1

I need to have a basic/simple String encryption (i.e. low security is good enough, I just want to avoid that the communication is human readable) between my Java client application and the PHP server.

I opted thus for the symmetric DES encryption as it doesn't require any key exchange (same key will be used on client and on server) + it doesn't require Java Security Policy updates for longer keys. I also encode/decode Base64 as the data gets sent by a Http post.

Unfortunately my code doesn't work as decrypted text doesn't match input.

My Java code to encrypt:

SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
DESKeySpec keySpecEncrypt = new DESKeySpec(ParamsProvider.SERVER_ECRYPTION_SECRETKEY2); //Secret key is a byte[8] = {1, 2, 3, 4, 5, 6, 7, 8}
SecretKey keyEncrypt = keyFactory.generateSecret(keySpecEncrypt);

// Create the cipher 
Cipher desCipher = Cipher.getInstance("DES/CFB8/NoPadding");

// Initialize the cipher for encryption
desCipher.init(Cipher.ENCRYPT_MODE, keyEncrypt);

// Encrypt the text
byte[] textEncrypted = desCipher.doFinal(data.getBytes("UTF-8"));

//B64 encoding and return
byte[] encryptedB64ByteArray = (new org.apache.commons.codec.binary.Base64()).encode(textEncrypted);
return new String(encryptedB64ByteArray, "UTF8");

My PHP code to decrypt:

function decrypt($message) {
    $secret_key = array(1, 2, 3, 4, 5, 6, 7, 8);
    $decodedMsg = base64_decode($message);
    return base64_decode(mcrypt_decrypt(MCRYPT_DES, $key, $decodedMsg, MCRYPT_MODE_CFB));
}

My best guess is that my Java and PHP en/decryption parameters are not equal (e.g. CFB8 mode) but I have no clue on how to solve this.

Any help or hint would be greatly appreciated (I already lost a few hours on this one), Cheers, Thomas

Jason
  • 1,658
  • 3
  • 20
  • 51
Tom
  • 1,375
  • 3
  • 24
  • 45
  • i am guessing here but on the java side you do encrypt then b64. on the php you do decrypt then decryptb64. i think that on the php side you first have to do the decryptb64 and then the decrypt step – ITroubs Apr 09 '13 at 12:29
  • Found [this](http://stackoverflow.com/questions/8530312/php-equivalent-for-java-triple-des-encryption-decryption) which might help you get started. Java is in the question, PHP equiv in the answer. – Jon Apr 09 '13 at 12:30

3 Answers3

3

Thanks for the hints.

Unfortunately none of them worked out for me.

I finally solved it based on this code: https://github.com/stevenholder/PHP-Java-AES-Encrypt

Cheers, Thomas

Tom
  • 1,375
  • 3
  • 24
  • 45
  • what? this code give javax.crypto.BadPaddingException, how do you solved this: https://github.com/stevenholder/PHP-Java-AES-Encrypt/issues/1 – Daniele Cruciani Nov 13 '15 at 17:41
1

You have too choose a padding method, read this With the php code at the link of @Jon you haveto choose the PKCS#5-padding:

// Create the cipher 
Cipher desCipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
Community
  • 1
  • 1
Itachi
  • 21
  • 2
0

I had the same problem in the context of RSA (java:encryption, php:decryption), solved my problem the following way: in the keyPair-generation in increased the 'initialize' value from 512 to 1024. and it works. the hint i followed was here: http://docs.oracle.com/javase/7/docs/api/javax/crypto/Cipher.html where it states that every java-implementation has to implement at least: ... RSA/ECB/PKCS1Padding (1024, 2048) ... so maybe the result of the keygeneration was not compatible

echnatons-mind
  • 1