All geek questions in one place

How to use OpenSSL to decrypt AES data with Java encryption?

I am interacting with an outdated Java application (the application cannot be modified) that encrypts data using AES. Here's how the Java source code instantiates an AES cipher:

SecretKeySpec skeySpec = new SecretKeySpec(key, "AES"); cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec );

I am a C / C ++ developer, not Java, but from what I can say, this legacy Java code does not indicate the mode nor the initialization vector. Does anyone know what Java will use by default since it is not specified?

We need a new C / C ++ application to decrypt encrypted Java data. But I don’t understand what to use OpenSSL and the chain for the initialization vector, since I don’t know what java does.

+1
source share
3 answers

Possible answer:

"By default, Java Ciphers (at least in Sun implementations) are built in what is called electronic codebook mode (ECB)." (Source: http://www.javamex.com/tutorials/cryptography/block_modes.shtml )

So, if ECB is used by default, I assume that this means there is no initialization vector, and I can use the following method from OpenSSL:

 void AES_ecb_encrypt(*in, *out, *key, enc);

Using AES_decrypt() , I can decrypt 1000+ byte messages created on the Java side. So it looks like Java really uses ECB mode without an initialization vector. However, I still cannot encrypt and send a new message to the Java application. The investigation is ongoing.

Got it all. Thanks for the many tips. I can confirm that Java uses ECB by default. All padding bytes are set to the number of bytes added (which is known as PKCS5-padding). "Hello World" encrypted Java -> decrypted using OpenSSL will look like "Hello World\5\5\5\5\5" .

+3
source

Some cryptographic algorithms require additional initialization parameters; they can be passed to init () as a java.security.AlgorithmParameters object or as a java.security.spec.AlgorithmParameterSpec object. When encrypting, you can omit these parameters, and the Cipher implementation uses the default values ​​or generates the corresponding random parameters for you. In this case, you must call getParameters () after performing the encryption to get the AlgorithmParameters used for encryption. These parameters are necessary for decryption and therefore must be stored or transmitted along with encrypted data.

http://docstore.mik.ua/orelly/java-ent/jnut/ch26_01.htm

Can you modify the Java code to get these parameters?

+1
source

Use the bountry castle library in java. it supports the c / C ++ equivalent for the openssl library in java. worked for me

0
source

Source: https://habr.com/ru/post/885410/

More articles:


All Articles