists of multiple lines of text string, but after decrypting it, the first line always get screwed up and I get garbage. All other lines are decrypted correctly. But encrypted msg from Openssl is decrypted in Java "half correct", meaning that if I have 8 lines of string, I get about 4 lines correct, the others are garbage. And the order is indeterminate, the first line is always screwed up, the second line is ok sometimes, not ok other times. Same for the other lines. I really have no clue why it's like that. I mean, you either decrypt the whole message correctly, or you don't. I really don't understand how did I get "partially correct" decryption :( thanks for all. uw _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Encrypt in Java and decrypt in Openssl (and vice versa)
Thanks for replying. I have been verifying, and re-verifying that my key and IV are in fact the same in both C and Java. The hex printout of the key and IV are exactly the same. Original Text: "This is a test" The hex print of Java cipher text is : 740A5DBD288340D7AC8F9F20587B7F4D And trying the command you gave, here is the result: [EMAIL PROTECTED]:~$ echo -n "This is a test" |openssl enc -aes-128-cbc -K 9d320b14da2485e6dfa1a8eb5f2bd326 -iv 0102030405060708 |od -t x2 000 1e8b b7de 5736 ea6f bf54 1e6f d4d4 4a53 020 The value for -K is the hex printout of the key I used, both in Java and C. the value of -iv is also the hex printout. The result looks quite different, isn't it? Am I missing something? Thanks uw From: Girish Venkatachalam <[EMAIL PROTECTED]> You should take care that the key and IV are indeed same. What I mean by that is that in the C and Java code you should hardcode the actual hex values and it should have the exact length. For instance DES requires 8 byte key and you should hardcode something like this. unsigned char key[8] = {0x12,0x34,0x56,0x78,0x9a,0xbc,0xde,0xff}; Similarly for IV. Make sure you do the right thing for Java also. And the last block will not be decrypted correctly unless you take care to do proper PKCS padding. So don't worry about it. Typical block size is 8 bytes, so first you have to make sure that you get the correct encrypted output. Verify that against the openssl enc command. Print your encrypted output using "%02X" format and try this on the command line. echo -n "something"|openssl aes-128-cbc -K <> -iv <>|od -x od -x prints differently from your hex output as words are reversed but you can easily see the correspondence. Hope this helps. regards, Girish _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Encrypt in Java and decrypt in Openssl (and vice versa)
Hi all, I've been pulling my hair for two days, trying to figure out why a msg encrypted in Java can not be decrypted with Openssl, and vice versa. It'd be very much appreciated if someone could give a hint. Here's the Java code (apologize for that) (no exception handling): byte[] key; // get hard-coded key, 16 bytes SecretKeySpec skeySpec = new SecretKeySpec(key, "AES"); // or "AES/CBC/PKCS5Padding", same result IvParameterSpec ivSpec = new IvParameterSpec("12345678".getBytes()); // Encrypt Cipher cipher; cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec); String clearText = "This is a test"; byte[] ciphertext = cipher.doFinal(cleartext.getBytes()); // ... // Decrypt cipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec); byte[] cleartext = cipher.doFinal(ciphertext); // Here is the C code using Openssl (no error handling): unsigned char * key; // get hard-coded key, 16 bytes unsigned cha * iv; // get hard-coded iv, same as in Java, iv[0] = 49, iv[1] = 50, ... EVP_CIPHER_CTX ctx; // Encrypt unsigned char outbuf[2048]; // should be enough for the work int outlen, tmplen; EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, _key, _iv, ENCRYPT); EVP_CipherUpdate(&ctx, outbuf, &outlen, (unsigned char*)clearText, len); EVP_CipherFinal_ex(&ctx, outbuf + outlen, &tmplen); outlen += tmplen; // ... //Decrypt EVP_CipherInit_ex(&ctx, EVP_aes_128_cbc(), NULL, _key, _iv, DECRYPT); EVP_CipherUpdate(&ctx, outbuf, &outlen, (unsigned char*)cipherText, len); EVP_CipherFinal_ex(&ctx, outbuf + outlen, &tmplen); outlen += tmplen; // ... The problem is, I can't decrypt what is encrypted in Java. And in Java, I can't decrypt what is encrypted from Openssl. Java reported a "Pad block corrypted" error. I'd like to know which parameter did I set wrong? The key and IV are the same, hard-coded for the purpose of testing. Thanks in advance for any help. uw _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Question about password-based encryption key generation
Never mind, I found the function PKCS5_PBKDF2_HMAC_SHA1(). Hi, Could someone point me to an example on how to generate encryption from password using Openssl? I have a java application that uses HmacSHA to generate encryption key from a password, and the encrypted msg is send to the C application. Both Java and C apps shared the same password and salt, and the Java app is using AES/128/CBC to do the encryption. I just want an example on how to generate key using Openssl, especially on how to get to same result as in Java. Thanks in advance for any hint. _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Question about password-based encryption key generation
Hi, Could someone point me to an example on how to generate encryption from password using Openssl? I have a java application that uses HmacSHA to generate encryption key from a password, and the encrypted msg is send to the C application. Both Java and C apps shared the same password and salt, and the Java app is using AES/128/CBC to do the encryption. I just want an example on how to generate key using Openssl, especially on how to get to same result as in Java. Thanks in advance for any hint. uno _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]