Windows vs. Unix
[263 byte] By [ptsentera] at [2007-11-27 3:45:37] 
I have a small routine to encrypt/decrypt passwords. It works fine on Windows. But Unix (Solaris) throws IllegalBlockSizeException. Where should I go from here?I tried to step into code, but it's hidden. I'm using NetBeans 5.5.Thanx.
# 1
You could always post your code here!P.S. The fact that you re using Netbeans is irrelevant to the problem.sabre150a at 2007-7-12 8:49:20 >
# 2
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
public class Codec {
//actial key is different
private static byte[] keyBytes = new byte[] {
(byte)0x00, (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06, (byte)0x07,
(byte)0x08, (byte)0x09, (byte)0x0a, (byte)0x0b, (byte)0x0c, (byte)0x0d, (byte)0x0e, (byte)0x0f};
static SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
static Cipher cipher;
static {
try {
cipher = Cipher.getInstance("AES/ECB/ISO10126PADDING", "SunJCE");
//cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING", "SunJCE");
} catch (NoSuchProviderException ex) {
ex.printStackTrace();
} catch (NoSuchAlgorithmException ex) {
ex.printStackTrace();
} catch (NoSuchPaddingException ex) {
ex.printStackTrace();
} catch (Exception ex) {
ex.printStackTrace();
}
}
/** Creates a new instance of Codec */
//public Codec() {
//}
public static String encrypt(String source) {
byte [] sourceBytes = source.getBytes();
byte[] cipherText = null;
try {
// encryption pass
cipher.init(Cipher.ENCRYPT_MODE, key);
cipherText = new byte[cipher.getOutputSize(sourceBytes.length)];
int ctLength = cipher.update(sourceBytes, 0, sourceBytes.length, cipherText, 0);
ctLength += cipher.doFinal(cipherText, ctLength);
} catch (InvalidKeyException ex) {
ex.printStackTrace();
return new String("");
} catch (ShortBufferException ex) {
ex.printStackTrace();
return new String("");
} catch (IllegalBlockSizeException ex) {
ex.printStackTrace();
return new String("");
} catch (BadPaddingException ex) {
ex.printStackTrace();
return new String("");
}
return new String(cipherText);
}
public static String decrypt(String source) {
byte [] sourceBytes = source.getBytes();
byte[] plainText = null;
try {
// decryption pass
cipher.init(Cipher.DECRYPT_MODE, key);
plainText = new byte[cipher.getOutputSize(sourceBytes.length)];
int ptLength = cipher.update(sourceBytes, 0, sourceBytes.length, plainText, 0);
ptLength += cipher.doFinal(plainText, ptLength);
} catch (InvalidKeyException ex) {
ex.printStackTrace();
return new String("");
} catch (ShortBufferException ex) {
ex.printStackTrace();
return new String("");
} catch (IllegalBlockSizeException ex) {
//ex.printStackTrace();
System.out.println("Illegal Block Size");
return new String("");
} catch (BadPaddingException ex) {
ex.printStackTrace();
return new String("");
}
return (new String(plainText)).trim();
}
}
ptsentera at 2007-7-12 8:49:20 >
# 3
You have two problems, 1 serious and one not so serious. The serious one is you use ofreturn new String(cipherText);
This is an example of the most common mistake made in this forum. You cannot just take random bytes like this (and encryption bytes look random) and convert them to a String. The result depends on the default character encoding and it usually not invertible. You should try to keep your encrypted data as bytes but if you must have a String representation then you should Base64 or Hex encode the bytes.
The is similar to the first but less serious problem is your use ofbyte [] sourceBytes = source.getBytes();
.
The result depends on the default character encoding which will depend on the machine, operating system and locale. Force it to be consistent across all by usingbyte [] sourceBytes = source.getBytes("utf-8");
.
As a secondary problem, get rid of the awful exception handling. Either just make the methods throw them OR wrap any exception in your own EncryptionException and thrwo that.
sabre150a at 2007-7-12 8:49:20 >
# 4
What means "Base64 or Hex encode the bytes"?I made changes like:return new String(cipherText, "utf-8");and source.getBytes("utf-8")and it stopped working even on Windows.Any more ideas?Thanx.ptsentera at 2007-7-12 8:49:21 >
# 5
> What means "Base64 or Hex encode the bytes"?
>
> I made changes like:
>
>return new String(cipherText, "utf-8");
NO NO NO NO NO. As I explained you cannot do this reliably. If you must have a String representation then use Base64 or Hex to encode the encrypted bytes in ASCII characters. Google for Base64 and Hex.
> d
>
>source.getBytes("utf-8")
That is correct.
> d it stopped working even on Windows.
Because of your first problem. Base64 or Hex will solve your problem.
sabre150a at 2007-7-12 8:49:21 >
Security New Topic
Security Hot Topic
Security
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding