0

I have a PHP encryption function. I need a java counter part for the same. Due to my limited knowledge in PHP I am unable to understand. Some one knows both the language, kindly help.

PHP code:

function encrypt($decrypted, $keyvalue) {
    // Build a 256-bit $key which is a SHA256 hash of $keyvalue.
    $key = hash('SHA256', $keyvalue, true);
    // Build $iv and $iv_base64.  We use a block size of 128 bits (AES compliant) and CBC mode.  (Note: ECB mode is inadequate as IV is not used.)
    srand(); $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC), MCRYPT_RAND);
    if (strlen($iv_base64 = rtrim(base64_encode($iv), '=')) != 22) return false;
    // Encrypt $decrypted and an MD5 of $decrypted using $key.  MD5 is fine to use here because it's just to verify successful decryption.
    $encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $decrypted . md5($decrypted), MCRYPT_MODE_CBC, $iv));
    // We're done!
    return $iv_base64 . $encrypted;
}

Thanks in advance Aniruddha

Aniruddha
  • 55
  • 2
  • 10
  • 1
    Apparently there are comments for each line of code! So you should be able to code it in java, for example: for first line of comment you could start with http://stackoverflow.com/questions/5531455/how-to-encode-some-string-with-sha256-in-java – D3V Jul 18 '13 at 11:26
  • 3
    There are some serious key derivation and MAC weaknesses in this code. I suggest using a tried-and-tested library instead of rolling your own cryptography or copy-pasting code off the internet. – ntoskrnl Jul 18 '13 at 12:13
  • Thanks for your reply. Few things are unknown to me, like **MCRYPT_RIJNDAEL_128** , **MCRYPT_MODE_CBC**. This is why I asked. I altried to execute PHP script from java using JavaBridge.jar. But that also require PHP to be on the machine. So I am kind of stuck. – Aniruddha Jul 18 '13 at 12:37

1 Answers1

3

This should do it.

public static byte[] encrypt(byte[] decrypted, byte[] keyvalue) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException{
    MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
    byte[] key = sha256.digest(keyvalue);

    MessageDigest md5 = MessageDigest.getInstance("MD5");
    byte[] checksum = md5.digest(decrypted);

    //The length of the value to encrypt must be a multiple of 16.
    byte[] decryptedAndChecksum = new byte[(decrypted.length + md5.getDigestLength() + 15) / 16 * 16];
    System.arraycopy(decrypted, 0, decryptedAndChecksum, 0, decrypted.length);
    System.arraycopy(checksum, 0, decryptedAndChecksum, decrypted.length, checksum.length);
    //The remaining bytes of decryptedAndChecksum stay as 0 (default byte value) because PHP pads with 0's.

    SecureRandom rnd = new SecureRandom();
    byte[] iv = new byte[16];
    rnd.nextBytes(iv);
    IvParameterSpec ivSpec = new IvParameterSpec(iv);

    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
    cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), ivSpec);
    byte[] encrypted = Base64.encodeBase64(cipher.doFinal(decryptedAndChecksum));

    byte[] ivBase64 = Base64.encodeBase64String(iv).substring(0, 22).getBytes();
    byte[] output = new byte[encrypted.length + ivBase64.length];
    System.arraycopy(ivBase64, 0, output, 0, ivBase64.length);
    System.arraycopy(encrypted, 0, output, ivBase64.length, encrypted.length);
    return output;
}

The equivalent of MCRYPT_RIJNDAEL_128 and MCRYPT_MODE_CBC in java is AES/CBC/NoPadding. You also need a utility for Base64 encoding, the above code uses Base64 from the Apache Codec library.

Also, because the encryption key is 256 bits, you'll need the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. These can be downloaded from Oracle's website.

Finally, do heed ntoskrnl's warning. This encryption really could be better, don't copy-paste from the PHP manual.

Syon
  • 7,205
  • 5
  • 36
  • 40