2

I'm interfacing to a legacy Java application (the app cannot be changed) which is encrypting data using AES. Here is how the original Java code is instantiating the AES cipher:

SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec );

I'm a C/C++ developer, not Java, but from what I can tell this legacy Java code is not specifying the mode, nor the initialization vector. Anyone happen to know what Java would be using by default since it isn't specified?

We need the new C/C++ app to decrypt the Java-encrypted data. But I'm at a loss as to what to use for OpenSSL's initialization vector and chaining mode since I don't know what java does.

Stéphane
  • 19,459
  • 24
  • 95
  • 136
  • This nicely shows why one should never use the default values, but always explicitly indicate mode of operation and padding mode. – Paŭlo Ebermann Oct 17 '11 at 20:43

3 Answers3

3

Possible answer found:

"By default, Java Ciphers (at least in Sun's implementations) are constructed in what is called Electronic Codebook (ECB) mode." (Source: http://www.javamex.com/tutorials/cryptography/block_modes.shtml)

So if ECB is used by default, I guess that means no initialization vector, and I can use the following method from OpenSSL:

void AES_ecb_encrypt(*in, *out, *key, enc);

Using AES_decrypt() I can decrypt 1000+ byte messages that originated on the Java side. So it looks like Java does indeed default to ECB mode with no initialization vector. However, I still cannot encrypt and send a new message to the Java app. Investigation continues.

Got it all working. Thanks for the numerous hints. I can confirm Java uses ECB by default. All padding bytes are set to the number of bytes added (which is known as PKCS5-padding). "Hello World" -> encrypted by Java -> decrypted using OpenSSL will look like "Hello World\5\5\5\5\5".

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
Stéphane
  • 19,459
  • 24
  • 95
  • 136
  • Got it all working. Thanks for the numerous hints. I can confirm Java uses ECB by default. All padding bytes are set to the number of bytes added. "Hello World" -> encrypted by Java -> decrypted using OpenSSL will look like "Hello World\5\5\5\5\5". – Stéphane Mar 01 '11 at 18:54
  • This padding mode is known as PKCS#5-Padding, and OpenSSL should have a way to indicate this padding mode, too. (I edited your post to add the information from your comments, so the answer is complete. Feel free to revert or edit it again.) – Paŭlo Ebermann Oct 17 '11 at 20:46
  • Did you find a way to indicate the padding? http://stackoverflow.com/q/19810373/655703 – Ne0 Nov 06 '13 at 11:16
1

Some cryptographic algorithms require additional initialization parameters; these can be passed to init() as a java.security.AlgorithmParameters object or as a java.security.spec.AlgorithmParameterSpec object. When encrypting, you can omit these parameters, and the Cipher implementation uses default values or generates appropriate random parameters for you. In this case, you should call getParameters() after performing encryption to obtain the AlgorithmParameters used to encrypt. These parameters are required in order to decrypt, and must therefore be saved or transferred along with the encrypted data.

http://docstore.mik.ua/orelly/java-ent/jnut/ch26_01.htm

Are you able to modify the Java code to get ahold of these parameters?

Arve
  • 8,058
  • 2
  • 22
  • 25
0

Use Bountry castle library in java . it supports c/c++ equivalent to openssl library in java . worked for me

rana
  • 1,824
  • 3
  • 21
  • 36