-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
1.2.1
-
generic
-
generic
Name: krC82822 Date: 02/08/2001
(1.2.2 via JBuilder3 -- see Comments section)
JCE 1.2.1 (only "1.2.1ea" was available as a valid release value)
inside getcipher decrypt mode
Date Wed Oct 11 17:31:11 GMT+02:00 2000
UserSeedString kasthuripandian
Original String hhh12345678903
Encrypted String y?q??ZJo?3
[I previously submitted this as] Review ID: 110706.
I think the problem with the padding schema is how to overcome this.
We found that,using the Blowfish algorithm in JCE1.2.1,
if we encryt some string and again decrypt that encrypted
string means it should give the original string,
but particular strings with particular keysizes are not working.
try this With JAVA 1.2.2, JCE 1.2.1 ,
Blowfish algorithm ,keySize 32,String "Bharat"
Blowfish algorithm ,keySize 128,String "hhh12345678901",String "hhh12345678902",
String "hhh12345678903",String "hhh12345678904"
In the above, if we change the keysize means it is working
I am sending all codes to you please compile and execute the test.java
*********************************
.java file of SecurityObject class
package untitled1;
import java.util.*;
import javax.crypto.spec.*;
public class SecurityObject {
private SecretKeySpec keySpecs;
private String userSeedString;
private Date date;
public SecurityObject(SecretKeySpec keySpecs , Date date) {
this.date=date;
this.keySpecs=keySpecs;
this.userSeedString= "this object is set by auto";
}
public SecurityObject(String userSeedString , SecretKeySpec keySpecs
, Date
date) {
this.date=date;
this.keySpecs=keySpecs;
this.userSeedString=userSeedString;
}
SecretKeySpec getSecretKeySpec(){
return keySpecs;
}
Date getKeyDate(){
return date;
}
String getUserSeedString(){
return userSeedString;
}
// to be implemented
String getHexaSceretKey(){
return "a";
}
********************************
package untitled1;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;
import java.util.*;
class SecurityClass {
Provider sunJce ;
SecurityObject so ;
KeyGenerator keygen;
SecretKey secretkey ;
Cipher cipher;
// Cipher stringCipher;
SecretKeySpec sKeySpec;
public SecurityClass() {
sunJce = new com.sun.crypto.provider.SunJCE();
Security.addProvider(sunJce);
} // end of constructor
SecurityObject keyGeneration(SecurityParameter secParameter){
String algorithm = secParameter.getAlgorithmType();
try{
keygen =KeyGenerator.getInstance(algorithm);
}catch(NoSuchAlgorithmException ne){}
int keysize = secParameter.getKeySize();
keygen.init(keysize);
secretkey = keygen.generateKey();
byte[] keyBytes =secretkey.getEncoded();
sKeySpec = new SecretKeySpec(keyBytes , algorithm );
Date date = new Date();
so = new SecurityObject(sKeySpec ,date );
return so;
} // end of autoKeyGeneration
SecurityObject keyGeneration(SecurityParameter secParameter, String
userSeed )
{
String algorithm = secParameter.getAlgorithmType();
try{
keygen =KeyGenerator.getInstance(algorithm);
}catch(NoSuchAlgorithmException ne){}
int keysize = secParameter.getKeySize();
SecureRandom random = new SecureRandom(userSeed.getBytes());
keygen.init(keysize,random);
secretkey = keygen.generateKey();
byte[] keyBytes =secretkey.getEncoded();
sKeySpec = new SecretKeySpec(keyBytes , algorithm );
Date date = new Date();
so = new SecurityObject(userSeed,sKeySpec ,date );
return so;
} // end of userSeedKeyGeneration
void fileCipher(FileInputStream fis,FileOutputStream
fos,SecurityObject so,
String chipherMode){
try{
Date date2 = new Date();
System.out.println("File ciphering Starting Time" + date2);
Cipher ci = getchipher(so,chipherMode);
CipherInputStream cis = new CipherInputStream(fis,cipher);
byte[] b = new byte[8];
int i = cis.read(b);
while (i != -1) {
fos.write(b,0,i);
i = cis.read(b);
}
Date date3 = new Date();
System.out.println("File ciphering Eend Time" + date3);
}catch(IOException ioe){}
catch(Exception e){}
} // end of fileChipher() method
String stringCipher(String test ,SecurityObject so ,String
chipherMode)
throws
CipherInitializationException{
String result = null;
byte[] encryted = new byte[8];
try{
cipher = getchipher(so,chipherMode);
encryted = cipher.doFinal(test.getBytes());
//if(encryted == null){
//throw new CipherInitializationException("Invalid chiphering mode
string ");
// }
result = new String(encryted);
}catch(IllegalStateException ise){
System.out.println("inside exception");
}
catch(BadPaddingException bpe){
System.out.println("inside exception");
}
catch(IllegalBlockSizeException ibe){
System.out.println("inside exception");
}
catch(Exception e){
System.out.println(e);
}
return result;
} // end of stringChipher() method
// this method will return initialized Cipher Object in encrypt or
decrypt mode
// this will take default mode as "ECB" and padding as "PKCS5Padding"
// now calling cipher.init("Blowfish") equal to
//cipher.init("Blowfish/ECB/PKCS5Padding")
Cipher getchipher(SecurityObject se,String mode)
throws
CipherInitializationException {
// System.out.println("inside getchipher");
try{
SecretKeySpec keyspec =se.getSecretKeySpec();
cipher = Cipher.getInstance(keyspec.getAlgorithm());
if(mode=="encrypt"){
cipher.init(Cipher.ENCRYPT_MODE,keyspec);
}
else{
System.out.println("inside getchipher decrypt mode");
cipher.init(Cipher.DECRYPT_MODE,keyspec);
}
}catch(NoSuchAlgorithmException ae){
throw new CipherInitializationException("Algorithm does not exist");
}
catch(NoSuchPaddingException pe){
throw new CipherInitializationException("Padding does not exist");
}
catch(InvalidKeyException ke){
throw new CipherInitializationException("Invalid key to intialize
the
Cipher");
}
return cipher;
} //end of getCipher() method
} // end of class
***********************************
package untitled1;
class SecurityParameter {
private String algorithmType;
private int keySize;
private int defaultKeySizeDES = 56;
private int defaultKeySizeDESede = 112;
private int defaultKeySizeBlowfish = 56;
public SecurityParameter(){
algorithmType = "Blowfish";
keySize = 56;
} // end of constructor
/*In this method , String "algorithm" will checked (static checking)
with the
available algorithm in SunJCE and if not ,exception will be thrown .
This method will allow to set only four algorithms (algorithm names
are case
sensitive)
and it will set the default keysize and algorithms to class
variables
String
algorithmType; int keySize;
*/
void setAlgorithmType(String algorithm)throws
InvalidSecurityParameterException
{
if((algorithm=="Blowfish")||(algorithm=="DESede")||(algorithm=="DES")){
if(algorithm=="Blowfish"){
algorithmType = algorithm ;
keySize=defaultKeySizeBlowfish;
}
if(algorithm=="DESede"){
algorithmType = algorithm ;
keySize=defaultKeySizeDESede;
}
if(algorithm=="DES"){
algorithmType = algorithm ;
keySize=defaultKeySizeDES;
}
}else{
throw new InvalidSecurityParameterException("Invalid algorithm
parameter");
}
} //end of setAlgorithmType(String) method
/*
This method will accept String and int values and after validating
the key to the respective algorithm it will set the both values to
class variables String algorithmType; int keySize;
*/
void setAlgorithmType(String algorithm ,int key)throws
InvalidSecurityParameterException{
if((algorithm=="Blowfish")||(algorithm=="DESede")||(algorithm=="DES")){
if(keyValidation(algorithm,key)){
algorithmType = algorithm ;
keySize=key;
}
else{
// System.out.println("Invalid parameter please give correct key
// size and
algorithm");
throw new InvalidSecurityParameterException(
"Invalid keysize for this algorithm as the
parameter");
}
}
else{
//System.out.println("Invalid parameter please give correct key size
and
algorithm");
throw new InvalidSecurityParameterException(
"Invalid algorithm name as the parameter");
}
} //end of setAlgorithmType(String,int) method
// this will return current algorithm type (class variable:String
algorithmType) as a
"String"
String getAlgorithmType(){
return algorithmType;
} //end of getAlgorithmType() method
/* int size should checked with the key size in SunJCE an if not
exception to
be thrown
keysize are represented in bits
void setKeySize(int size){
keySize=size;
}
*/
// this method will return the current keysize(class variable int
keySize;)
value as a
"int"
int getKeySize(){
return keySize;
} // end of getKeySize() method
/*
This method is to verify the key size to respective algorithm
if ok it will return boolean value true otherwise returns false
*/
private boolean keyValidation(String algorithm,int key){
if((algorithm=="DES")&&(key==56)){
return true;
}
if((algorithm=="DESede")&&(key==112)&&(key==168)){
return true;
}
if(algorithm=="Blowfish"){
if((key >= 32)&&(key<=448)&&(key%8==0))
return true;
}
return false;
}//end of keyValidation(string,int) method
}// end of class
****************************************
package untitled1;
public class CipherInitializationException extends Exception {
private String exceptionString;
public CipherInitializationException(String exceptionString) {
this.exceptionString = exceptionString;
}
public String toString(){
return exceptionString;
}
}
************************************
package untitled1;
public class InvalidSecurityParameterException extends Exception {
private String exceptionString;
public InvalidSecurityParameterException(String exceptionString) {
this.exceptionString = exceptionString;
}
public String toString(){
return exceptionString;
}
}
***************************************
ackage untitled1;
import java.io.*;
public class Test {
public static void main (String[] args) {
//crearte SecurityParameter Object and set algorithm and keysize,
// Otherwise default Blowfish and keysize 56 will be taken
try{
SecurityParameter sp = new SecurityParameter();
sp.setAlgorithmType("Blowfish",128);
//Create SecurityClass Object
SecurityClass secClass = new SecurityClass();
// Call keyGeneration() method ,that will return SecurityObject
Object,
//with that object call the stringChipher() method to encrpt the String
SecurityObject secObject =
secClass.keyGeneration(sp,"kasthuripandian");
//String ciphering Encryption and Decryption
String testString = "hhh12345678903";
String ss = secClass.stringCipher(testString,secObject,"encrypt");
String sss = secClass.stringCipher(ss,secObject,"decrypt");
// Print the result
System.out.println ("Date "+secObject.getKeyDate());
System.out.println ("UserSeedString
"+secObject.getUserSeedString());
System.out.println("Original String "+testString);
System.out.println("Encrpted String "+ ss );
System.out.println("Decrpted String "+sss);
// file ciphering
FileInputStream fis =null;
FileOutputStream fos=null;
try{
fis= new FileInputStream("c:/shared/J2EE.pdf");
fos = new FileOutputStream("c:/aruldurai.pdf");
}catch(IOException e){}
// secClass.fileCipher(fis,fos,secObject,"encrypt");
try{
fis = new FileInputStream("c:/aruldurai.pdf");
fos = new FileOutputStream("c:/arulduraiclear.pdf");
}catch(IOException e){}
// secClass.fileCipher(fis,fos,secObject,"decrypt");
// Print the result
/* System.out.println ("Date
"+secObject.getKeyDate());
System.out.println ("UserSeedString
"+secObject.getUserSeedString());
System.out.println("Original String "+testString);
System.out.println("Encrpted String "+ss);
System.out.println("Decrpted String "+sss);
*/
}catch(InvalidSecurityParameterException ise){
System.out.println(ise);
}
catch(CipherInitializationException cie){
System.out.println(cie);
}
} // end of main method
} // end of class
**************************************************
}
(Review ID: 116595)
======================================================================