Hello.
First of all: I'm new to stackOverflow and to the subject I'm talking about...
I am trying to avoid the usage of the cryptlib library for TripleDES encryption in my Java application (now i am using AES - to ensure the downward compatibility I also want to be able to decode the strings which were created with the cryptlib library but without the useage of JNI).
But none of the things I tried by now worked for me.
Configuration:
Algorithm: TripleDES
Mode: CBC
Format: CRYPT_FORMAT_CRYPTLIB
The key has a size of 16 byte (which is inconvenient, but BouncyCastle would support it).
And the encrypted data has a size which is not a multiple of 8 (for exmaple 81 byte).
In my wrapper of the library (also in C) the context is created this way:
cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_3DES);
cryptSetAttribute( cryptContext, CRYPT_CTXINFO_MODE, CRYPT_MODE_CBC );
cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_KEY, key, keyLen);
The envelope is created this way:
cryptCreateEnvelope( envelope, CRYPT_FORMAT_CRYPTLIB );
I think the problem is the format (since it is a "cryptlib native" format) - I can not find any description about it in the net...
Currently my best try was this one:
Security.addProvider(new BouncyCastleProvider());
SecretKeySpec keySpec = new SecretKeySpec(KEY.getBytes(), "DESede");
IvParameterSpec iv = new IvParameterSpec(new byte[8]);
Cipher e_cipher = Cipher.getInstance("DESede/CBC/PKCS7Padding", "BC");
e_cipher.init(Cipher.DECRYPT_MODE, keySpec, iv);
byte[] hexdecoded = Hex.decode(ENCRYPTED.getBytes());
byte [] cipherText = e_cipher.doFinal(hexdecoded);
return new String(cipherText);
I also tried different paddings, but I always end in one of these two Exceptions:
- javax.crypto.IllegalBlockSizeException:
data not block size aligned
- javax.crypto.IllegalBlockSizeException:
last block incomplete in decryption
I'm getting a little desperate, so I would be really happy if someone here could help me...
EDIT:
Here is the code for the encryption (CryptData.cpp):
bool CCryptData::encryptData(BYTE *key,int keyLen, BYTE *data, int dataLen, int resultMemSize, BYTE *result, int &resultLen)
{
CRYPT_ENVELOPE cryptEnvelope;
CRYPT_CONTEXT cryptContext;
CRYPT_ALGO cryptAlgo = selectCipher( CRYPT_ALGO_3DES );
int count;
/* Create the session key context. We don't check for errors here since
this code will already have been tested earlier */
cryptCreateContext( &cryptContext, CRYPT_UNUSED, cryptAlgo );
cryptSetAttribute( cryptContext, CRYPT_CTXINFO_MODE, CRYPT_MODE_CBC );
cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_KEY, key, keyLen );
/* Create the envelope, push in a password and the data, pop the
enveloped result, and destroy the envelope */
if( !createEnvelope( &cryptEnvelope ) || \
!addEnvInfoNumeric( cryptEnvelope, CRYPT_ENVINFO_SESSIONKEY,
cryptContext ) )
return( FALSE );
cryptSetAttribute( cryptEnvelope, CRYPT_ENVINFO_DATASIZE, dataLen );
count = pushData( cryptEnvelope, data, dataLen, NULL, 0 );
if( cryptStatusError( count ) )
return( FALSE );
resultLen = popData( cryptEnvelope, result, resultMemSize);
if( cryptStatusError( count ) )
return( FALSE );
if( !destroyEnvelope( cryptEnvelope ) )
return( FALSE );
return true;
}
bool CCryptData::checkErrorStatus(int status, CString function)
{
if( cryptStatusError( status ) )
{
m_lastError = "Error occured in function " + function;
m_lastError += " with StatusCode: " + status;
m_bError = true;
return true;
}
return false;
}
int CCryptData::createEnvelope( CRYPT_ENVELOPE *envelope )
{
int status;
/* Create the envelope */
status = cryptCreateEnvelope( envelope, CRYPT_UNUSED, CRYPT_FORMAT_CRYPTLIB );
if( checkErrorStatus(status, "createEnvelope"))
return false;
return( TRUE );
}
int CCryptData::destroyEnvelope( CRYPT_ENVELOPE envelope )
{
int status;
/* Destroy the envelope */
status = cryptDestroyEnvelope( envelope );
if( checkErrorStatus( status, "destroyEnvelope"))
return false;
return( TRUE );
}
int CCryptData::pushData( const CRYPT_ENVELOPE envelope, const BYTE *buffer,
const int length, const void *stringEnvInfo,
const int numericEnvInfo )
{
int status, bytesIn;
/* Push in the data */
status = cryptPushData( envelope, buffer, length, &bytesIn );
if( cryptStatusError( status ) )
{
printf( "cryptPushData() failed with error code %d, line %d.\n",
status, __LINE__ );
return( status );
}
if( bytesIn != length )
{
printf( "cryptPushData() only copied %d of %d bytes, line %d.\n",
bytesIn, length, __LINE__ );
return( SENTINEL );
}
/* Flush the data */
status = cryptPushData( envelope, NULL, 0, NULL );
if( cryptStatusError( status ) && status != CRYPT_ERROR_COMPLETE )
{
printf( "cryptPushData() (flush) failed with error code %d, line "
"%d.\n", status, __LINE__ );
return( status );
}
return( bytesIn );
}
int CCryptData::popData( CRYPT_ENVELOPE envelope, BYTE *buffer, int bufferSize )
{
int status, bytesOut;
status = cryptPopData( envelope, buffer, bufferSize, &bytesOut );
if( cryptStatusError( status ) )
{
printf( "cryptPopData() failed with error code %d, line %d.\n",
status, __LINE__ );
return( status );
}
return( bytesOut );
}
int CCryptData::addEnvInfoNumeric( const CRYPT_ENVELOPE envelope,
const CRYPT_ATTRIBUTE_TYPE type,
const int envInfo )
{
int status;
status = cryptSetAttribute( envelope, type, envInfo );
if( checkErrorStatus( status, "addEnvInfoNumeric"))
return false;
return( TRUE );
}
CRYPT_ALGO CCryptData::selectCipher( const CRYPT_ALGO algorithm )
{
if( cryptStatusOK( cryptQueryCapability( algorithm, NULL ) ) )
return( algorithm );
return( CRYPT_ALGO_BLOWFISH );
}
EDIT 2:
In comparision it is the same implementation as descripted in this mailing list.
But i want to decode it in Java...
EDIT 3:
I think the problem is, that the encrypted data is enveloped in cryptlib (as seen in the code).
EDIT 4:
I know know that the problem is the enveloping. The cryptlib uses the session key of the created crypt context to envelope the decrypted data in the CRYPT_FORMAT_CRYPTLIB format.
The question now is how to decode the envelope before performing the real decryption.
Any suggestions how i could perform the decoding?