From: Scooter on
I'm about to throw in the towel on this stuff. I think I just need to
sit down with a cryptography book..or someone that knows what their
doing. In testing my encryption values between c# and java I'm getting
different values.

Again here's the c# code :
protected internal ICryptoTransform m_objCrypt;
protected internal ICryptoTransform m_objDecrypt;

RijndaelManaged objAesCipher = new RijndaelManaged();
objAesCipher.KeySize = 256;
objAesCipher.BlockSize = 128; // has to be 128 to be AES compat
objAesCipher.Mode = CipherMode.CBC;
objAesCipher.Padding = PaddingMode.PKCS7;
objAesCipher.Key = new System.Security.Cryptography.SHA256Managed
().ComputeHash(new ASCIIEncoding().GetBytes("A Random String".ToLower
()));
byte[] fullSHA = new System.Security.Cryptography.SHA256Managed
().ComputeHash(new ASCIIEncoding().GetBytes("3rfdfh6y-34rt-3rkl-9ijh-
mg94kgjdhsg3".ToLower()));
byte[] trimmedSHA = new byte[16];
Array.Copy(fullSHA, trimmedSHA, 16);
// can only use 128 block size to be real AES
objAesCipher.IV = trimmedSHA;
m_objCrypt = objAesCipher.CreateEncryptor();
m_objDecrypt = objAesCipher.CreateDecryptor();


protected internal String EncryptValue(String Value)
{

if (Value.Length >= MAX_QUERY_LENGTH)
{
throw new ValueException();
}

byte[] byaRawText = new System.Text.ASCIIEncoding().GetBytes
(Value);
byte[] byaCipherText = m_objCrypt.TransformFinalBlock(byaRawText,
0, byaRawText.Length);

return Convert.ToBase64String(byaCipherText);

}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
heres my java
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

protected static Cipher m_objCrypt;
protected static Cipher m_objDecrypt;



try {
m_objCrypt = Cipher.getInstance("AES/CBC/PKCS5Padding");
m_objDecrypt = Cipher.getInstance("AES/CBC/PKCS5Padding");
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
MessageDigest sha256 = null;
try {
sha256 = MessageDigest.getInstance("SHA-256");
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
byte[] aesKey = sha256.digest("A Random String".toLowerCase().getBytes
());
//printhash(aesKey);

// Sets up a 128 bit (16 byte) IV for CBC mode
final int BLOCK_BYTES = 16;
byte[] aesPaddedKey = new byte[BLOCK_BYTES];
System.arraycopy(aesKey,0,aesPaddedKey,0,BLOCK_BYTES);
sha256.reset();
byte[] fullSHA = sha256.digest("3rfdfh6y-34rt-3rkl-9ijh-
mg94kgjdhsg3".toLowerCase().getBytes());
//printhash(fullSHA);
byte[] aesIV = new byte[BLOCK_BYTES];
System.arraycopy(fullSHA, 0, aesIV, 0, BLOCK_BYTES);

// Set up the IV and two cipher objects, one to encrypt and
// one to decrypt:
IvParameterSpec aesParameterSpec = new IvParameterSpec(aesIV);
AlgorithmParameters aesParameters = AlgorithmParameters.getInstance
("AES");
aesParameters.init(aesParameterSpec);

// And this is where it bombs because it expects argument2
// to be a key or certificate
//SecretKeySpec aesKeySpec = new SecretKeySpec(aesKey,
0,aesKey.length,"AES");
//Replaced with this one that uses a bytearray as a key
SecretKeySpec aesKeySpec = new SecretKeySpec(aesPaddedKey,
0,aesPaddedKey.length,"AES");
//aesCrypt.init(Cipher.ENCRYPT_MODE, aesKey, aesParameters);
//aesDecrypt.init(Cipher.DECRYPT_MODE, aesKey, aesParameters);


m_objCrypt.init(Cipher.ENCRYPT_MODE, aesKeySpec, aesParameters);
m_objDecrypt.init(Cipher.DECRYPT_MODE, aesKeySpec, aesParameters);


public String EncryptValue(String Value) {

String returnValue = null;
if (Value.length() >= MAX_QUERY_LENGTH)
{
try {
throw new Exception();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

byte[] byaRawText = null;
try {
byaRawText = Value.getBytes("US-ASCII");
} catch (UnsupportedEncodingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
byte[] byaCipherText = null;
try {
byaCipherText = m_objCrypt.doFinal(byaRawText, 0,
byaRawText.length);
} catch (IllegalBlockSizeException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (BadPaddingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}


returnValue = b64encode(byaCipherText);
System.out.println("base 64d ok");



return returnValue;

}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks in advance. I know this is a lot to ask someone to look at.