Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4413346

Problem in Encryption and Decryption using Blowfish key

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not an Issue
    • Icon: P3 P3
    • None
    • 1.2.1
    • security-libs



      Name: krC82822 Date: 02/08/2001


      (1.2.2 via JBuilder3 -- see Comments section)
      JCE 1.2.1 (only "1.2.1ea" was available as a valid release value)

      inside getcipher decrypt mode
      Date Wed Oct 11 17:31:11 GMT+02:00 2000
      UserSeedString kasthuripandian
      Original String hhh12345678903
      Encrypted String y?q??ZJo?3

      [I previously submitted this as] Review ID: 110706.
      I think the problem with the padding schema is how to overcome this.

      We found that,using the Blowfish algorithm in JCE1.2.1,
      if we encryt some string and again decrypt that encrypted
      string means it should give the original string,
      but particular strings with particular keysizes are not working.

      try this With JAVA 1.2.2, JCE 1.2.1 ,
       Blowfish algorithm ,keySize 32,String "Bharat"
      Blowfish algorithm ,keySize 128,String "hhh12345678901",String "hhh12345678902",
      String "hhh12345678903",String "hhh12345678904"


      In the above, if we change the keysize means it is working
      I am sending all codes to you please compile and execute the test.java


      *********************************

      .java file of SecurityObject class


      package untitled1;

      import java.util.*;
      import javax.crypto.spec.*;
      public class SecurityObject {
        private SecretKeySpec keySpecs;
        private String userSeedString;
        private Date date;
        public SecurityObject(SecretKeySpec keySpecs , Date date) {
        this.date=date;
        this.keySpecs=keySpecs;
        this.userSeedString= "this object is set by auto";
        }
        public SecurityObject(String userSeedString , SecretKeySpec keySpecs
      , Date
      date) {
        this.date=date;
        this.keySpecs=keySpecs;
        this.userSeedString=userSeedString;
        }

        SecretKeySpec getSecretKeySpec(){
        return keySpecs;
        }

        Date getKeyDate(){
        return date;
        }

        String getUserSeedString(){
        return userSeedString;
        }
        // to be implemented
        String getHexaSceretKey(){
        return "a";
        }

      ********************************
      package untitled1;

      import java.security.*;
      import javax.crypto.*;
      import javax.crypto.spec.*;
      import java.io.*;
      import java.util.*;

      class SecurityClass {

        Provider sunJce ;
        SecurityObject so ;
        KeyGenerator keygen;
        SecretKey secretkey ;
        Cipher cipher;
       // Cipher stringCipher;
        SecretKeySpec sKeySpec;

      public SecurityClass() {
          sunJce = new com.sun.crypto.provider.SunJCE();
          Security.addProvider(sunJce);
       } // end of constructor

       SecurityObject keyGeneration(SecurityParameter secParameter){
       String algorithm = secParameter.getAlgorithmType();
         try{
          keygen =KeyGenerator.getInstance(algorithm);
          }catch(NoSuchAlgorithmException ne){}
          int keysize = secParameter.getKeySize();
          keygen.init(keysize);
          secretkey = keygen.generateKey();
          byte[] keyBytes =secretkey.getEncoded();
          sKeySpec = new SecretKeySpec(keyBytes , algorithm );
          Date date = new Date();
          so = new SecurityObject(sKeySpec ,date );
        return so;
       } // end of autoKeyGeneration

       SecurityObject keyGeneration(SecurityParameter secParameter, String
      userSeed )
      {
       String algorithm = secParameter.getAlgorithmType();
          try{
          keygen =KeyGenerator.getInstance(algorithm);
          }catch(NoSuchAlgorithmException ne){}
          int keysize = secParameter.getKeySize();
          SecureRandom random = new SecureRandom(userSeed.getBytes());
          keygen.init(keysize,random);
          secretkey = keygen.generateKey();
          byte[] keyBytes =secretkey.getEncoded();
          sKeySpec = new SecretKeySpec(keyBytes , algorithm );
          Date date = new Date();
          so = new SecurityObject(userSeed,sKeySpec ,date );

       return so;
       } // end of userSeedKeyGeneration

       void fileCipher(FileInputStream fis,FileOutputStream
      fos,SecurityObject so,
                                              String chipherMode){
        try{
        Date date2 = new Date();
        System.out.println("File ciphering Starting Time" + date2);
       Cipher ci = getchipher(so,chipherMode);
       CipherInputStream cis = new CipherInputStream(fis,cipher);
       byte[] b = new byte[8];
          int i = cis.read(b);
          while (i != -1) {
            fos.write(b,0,i);
            i = cis.read(b);
          }
           Date date3 = new Date();
         System.out.println("File ciphering Eend Time" + date3);
          }catch(IOException ioe){}
           catch(Exception e){}
       } // end of fileChipher() method

       String stringCipher(String test ,SecurityObject so ,String
      chipherMode)
                                              throws
      CipherInitializationException{
         String result = null;
        byte[] encryted = new byte[8];
         try{
          cipher = getchipher(so,chipherMode);
          encryted = cipher.doFinal(test.getBytes());
         //if(encryted == null){
         //throw new CipherInitializationException("Invalid chiphering mode
      string ");
         // }
          result = new String(encryted);
        }catch(IllegalStateException ise){
         System.out.println("inside exception");
        }
          catch(BadPaddingException bpe){
           System.out.println("inside exception");
          }
          catch(IllegalBlockSizeException ibe){
            System.out.println("inside exception");
          }
          catch(Exception e){
            System.out.println(e);
          }
        return result;
       } // end of stringChipher() method


      // this method will return initialized Cipher Object in encrypt or
      decrypt mode
      // this will take default mode as "ECB" and padding as "PKCS5Padding"
      // now calling cipher.init("Blowfish") equal to
      //cipher.init("Blowfish/ECB/PKCS5Padding")
       Cipher getchipher(SecurityObject se,String mode)
                                               throws
      CipherInitializationException {
      // System.out.println("inside getchipher");
        try{
        SecretKeySpec keyspec =se.getSecretKeySpec();
        cipher = Cipher.getInstance(keyspec.getAlgorithm());
        if(mode=="encrypt"){
        cipher.init(Cipher.ENCRYPT_MODE,keyspec);
        }
        else{
         System.out.println("inside getchipher decrypt mode");
        cipher.init(Cipher.DECRYPT_MODE,keyspec);
        }
       }catch(NoSuchAlgorithmException ae){
         throw new CipherInitializationException("Algorithm does not exist");
       }
        catch(NoSuchPaddingException pe){
         throw new CipherInitializationException("Padding does not exist");
        }
        catch(InvalidKeyException ke){
         throw new CipherInitializationException("Invalid key to intialize
      the
      Cipher");
        }
        return cipher;
       } //end of getCipher() method

       } // end of class


      ***********************************
      package untitled1;


       class SecurityParameter {
          private String algorithmType;
          private int keySize;
          private int defaultKeySizeDES = 56;
          private int defaultKeySizeDESede = 112;
          private int defaultKeySizeBlowfish = 56;

         public SecurityParameter(){
         algorithmType = "Blowfish";
         keySize = 56;
         } // end of constructor


       /*In this method , String "algorithm" will checked (static checking)
      with the
         available algorithm in SunJCE and if not ,exception will be thrown .
         This method will allow to set only four algorithms (algorithm names
      are case
      sensitive)
         and it will set the default keysize and algorithms to class
      variables
      String

      algorithmType; int keySize;
       */
       void setAlgorithmType(String algorithm)throws
      InvalidSecurityParameterException
      {
       
      if((algorithm=="Blowfish")||(algorithm=="DESede")||(algorithm=="DES")){
          if(algorithm=="Blowfish"){
          algorithmType = algorithm ;
          keySize=defaultKeySizeBlowfish;
          }
          if(algorithm=="DESede"){
          algorithmType = algorithm ;
          keySize=defaultKeySizeDESede;
          }
           if(algorithm=="DES"){
          algorithmType = algorithm ;
          keySize=defaultKeySizeDES;
          }
        }else{
         throw new InvalidSecurityParameterException("Invalid algorithm
      parameter");
        }

         } //end of setAlgorithmType(String) method
       /*
       This method will accept String and int values and after validating
       the key to the respective algorithm it will set the both values to
       class variables String algorithmType; int keySize;
       */
       void setAlgorithmType(String algorithm ,int key)throws
      InvalidSecurityParameterException{
        
       
      if((algorithm=="Blowfish")||(algorithm=="DESede")||(algorithm=="DES")){
          if(keyValidation(algorithm,key)){
           algorithmType = algorithm ;
           keySize=key;
          }
          else{
      // System.out.println("Invalid parameter please give correct key
                                                       // size and
      algorithm");
          throw new InvalidSecurityParameterException(
                        "Invalid keysize for this algorithm as the
      parameter");
            }
        }
        else{
      //System.out.println("Invalid parameter please give correct key size
      and
      algorithm");
       throw new InvalidSecurityParameterException(
                        "Invalid algorithm name as the parameter");
        }
       } //end of setAlgorithmType(String,int) method


       // this will return current algorithm type (class variable:String
      algorithmType) as a

      "String"

       String getAlgorithmType(){
       return algorithmType;
       } //end of getAlgorithmType() method

      /* int size should checked with the key size in SunJCE an if not
      exception to
      be thrown
         keysize are represented in bits

       void setKeySize(int size){
       keySize=size;
       }
      */
      // this method will return the current keysize(class variable int
      keySize;)
      value as a

      "int"
       int getKeySize(){
        return keySize;
       } // end of getKeySize() method

        /*
        This method is to verify the key size to respective algorithm
        if ok it will return boolean value true otherwise returns false
        */
       private boolean keyValidation(String algorithm,int key){
        if((algorithm=="DES")&&(key==56)){
          return true;
          }
        if((algorithm=="DESede")&&(key==112)&&(key==168)){
          return true;
          }
        if(algorithm=="Blowfish"){
         if((key >= 32)&&(key<=448)&&(key%8==0))
          return true;
          }
        return false;
       }//end of keyValidation(string,int) method

       }// end of class
      ****************************************
      package untitled1;

      public class CipherInitializationException extends Exception {
       private String exceptionString;
        public CipherInitializationException(String exceptionString) {
        this.exceptionString = exceptionString;
        }
        public String toString(){
        return exceptionString;
        }
      }
      ************************************
      package untitled1;

      public class InvalidSecurityParameterException extends Exception {
      private String exceptionString;
        public InvalidSecurityParameterException(String exceptionString) {
        this.exceptionString = exceptionString;
        }

        public String toString(){
        return exceptionString;
        }

      }
      ***************************************
      ackage untitled1;
        import java.io.*;
      public class Test {

        public static void main (String[] args) {

      //crearte SecurityParameter Object and set algorithm and keysize,
      // Otherwise default Blowfish and keysize 56 will be taken
      try{
         SecurityParameter sp = new SecurityParameter();
         sp.setAlgorithmType("Blowfish",128);

      //Create SecurityClass Object
         SecurityClass secClass = new SecurityClass();

      // Call keyGeneration() method ,that will return SecurityObject
      Object,
      //with that object call the stringChipher() method to encrpt the String
         SecurityObject secObject =
      secClass.keyGeneration(sp,"kasthuripandian");

      //String ciphering Encryption and Decryption
         String testString = "hhh12345678903";
         String ss = secClass.stringCipher(testString,secObject,"encrypt");
         String sss = secClass.stringCipher(ss,secObject,"decrypt");
      // Print the result
         System.out.println ("Date "+secObject.getKeyDate());
         System.out.println ("UserSeedString
      "+secObject.getUserSeedString());
          System.out.println("Original String "+testString);
         System.out.println("Encrpted String "+ ss );
         System.out.println("Decrpted String "+sss);

      // file ciphering
          FileInputStream fis =null;
          FileOutputStream fos=null;

         try{
          fis= new FileInputStream("c:/shared/J2EE.pdf");
          fos = new FileOutputStream("c:/aruldurai.pdf");
          }catch(IOException e){}
        // secClass.fileCipher(fis,fos,secObject,"encrypt");
         try{
           fis = new FileInputStream("c:/aruldurai.pdf");
           fos = new FileOutputStream("c:/arulduraiclear.pdf");
           }catch(IOException e){}
        // secClass.fileCipher(fis,fos,secObject,"decrypt");

      // Print the result
        /* System.out.println ("Date
      "+secObject.getKeyDate());
         System.out.println ("UserSeedString
      "+secObject.getUserSeedString());
          System.out.println("Original String "+testString);
         System.out.println("Encrpted String "+ss);
         System.out.println("Decrpted String "+sss);
        */
         }catch(InvalidSecurityParameterException ise){
          System.out.println(ise);
         }
         catch(CipherInitializationException cie){
          System.out.println(cie);
         }
        } // end of main method

      } // end of class
      **************************************************
      }
      (Review ID: 116595)
      ======================================================================

            valeriep Valerie Peng
            kryansunw Kevin Ryan (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: