From: Scooter on 21 Nov 2008 12:10 I'm about to throw in the towel on this stuff. I think I just need to sit down with a cryptography book..or someone that knows what their doing. In testing my encryption values between c# and java I'm getting different values. Again here's the c# code : protected internal ICryptoTransform m_objCrypt; protected internal ICryptoTransform m_objDecrypt; RijndaelManaged objAesCipher = new RijndaelManaged(); objAesCipher.KeySize = 256; objAesCipher.BlockSize = 128; // has to be 128 to be AES compat objAesCipher.Mode = CipherMode.CBC; objAesCipher.Padding = PaddingMode.PKCS7; objAesCipher.Key = new System.Security.Cryptography.SHA256Managed ().ComputeHash(new ASCIIEncoding().GetBytes("A Random String".ToLower ())); byte[] fullSHA = new System.Security.Cryptography.SHA256Managed ().ComputeHash(new ASCIIEncoding().GetBytes("3rfdfh6y-34rt-3rkl-9ijh- mg94kgjdhsg3".ToLower())); byte[] trimmedSHA = new byte[16]; Array.Copy(fullSHA, trimmedSHA, 16); // can only use 128 block size to be real AES objAesCipher.IV = trimmedSHA; m_objCrypt = objAesCipher.CreateEncryptor(); m_objDecrypt = objAesCipher.CreateDecryptor(); protected internal String EncryptValue(String Value) { if (Value.Length >= MAX_QUERY_LENGTH) { throw new ValueException(); } byte[] byaRawText = new System.Text.ASCIIEncoding().GetBytes (Value); byte[] byaCipherText = m_objCrypt.TransformFinalBlock(byaRawText, 0, byaRawText.Length); return Convert.ToBase64String(byaCipherText); } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ heres my java ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ protected static Cipher m_objCrypt; protected static Cipher m_objDecrypt; try { m_objCrypt = Cipher.getInstance("AES/CBC/PKCS5Padding"); m_objDecrypt = Cipher.getInstance("AES/CBC/PKCS5Padding"); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (NoSuchPaddingException e) { // TODO Auto-generated catch block e.printStackTrace(); } MessageDigest sha256 = null; try { sha256 = MessageDigest.getInstance("SHA-256"); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } byte[] aesKey = sha256.digest("A Random String".toLowerCase().getBytes ()); //printhash(aesKey); // Sets up a 128 bit (16 byte) IV for CBC mode final int BLOCK_BYTES = 16; byte[] aesPaddedKey = new byte[BLOCK_BYTES]; System.arraycopy(aesKey,0,aesPaddedKey,0,BLOCK_BYTES); sha256.reset(); byte[] fullSHA = sha256.digest("3rfdfh6y-34rt-3rkl-9ijh- mg94kgjdhsg3".toLowerCase().getBytes()); //printhash(fullSHA); byte[] aesIV = new byte[BLOCK_BYTES]; System.arraycopy(fullSHA, 0, aesIV, 0, BLOCK_BYTES); // Set up the IV and two cipher objects, one to encrypt and // one to decrypt: IvParameterSpec aesParameterSpec = new IvParameterSpec(aesIV); AlgorithmParameters aesParameters = AlgorithmParameters.getInstance ("AES"); aesParameters.init(aesParameterSpec); // And this is where it bombs because it expects argument2 // to be a key or certificate //SecretKeySpec aesKeySpec = new SecretKeySpec(aesKey, 0,aesKey.length,"AES"); //Replaced with this one that uses a bytearray as a key SecretKeySpec aesKeySpec = new SecretKeySpec(aesPaddedKey, 0,aesPaddedKey.length,"AES"); //aesCrypt.init(Cipher.ENCRYPT_MODE, aesKey, aesParameters); //aesDecrypt.init(Cipher.DECRYPT_MODE, aesKey, aesParameters); m_objCrypt.init(Cipher.ENCRYPT_MODE, aesKeySpec, aesParameters); m_objDecrypt.init(Cipher.DECRYPT_MODE, aesKeySpec, aesParameters); public String EncryptValue(String Value) { String returnValue = null; if (Value.length() >= MAX_QUERY_LENGTH) { try { throw new Exception(); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } byte[] byaRawText = null; try { byaRawText = Value.getBytes("US-ASCII"); } catch (UnsupportedEncodingException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } byte[] byaCipherText = null; try { byaCipherText = m_objCrypt.doFinal(byaRawText, 0, byaRawText.length); } catch (IllegalBlockSizeException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (BadPaddingException e) { // TODO Auto-generated catch block e.printStackTrace(); } returnValue = b64encode(byaCipherText); System.out.println("base 64d ok"); return returnValue; } ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks in advance. I know this is a lot to ask someone to look at. |