0

I need to encrypt a string with OpenSSL and Java and have them end up the exact same.

OpenSSL

openssl enc -aes-256-cbc -S THISISASECRETKEY -k ALSOISASECRETKEY -in $txtName -out $aesName -a

Java

import java.security.*;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.*;

public class Protector {

    private static final String ALGORITHM = "AES";
    private static final int ITERATIONS = 1;
    private static final byte[] keyValue = "ALSOISASECRETKEY".getBytes();

    public static String encrypt(String value, String salt) throws Exception {
        Key key = generateKey();
        Cipher c = Cipher.getInstance(ALGORITHM);
        c.init(Cipher.ENCRYPT_MODE, key);

        String valueToEnc = null;
        String eValue = value;
        for (int i = 0; i < ITERATIONS; i++) {
            valueToEnc = salt + eValue;
            byte[] encValue = c.doFinal(valueToEnc.getBytes());
            eValue = new BASE64Encoder().encode(encValue);
        }
        return eValue;
    }

    public static String decrypt(String value, String salt) throws Exception {
        Key key = generateKey();
        Cipher c = Cipher.getInstance(ALGORITHM);
        c.init(Cipher.DECRYPT_MODE, key);

        String dValue = null;
        String valueToDecrypt = value;
        for (int i = 0; i < ITERATIONS; i++) {
            byte[] decordedValue = new BASE64Decoder().decodeBuffer(valueToDecrypt);
            byte[] decValue = c.doFinal(decordedValue);
            dValue = new String(decValue).substring(salt.length());
            valueToDecrypt = dValue;
        }
        return dValue;
    }

    private static Key generateKey() throws Exception {
        Key key = new SecretKeySpec(keyValue, ALGORITHM);
        // SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM);
        // key = keyFactory.generateSecret(new DESKeySpec(keyValue));
        return key;
    }
}

And Java Main

public class main {

    public static void main(String[] args) throws Exception {
        String password = "This is a test!";
        String salt = "THISISASECRETKEY";
        String passwordEnc = Protector.encrypt(password, salt);
        String passwordDec = Protector.decrypt(passwordEnc, salt);

        System.out.println("Salt Text : " + salt);
        System.out.println("Plain Text : " + password);
        System.out.println("Encrypted : " + passwordEnc);
        System.out.println("Decrypted : " + passwordDec);
    }
}

The Java code produces a result, however it doesn't match. I need to match my Java code to the OpenSSL which really has to stay the same (working with others with a lot of back end already setup). I had read somewhere that there is a difference in how OpenSSL and Java make the keys, if that helps at all.

Thank you so much in advance!

KosherBacon
  • 172
  • 1
  • 11
  • 2
    When you do String.getBytes() without any arguments, the string is converted to bytes using the host machine's encoding. Thus you will get different bytes depending on whether you are running in Windows, Linux, OS X, etc. It is best to always do getBytes(StandardCharsets.UTF_8) so you'll always get exactly the same bytes. Similarly, replace `new String(decValue)` with `new String(decValue, StandardCharsets.UTF_8)`. – VGR Feb 08 '13 at 11:13
  • You would be closer to the thruth if you had written: "this is not a secret key" for both values. – Maarten Bodewes Feb 08 '13 at 11:33
  • Your openssl command ought not to work, at least according to [the documentation](http://www.openssl.org/docs/apps/enc.html). You have specified the salt using `-S`, which expects a hexadecimal string as an argument. – Duncan Jones Feb 08 '13 at 15:30
  • Related question: http://stackoverflow.com/questions/8357941/aes-key-derivation-function – Duncan Jones Feb 08 '13 at 15:46
  • 2
    @DuncanJones most of the times these questions hinge on the fact that OpenSSL uses a specific key derivation method called "EVP_BytesToKey", see e.g. my answer [here](http://stackoverflow.com/questions/11783062/how-to-decrypt-an-encrypted-file-in-java-with-openssl-with-aes) – Maarten Bodewes Feb 09 '13 at 00:06
  • @VGR Thanks, I implemented this! – KosherBacon Feb 09 '13 at 03:24
  • @DuncanJones The key and salt I gave are not the actual ones I am testing with, both are 16 bit long and meet the rules. – KosherBacon Feb 09 '13 at 03:26
  • @owlstead Thanks! I am trying to implement this, I am having a little bit of difficulty doing so. I get an illegal key-size error. If you have tips for encrypting using your method they would be greatly appreciated. That said it does look promising! – KosherBacon Feb 09 '13 at 03:28
  • 2
    @GLaDOS Illegal key size errors mean you are using 256-bit AES without the [unrestricted policy files](http://stackoverflow.com/questions/6900542/java-security-invalidkeyexception-illegal-key-size) for your JVM. – Duncan Jones Feb 09 '13 at 07:43

0 Answers0