-1

I want to encrypt data in BlackBerry using the AES 256 encryption method. The requirement is to encrypt with No Padding; "AES/ECB/NoPadding". I am passing a 16 byte array and the encrypted data returned is a hex value of length 32. I have tried the following but it is not producing the correct result. The returned value is different from the expected encrypted value; tested in Android. The results between Android and BlackBerry do not tally. I have used the following method:

public static String EncryptData(byte[] keyData, byte[] data) throws Exception {      
          String encryptedData = "";        
          AESKey key = new AESKey(keyData);
          NoCopyByteArrayOutputStream out = new NoCopyByteArrayOutputStream();
          AESEncryptorEngine engine = new AESEncryptorEngine(key);
          BlockEncryptor encryptor = new BlockEncryptor(engine, out);
          encryptor.write(data, 0, data.length);
          int finalLength = out.size();
          byte[] cbytes = new byte[finalLength];
          System.arraycopy(out.getByteArray(), 0, cbytes, 0, finalLength);
          encryptedData = getHexString(cbytes);
          return encryptedData;
      }

Can anyone please guide?

EDIT: Below is the equivalent Android code:

Dim Kg As KeyGenerator
    Dim c As Cipher
    c.Initialize("AES/ECB/NoPadding") ' just "DES" actually performs "DES/ECB/PKCS5Padding". 
    Kg.Initialize("DESede")
    Kg.KeyFromBytes(key)
    bytes = Kg.KeyToBytes
    msg_data = c.Encrypt(msg_data, Kg.key, False)
    Return Bconv.HexFromBytes(msg_data)
Sarah
  • 1,895
  • 2
  • 21
  • 39
  • 1
    Is this BB code? Show the Android one. Also ECB is generally a bad idea. – Nikolay Elenkov Jan 08 '13 at 07:30
  • Maybe [this question](http://stackoverflow.com/questions/8412781/aes-256-in-blackberry) will shed some light. In general, I think you *have* to pad the input data to a block cipher. In that question, they use `PKCS5FormatterEngine` to pad. – Jonathon Reinhart Jan 08 '13 at 07:35
  • @NikolayElenkov I have updated my answer with the Android code added. – Sarah Jan 08 '13 at 07:39
  • @JonathonReinhart PKCS5FormatterEngine will not produce the same result, right? That would yield a different result I believe. – Sarah Jan 08 '13 at 07:40
  • 2
    There's a mistake in your second block of code. You call c.Initialize() with AES, but then you initialize the KeyGenerator for DES. – mfanto Jan 08 '13 at 07:41
  • @mfanto the android code is written in Basic4Android by the Android developer. I am part of the BlackBerry development team so not much knowledge on the Android code. Can you guide me how can I encrypt in BlackBerry? – Sarah Jan 08 '13 at 07:44
  • Basic4Android? For real? – Nikolay Elenkov Jan 08 '13 at 07:45
  • Those are not really standard Android/Java APIs, so not too clear what is going on. – Nikolay Elenkov Jan 08 '13 at 07:46
  • @NikolayElenkov ignoring the Android part, can you advice how can I encrypt in BlackBerry following the standard AES 256 with No Padding. The returned result should be a hex value of length 32 and not 64. – Sarah Jan 08 '13 at 07:50
  • Teams don't matter: if one of the two implementations is incorrect you will get different result and thus no interop. Find full Android code and compare output step by step: do you get the same key bytes? Does the raw cipher output match, etc. – Nikolay Elenkov Jan 08 '13 at 07:50
  • @NikolayElenkov I will try to get the raw cipher output and compare. Thanks. – Sarah Jan 08 '13 at 07:51
  • 1
    Not familiar with BB APIs, but are you sure `AESEncryptorEngine` is actually using ECB and no padding? It does seem it is adding padding. – Nikolay Elenkov Jan 08 '13 at 07:51

1 Answers1

0

There's a mistake in your Basic4Android code. You initialize the cipher with AES:

c.Initialize("AES/ECB/NoPadding")

but then initialize the key generator with TripleDES:

Kg.Initialize("DESede")

According to this documentation, just change "DESede" to "AES":

Kg.Initialize("AES")

Also, I wouldn't recommend using AES with ECB and no padding. It's insecure, especially when it's just as easy to use CBC or CTR mode. See this wikipedia article for an example of how unsafe it really is.

mfanto
  • 14,168
  • 6
  • 51
  • 61
  • The requirement is AES with ECB and no padding. The server is decrypting the values and it is already implemented for the Android and iphone. Considering I would like to proceed with this encryption, can you suggest how to go about this in BlackBerry? I have been unable to with no padding.. – Sarah Jan 08 '13 at 13:29
  • Android uses BouncyCastle as a cryptographic provider. There's also a JavaME version of this library. Have a look at it, maybe you can reuse your encryption classes for Android and BB.[Bouncy Castle Java Releases](http://www.bouncycastle.org/latest_releases.html) – Mister Smith Jan 08 '13 at 14:34
  • 2
    @Sarah: I would go back to whomever gave you that requirement and tell them it's bad. It's unsafe, and not recommended by a single person in the security community. Did you make the changes in this answer? Have you verified that the key bytes and input bytes are identical? I.e. compare keyData and bytes = Kg.KeyToBytes – mfanto Jan 08 '13 at 17:30