Topic
  • 13 replies
  • Latest Post - ‏2013-01-28T16:31:35Z by SystemAdmin
SystemAdmin
SystemAdmin
6772 Posts

Pinned topic Encrypt in Java, Decrypt in DataPower

‏2009-02-10T19:49:40Z |
Hello,

I have an interesting problem. My lack of in-depth cryptor knowledge is hurting me here. I am tasked with encrypting some data in a java app and then decrypting that data inside DataPower. I'm so close I can taste it...I think! Here are the details.

1 - I've created an AES key, and saved a jvm version of it and a non-jvm version of if it (via .getEncoded() for use within DataPower).
2 - I encrypt some test data in the java app using the jvm version of the key. Below is the code I use to encrypt (its a mashup of several methods for copy/paste convenience):

-- FileInputStream fis = new FileInputStream(keyJVM);
-- ObjectInputStream in = new ObjectInputStream(fis);
-- Key key = (Key)in.readObject();
-- in.close();
--
-- byte[] ivAES = {(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22};
-- IvParameterSpec ivspec = new IvParameterSpec(ivAES);
-- cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-- cipher.init(Cipher.ENCRYPT_MODE, key, ivspec);
--
-- byte[] bytes = cipher.doFinal(data.getBytes());
-- BASE64Encoder b64Encoder = new BASE64Encoder();
-- String encrypted = b64Encoder.encode(bytes);

3 - I upload the non jvm version of the key to DataPower (using the Crypto Shared Secret Key option)

4 - I take the resulting base 64 encoded encrypted value and pass it to DataPower via an XSL stylesheet. The DataPower Decrypt function within the style sheet is as follows:

-- ...
-- <xsl:variable name="algorithm">http://www.w3.org/2001/04/xmlenc#aes128-cbc</xsl:variable>
--
-- <xsl:variable name="decryptOut"><xsl:value-of select="dp:decrypt-data($algorithm,'name:danadp',$valueToDecrypt)"/></xsl:variable>
-- Decrypted Value: <xsl:copy-of select="$decryptOut"/>
-- ...

Now, the decryption works almost-great.....except the first 16 characters are lost. So if the encrypted data is "Hi from the datapower soa appliance", the result from DataPower is "apower soa appliance".

Conversely, if I encrypt data in DataPower and decrypt the resulting value in my java app, there are 16 EXTRA characters in front of the decrypted data. It seems like I'm just missing something obvious....anyone have any ideas? If you need more details, please let me know - I'm sure I left some crucial piece of information out while writing this!

Thanks!
Updated on 2013-01-28T16:31:35Z at 2013-01-28T16:31:35Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2009-02-11T13:05:10Z  
    Got it working. I needed to include the IV in front of the encryption.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2009-03-14T14:36:04Z  
    Got it working. I needed to include the IV in front of the encryption.
    Hi
    I have the same problem. Cna you tell me what do you mean by including IV in front of the encryption? Do you mean concat IV bytes before encrypted bytes?

    Thanks--
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2009-03-15T00:59:35Z  
    Hi
    I have the same problem. Cna you tell me what do you mean by including IV in front of the encryption? Do you mean concat IV bytes before encrypted bytes?

    Thanks--
    Yes, place the IV vector in the front of the value to encrypt prior to encrypting.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2009-03-16T19:25:08Z  
    Yes, place the IV vector in the front of the value to encrypt prior to encrypting.
    Thank you. It worked great.

    Any "special" like this for signature verification in DataPower. I have a signature generated in java and trying to verify it in DataPower. I get "* Decode signature failed *"

    Any thought? Anyone?
  • zhangcr
    zhangcr
    50 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2009-03-19T00:48:00Z  
    Thank you. It worked great.

    Any "special" like this for signature verification in DataPower. I have a signature generated in java and trying to verify it in DataPower. I get "* Decode signature failed *"

    Any thought? Anyone?
    Please provide more information such as the DP verifying function, the signing algorithm in Java, and the verification algorithm in DP, etc.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2013-01-24T11:01:16Z  
    • zhangcr
    • ‏2009-03-19T00:48:00Z
    Please provide more information such as the DP verifying function, the signing algorithm in Java, and the verification algorithm in DP, etc.
    Hi, What is that JVM and non JVM version you are referring to generate the key.

    Thanks,
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2013-01-24T12:11:14Z  
    Hi, What is that JVM and non JVM version you are referring to generate the key.

    Thanks,
    Does it has any impact of using the OracleJDK instead of IBM JDK?

    Thanks,
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2013-01-24T14:09:34Z  
    Does it has any impact of using the OracleJDK instead of IBM JDK?

    Thanks,
    Here is my java program.
    private static void generateKey() throws Exception {

    String data = "Hello";
    byte[] ivAES = { (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22 };
    IvParameterSpec ivspec = new IvParameterSpec(ivAES);

    /*FileInputStream fis = new FileInputStream("./datossl128.dat");
    ObjectInputStream in = new ObjectInputStream(fis);
    Key key = (Key)in.readObject();
    in.close();*/
    BASE64Encoder b64Encoder = new BASE64Encoder();
    BASE64Decoder b64Decoder = new BASE64Decoder();
    //The key is generated out of open ssl using the below command.
    //openssl enc -aes-256-cbc -k secret -P -md sha1
    //salt=B01838B8CF7C2790
    //key=1523EC104AEF98860A86BD1AC962C3F6
    //iv =9EE6B3C2FC452195A6F47097CBC646C0
    byte[] secretKey = b64Decoder.decodeBuffer("1523EC104AEF98860A86BD1AC962C3F6");
    Key key = new SecretKeySpec(secretKey, "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key, ivspec);
    byte[] bytes = cipher.doFinal(data.getBytes());
    String encrypted = b64Encoder.encode(bytes);
    System.out.println("Encrypted:"+ encrypted);

    }
    The XSL SharedScretKey object is created using the same key loaded in .p12 format.
    <xsl:variable name="algorithm" select="'http://www.w3.org/2001/04/xmlenc#aes128-cbc'"/>
    <xsl:variable name="SSKey" select="concat('name:','SharedSecretKey')"/>
    <xsl:variable name="decryptedValue" select="dp:decrypt-data($algorithm,$SSKey,$encryptedInput)" />

    I am getting the error "NULL decryption result".

    Thanks,
  • HermannSW
    HermannSW
    4903 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2013-01-25T23:06:52Z  
    Here is my java program.
    private static void generateKey() throws Exception {

    String data = "Hello";
    byte[] ivAES = { (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22 };
    IvParameterSpec ivspec = new IvParameterSpec(ivAES);

    /*FileInputStream fis = new FileInputStream("./datossl128.dat");
    ObjectInputStream in = new ObjectInputStream(fis);
    Key key = (Key)in.readObject();
    in.close();*/
    BASE64Encoder b64Encoder = new BASE64Encoder();
    BASE64Decoder b64Decoder = new BASE64Decoder();
    //The key is generated out of open ssl using the below command.
    //openssl enc -aes-256-cbc -k secret -P -md sha1
    //salt=B01838B8CF7C2790
    //key=1523EC104AEF98860A86BD1AC962C3F6
    //iv =9EE6B3C2FC452195A6F47097CBC646C0
    byte[] secretKey = b64Decoder.decodeBuffer("1523EC104AEF98860A86BD1AC962C3F6");
    Key key = new SecretKeySpec(secretKey, "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key, ivspec);
    byte[] bytes = cipher.doFinal(data.getBytes());
    String encrypted = b64Encoder.encode(bytes);
    System.out.println("Encrypted:"+ encrypted);

    }
    The XSL SharedScretKey object is created using the same key loaded in .p12 format.
    <xsl:variable name="algorithm" select="'http://www.w3.org/2001/04/xmlenc#aes128-cbc'"/>
    <xsl:variable name="SSKey" select="concat('name:','SharedSecretKey')"/>
    <xsl:variable name="decryptedValue" select="dp:decrypt-data($algorithm,$SSKey,$encryptedInput)" />

    I am getting the error "NULL decryption result".

    Thanks,
    > b64Decoder.decodeBuffer("1523EC104AEF98860A86BD1AC962C3F6");
    >
    Why do you base64 decode a hex string?

    DataPower does not support .p12 format, please convert eg. to .pem (google for "convert .p12 .pem").

    You may also use 'hex:1523EC104AEF98860A86BD1AC962C3F6' instead of 'name:...' in DataPower.

     
    Hermann<myXsltBlog/> <myXsltTweets/>
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2013-01-28T14:33:45Z  
    • HermannSW
    • ‏2013-01-25T23:06:52Z
    > b64Decoder.decodeBuffer("1523EC104AEF98860A86BD1AC962C3F6");
    >
    Why do you base64 decode a hex string?

    DataPower does not support .p12 format, please convert eg. to .pem (google for "convert .p12 .pem").

    You may also use 'hex:1523EC104AEF98860A86BD1AC962C3F6' instead of 'name:...' in DataPower.

     
    Hermann<myXsltBlog/> <myXsltTweets/>
    Thanks for your response Hermann.

    I have tried with the hex:"key", it failed.
    1) I have generated the key out of the Java and uploaded to Datapower as .pem format to form the Shared Secret Key object.
    It worked only when encryption and decryption happens within datapower.
    It doesn't decrypt when I encrypt using the Java or through http://www.everpassword.com/aes-encryptor

    DataPower even accepts the .p12 format however the it requires to prefix with 0x in the key.
    http://www.ibm.com/developerworks/forums/thread.jspa?threadID=455001

    2) Encrypted text output in Java for "IVHello": mTd0MtXrPSkzXFgX0v1MQg==
    3) Encrypted text output in DP "IVHello": +C3OsPtbUUELJGYlBHdRycLrXqnxqaYawZVCxqazhIk=

    The lengths are consistent, I suspect the byte size. Any thoughts in this regard.

    Even I have tried generating the key using the keyman and used in DP, no use.
    =====================================================================================
    private static void generateJvmKey() throws Exception {

    String data = "IVHello";
    byte[] ivAES = { (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22 };
    IvParameterSpec ivspec = new IvParameterSpec(ivAES);
    KeyGenerator kgen = null;
    try {
    kgen = KeyGenerator.getInstance("AES");
    } catch (NoSuchAlgorithmException e) {

    e.printStackTrace();
    }
    kgen.init(128);

    SecretKey skey = kgen.generateKey();
    BASE64Encoder b64Encoder = new BASE64Encoder();
    FileOutputStream fos = new FileOutputStream("./javasecretkey.pem");
    fos.write(skey.getEncoded());
    fos.close();

    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skey, ivspec);
    byte[] bytes = cipher.doFinal(data.getBytes());
    String encrypted = b64Encoder.encode(bytes);
    System.out.println("This Encrypted String will be passed to DP to get it decrypt:"+ encrypted);

    FileOutputStream encfos = new FileOutputStream("./encrypted.dat");
    encfos.write(encrypted.getBytes());

    Cipher cipher1 = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher1.init(Cipher.DECRYPT_MODE, skey, ivspec);
    byte[] debytes = cipher1.doFinal(bytes);
    String originalString = new String(debytes);
    System.out.println("Decrypted:"+ originalString);

    }
    =========================================================================================
    Thanks
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2013-01-28T15:06:52Z  
    Thanks for your response Hermann.

    I have tried with the hex:"key", it failed.
    1) I have generated the key out of the Java and uploaded to Datapower as .pem format to form the Shared Secret Key object.
    It worked only when encryption and decryption happens within datapower.
    It doesn't decrypt when I encrypt using the Java or through http://www.everpassword.com/aes-encryptor

    DataPower even accepts the .p12 format however the it requires to prefix with 0x in the key.
    http://www.ibm.com/developerworks/forums/thread.jspa?threadID=455001

    2) Encrypted text output in Java for "IVHello": mTd0MtXrPSkzXFgX0v1MQg==
    3) Encrypted text output in DP "IVHello": +C3OsPtbUUELJGYlBHdRycLrXqnxqaYawZVCxqazhIk=

    The lengths are consistent, I suspect the byte size. Any thoughts in this regard.

    Even I have tried generating the key using the keyman and used in DP, no use.
    =====================================================================================
    private static void generateJvmKey() throws Exception {

    String data = "IVHello";
    byte[] ivAES = { (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
    (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22 };
    IvParameterSpec ivspec = new IvParameterSpec(ivAES);
    KeyGenerator kgen = null;
    try {
    kgen = KeyGenerator.getInstance("AES");
    } catch (NoSuchAlgorithmException e) {

    e.printStackTrace();
    }
    kgen.init(128);

    SecretKey skey = kgen.generateKey();
    BASE64Encoder b64Encoder = new BASE64Encoder();
    FileOutputStream fos = new FileOutputStream("./javasecretkey.pem");
    fos.write(skey.getEncoded());
    fos.close();

    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, skey, ivspec);
    byte[] bytes = cipher.doFinal(data.getBytes());
    String encrypted = b64Encoder.encode(bytes);
    System.out.println("This Encrypted String will be passed to DP to get it decrypt:"+ encrypted);

    FileOutputStream encfos = new FileOutputStream("./encrypted.dat");
    encfos.write(encrypted.getBytes());

    Cipher cipher1 = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher1.init(Cipher.DECRYPT_MODE, skey, ivspec);
    byte[] debytes = cipher1.doFinal(bytes);
    String originalString = new String(debytes);
    System.out.println("Decrypted:"+ originalString);

    }
    =========================================================================================
    Thanks
    I don't see where you prepend the IV to the encrypted string. That is what other posters in the this thread did to resolve thier decryption issue.
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2013-01-28T16:21:26Z  
    I don't see where you prepend the IV to the encrypted string. That is what other posters in the this thread did to resolve thier decryption issue.
    "Yes, place the IV vector in the front of the value to encrypt prior to encrypting."

    I have prefixed the IV with the data string. "IVHello", please let me know if I am wrong.

    Even I have tried appending with encrypted data. I am concerned on the byte size.

    Thanks
  • SystemAdmin
    SystemAdmin
    6772 Posts

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2013-01-28T16:31:35Z  
    "Yes, place the IV vector in the front of the value to encrypt prior to encrypting."

    I have prefixed the IV with the data string. "IVHello", please let me know if I am wrong.

    Even I have tried appending with encrypted data. I am concerned on the byte size.

    Thanks
    I have prefixed the vector IV against the encrypted data bytes, before sending it to the datapower for decryption still it persists.

    The Java generated key is used in the below URL to encrypt and decrypt it works but when encrypted string is used directly to decrypt, it doesn't work.

    http://www.everpassword.com/aes-encryptor

    Thanks,