Topic
13 replies Latest Post - ‏2013-01-28T16:31:35Z by SystemAdmin
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic Encrypt in Java, Decrypt in DataPower

‏2009-02-10T19:49:40Z |
Hello,

I have an interesting problem. My lack of in-depth cryptor knowledge is hurting me here. I am tasked with encrypting some data in a java app and then decrypting that data inside DataPower. I'm so close I can taste it...I think! Here are the details.

1 - I've created an AES key, and saved a jvm version of it and a non-jvm version of if it (via .getEncoded() for use within DataPower).
2 - I encrypt some test data in the java app using the jvm version of the key. Below is the code I use to encrypt (its a mashup of several methods for copy/paste convenience):

-- FileInputStream fis = new FileInputStream(keyJVM);
-- ObjectInputStream in = new ObjectInputStream(fis);
-- Key key = (Key)in.readObject();
-- in.close();
--
-- byte[] ivAES = {(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22};
-- IvParameterSpec ivspec = new IvParameterSpec(ivAES);
-- cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
-- cipher.init(Cipher.ENCRYPT_MODE, key, ivspec);
--
-- byte[] bytes = cipher.doFinal(data.getBytes());
-- BASE64Encoder b64Encoder = new BASE64Encoder();
-- String encrypted = b64Encoder.encode(bytes);

3 - I upload the non jvm version of the key to DataPower (using the Crypto Shared Secret Key option)

4 - I take the resulting base 64 encoded encrypted value and pass it to DataPower via an XSL stylesheet. The DataPower Decrypt function within the style sheet is as follows:

-- ...
-- <xsl:variable name="algorithm">http://www.w3.org/2001/04/xmlenc#aes128-cbc</xsl:variable>
--
-- <xsl:variable name="decryptOut"><xsl:value-of select="dp:decrypt-data($algorithm,'name:danadp',$valueToDecrypt)"/></xsl:variable>
-- Decrypted Value: <xsl:copy-of select="$decryptOut"/>
-- ...

Now, the decryption works almost-great.....except the first 16 characters are lost. So if the encrypted data is "Hi from the datapower soa appliance", the result from DataPower is "apower soa appliance".

Conversely, if I encrypt data in DataPower and decrypt the resulting value in my java app, there are 16 EXTRA characters in front of the decrypted data. It seems like I'm just missing something obvious....anyone have any ideas? If you need more details, please let me know - I'm sure I left some crucial piece of information out while writing this!

Thanks!
Updated on 2013-01-28T16:31:35Z at 2013-01-28T16:31:35Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: Encrypt in Java, Decrypt in DataPower

    ‏2009-02-11T13:05:10Z  in response to SystemAdmin
    Got it working. I needed to include the IV in front of the encryption.
    • SystemAdmin
      SystemAdmin
      6772 Posts
      ACCEPTED ANSWER

      Re: Encrypt in Java, Decrypt in DataPower

      ‏2009-03-14T14:36:04Z  in response to SystemAdmin
      Hi
      I have the same problem. Cna you tell me what do you mean by including IV in front of the encryption? Do you mean concat IV bytes before encrypted bytes?

      Thanks--
      • SystemAdmin
        SystemAdmin
        6772 Posts
        ACCEPTED ANSWER

        Re: Encrypt in Java, Decrypt in DataPower

        ‏2009-03-15T00:59:35Z  in response to SystemAdmin
        Yes, place the IV vector in the front of the value to encrypt prior to encrypting.
        • SystemAdmin
          SystemAdmin
          6772 Posts
          ACCEPTED ANSWER

          Re: Encrypt in Java, Decrypt in DataPower

          ‏2009-03-16T19:25:08Z  in response to SystemAdmin
          Thank you. It worked great.

          Any "special" like this for signature verification in DataPower. I have a signature generated in java and trying to verify it in DataPower. I get "* Decode signature failed *"

          Any thought? Anyone?
          • zhangcr
            zhangcr
            50 Posts
            ACCEPTED ANSWER

            Re: Encrypt in Java, Decrypt in DataPower

            ‏2009-03-19T00:48:00Z  in response to SystemAdmin
            Please provide more information such as the DP verifying function, the signing algorithm in Java, and the verification algorithm in DP, etc.
            • SystemAdmin
              SystemAdmin
              6772 Posts
              ACCEPTED ANSWER

              Re: Encrypt in Java, Decrypt in DataPower

              ‏2013-01-24T11:01:16Z  in response to zhangcr
              Hi, What is that JVM and non JVM version you are referring to generate the key.

              Thanks,
              • SystemAdmin
                SystemAdmin
                6772 Posts
                ACCEPTED ANSWER

                Re: Encrypt in Java, Decrypt in DataPower

                ‏2013-01-24T12:11:14Z  in response to SystemAdmin
                Does it has any impact of using the OracleJDK instead of IBM JDK?

                Thanks,
                • SystemAdmin
                  SystemAdmin
                  6772 Posts
                  ACCEPTED ANSWER

                  Re: Encrypt in Java, Decrypt in DataPower

                  ‏2013-01-24T14:09:34Z  in response to SystemAdmin
                  Here is my java program.
                  private static void generateKey() throws Exception {

                  String data = "Hello";
                  byte[] ivAES = { (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
                  (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
                  (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
                  (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22 };
                  IvParameterSpec ivspec = new IvParameterSpec(ivAES);

                  /*FileInputStream fis = new FileInputStream("./datossl128.dat");
                  ObjectInputStream in = new ObjectInputStream(fis);
                  Key key = (Key)in.readObject();
                  in.close();*/
                  BASE64Encoder b64Encoder = new BASE64Encoder();
                  BASE64Decoder b64Decoder = new BASE64Decoder();
                  //The key is generated out of open ssl using the below command.
                  //openssl enc -aes-256-cbc -k secret -P -md sha1
                  //salt=B01838B8CF7C2790
                  //key=1523EC104AEF98860A86BD1AC962C3F6
                  //iv =9EE6B3C2FC452195A6F47097CBC646C0
                  byte[] secretKey = b64Decoder.decodeBuffer("1523EC104AEF98860A86BD1AC962C3F6");
                  Key key = new SecretKeySpec(secretKey, "AES");
                  Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                  cipher.init(Cipher.ENCRYPT_MODE, key, ivspec);
                  byte[] bytes = cipher.doFinal(data.getBytes());
                  String encrypted = b64Encoder.encode(bytes);
                  System.out.println("Encrypted:"+ encrypted);

                  }
                  The XSL SharedScretKey object is created using the same key loaded in .p12 format.
                  <xsl:variable name="algorithm" select="'http://www.w3.org/2001/04/xmlenc#aes128-cbc'"/>
                  <xsl:variable name="SSKey" select="concat('name:','SharedSecretKey')"/>
                  <xsl:variable name="decryptedValue" select="dp:decrypt-data($algorithm,$SSKey,$encryptedInput)" />

                  I am getting the error "NULL decryption result".

                  Thanks,
                  • HermannSW
                    HermannSW
                    4238 Posts
                    ACCEPTED ANSWER

                    Re: Encrypt in Java, Decrypt in DataPower

                    ‏2013-01-25T23:06:52Z  in response to SystemAdmin
                    > b64Decoder.decodeBuffer("1523EC104AEF98860A86BD1AC962C3F6");
                    >
                    Why do you base64 decode a hex string?

                    DataPower does not support .p12 format, please convert eg. to .pem (google for "convert .p12 .pem").

                    You may also use 'hex:1523EC104AEF98860A86BD1AC962C3F6' instead of 'name:...' in DataPower.

                     
                    Hermann<myXsltBlog/> <myXsltTweets/>
                    • SystemAdmin
                      SystemAdmin
                      6772 Posts
                      ACCEPTED ANSWER

                      Re: Encrypt in Java, Decrypt in DataPower

                      ‏2013-01-28T14:33:45Z  in response to HermannSW
                      Thanks for your response Hermann.

                      I have tried with the hex:"key", it failed.
                      1) I have generated the key out of the Java and uploaded to Datapower as .pem format to form the Shared Secret Key object.
                      It worked only when encryption and decryption happens within datapower.
                      It doesn't decrypt when I encrypt using the Java or through http://www.everpassword.com/aes-encryptor

                      DataPower even accepts the .p12 format however the it requires to prefix with 0x in the key.
                      http://www.ibm.com/developerworks/forums/thread.jspa?threadID=455001

                      2) Encrypted text output in Java for "IVHello": mTd0MtXrPSkzXFgX0v1MQg==
                      3) Encrypted text output in DP "IVHello": +C3OsPtbUUELJGYlBHdRycLrXqnxqaYawZVCxqazhIk=

                      The lengths are consistent, I suspect the byte size. Any thoughts in this regard.

                      Even I have tried generating the key using the keyman and used in DP, no use.
                      =====================================================================================
                      private static void generateJvmKey() throws Exception {

                      String data = "IVHello";
                      byte[] ivAES = { (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
                      (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
                      (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22,
                      (byte) 0x22, (byte) 0x22, (byte) 0x22, (byte) 0x22 };
                      IvParameterSpec ivspec = new IvParameterSpec(ivAES);
                      KeyGenerator kgen = null;
                      try {
                      kgen = KeyGenerator.getInstance("AES");
                      } catch (NoSuchAlgorithmException e) {

                      e.printStackTrace();
                      }
                      kgen.init(128);

                      SecretKey skey = kgen.generateKey();
                      BASE64Encoder b64Encoder = new BASE64Encoder();
                      FileOutputStream fos = new FileOutputStream("./javasecretkey.pem");
                      fos.write(skey.getEncoded());
                      fos.close();

                      Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                      cipher.init(Cipher.ENCRYPT_MODE, skey, ivspec);
                      byte[] bytes = cipher.doFinal(data.getBytes());
                      String encrypted = b64Encoder.encode(bytes);
                      System.out.println("This Encrypted String will be passed to DP to get it decrypt:"+ encrypted);

                      FileOutputStream encfos = new FileOutputStream("./encrypted.dat");
                      encfos.write(encrypted.getBytes());

                      Cipher cipher1 = Cipher.getInstance("AES/CBC/PKCS5Padding");
                      cipher1.init(Cipher.DECRYPT_MODE, skey, ivspec);
                      byte[] debytes = cipher1.doFinal(bytes);
                      String originalString = new String(debytes);
                      System.out.println("Decrypted:"+ originalString);

                      }
                      =========================================================================================
                      Thanks
                      • SystemAdmin
                        SystemAdmin
                        6772 Posts
                        ACCEPTED ANSWER

                        Re: Encrypt in Java, Decrypt in DataPower

                        ‏2013-01-28T15:06:52Z  in response to SystemAdmin
                        I don't see where you prepend the IV to the encrypted string. That is what other posters in the this thread did to resolve thier decryption issue.
                        • SystemAdmin
                          SystemAdmin
                          6772 Posts
                          ACCEPTED ANSWER

                          Re: Encrypt in Java, Decrypt in DataPower

                          ‏2013-01-28T16:21:26Z  in response to SystemAdmin
                          "Yes, place the IV vector in the front of the value to encrypt prior to encrypting."

                          I have prefixed the IV with the data string. "IVHello", please let me know if I am wrong.

                          Even I have tried appending with encrypted data. I am concerned on the byte size.

                          Thanks
                          • SystemAdmin
                            SystemAdmin
                            6772 Posts
                            ACCEPTED ANSWER

                            Re: Encrypt in Java, Decrypt in DataPower

                            ‏2013-01-28T16:31:35Z  in response to SystemAdmin
                            I have prefixed the vector IV against the encrypted data bytes, before sending it to the datapower for decryption still it persists.

                            The Java generated key is used in the below URL to encrypt and decrypt it works but when encrypted string is used directly to decrypt, it doesn't work.

                            http://www.everpassword.com/aes-encryptor

                            Thanks,