12 Replies - 5409 Views - Last Post: 27 February 2014 - 09:25 AM Rate Topic: -----

#1 _ELement_8215  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 34
  • Joined: 14-December 11

Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 25 February 2014 - 03:29 PM

I've been scouring the internet and spent the last two weeks trying to implement a functionally equivalent Triple Des with MD5 hash method of the following .NET code in Java, and would appreciate any assistance:
    Public Shared Function TripleDESEncryptJava(ByVal inputString As String) As String
        Try
            Dim CryptoDescription As New TripleDESCryptoServiceProvider()
            Dim HashMD5 As New MD5CryptoServiceProvider()
            Dim byteHash As Byte(), byteBuff As Byte()
            Dim strTempKey As String = SecureKey

            byteHash = HashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(strTempKey))
            HashMD5 = Nothing
            CryptoDescription.Key = byteHash
            CryptoDescription.Mode = CipherMode.CBC
            byteBuff = ASCIIEncoding.ASCII.GetBytes(inputString)

            Return Convert.ToBase64String(CryptoDescription.CreateEncryptor().TransformFinalBlock(byteBuff, 0, byteBuff.Length))
        Catch ex As Exception
            Return "Bad Input. " & ex.Message
        End Try

    End Function



Here is the (currently non-functionally equivalent) Java code:
        public String encryptString(String inputString) throws Exception {

            String encryptedString = null;

            try {
                final MessageDigest HashMD5 = MessageDigest.getInstance("md5");
                final byte[] byteHash = HashMD5.digest(strTempKey.getBytes("US-ASCII"));
                final SecretKey Key = new SecretKeySpec(byteHash, "DESede");
                final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
                final Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
                cipher.init(Cipher.ENCRYPT_MODE, Key, iv);
                byte[] byteBuff = cipher.doFinal(inputString.getBytes("US-ASCII"));
                encryptedString = new String(Base64.encodeBase64(byteBuff));
            }
            catch (Exception e) {
                e.printStackTrace();
            }

            return encryptedString;
        }



One of the biggest hurdles is that almost all methods in .NET and Java encryption libraries use byte arrays as one or more of their parameters, which would work out a lot better if Java and .NET byte arrays could actually hold the same range of values, but they don't. Thus the debugging becomes nearly impossible in short order. Again, any assistance in this matter would be most helpful. Thank you!

Is This A Good Question/Topic? 0
  • +

Replies To: Equivalent Encryption in Java and .NET, despite byte array limitations

#2 macosxnerd101  Icon User is online

  • Games, Graphs, and Auctions
  • member icon




Reputation: 12276
  • View blog
  • Posts: 45,364
  • Joined: 27-December 08

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 25 February 2014 - 03:38 PM

Moved to Java out of Advanced Discussion. Please avoid using the Advanced Discussion forum for help questions.

What specific problems or errors are you encountering? Just to note as well- MD5 is very much an antiquated hash function. You should consider something more modern like SHA-256 or SHA-512.
Was This Post Helpful? 0
  • +
  • -

#3 g00se  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3534
  • View blog
  • Posts: 16,017
  • Joined: 20-September 08

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 26 February 2014 - 09:12 AM

Quote

which would work out a lot better if Java and .NET byte arrays could actually hold the same range of values, but they don't.
What makes you think that? The only real difference is that .NET has an unsigned byte type, but that's not relevant here
Was This Post Helpful? 0
  • +
  • -

#4 _ELement_8215  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 34
  • Joined: 14-December 11

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 26 February 2014 - 03:13 PM

Thank you for your reply macosxnerd101, unfortunately in this case I don't have a choice in what type of hashing is used. I have, however, modified the .NET code and have at least gotten my hashes in both languages to match perfectly. The updated .NET code is as follows:
    Public Shared Function TripleDESEncryptSameAsJava(ByVal inputString As String) As String

        Try
            Dim CryptoDescription As New TripleDESCryptoServiceProvider()
            Dim HashMD5 As New MD5CryptoServiceProvider()
            Dim byteBuff As Byte()
            Dim strTempKey As String = SecureKey

            Dim hashResult As Byte() = HashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(strTempKey))
            Dim sByteHash As SByte() = New SByte(hashResult.Length - 1) {}

            For i As Integer = 0 To hashResult.Length - 1 Step 1
                Try
                    sByteHash(i) = IIf(hashResult(i) < 128, hashResult(i), hashResult(i) - 256)
                Catch ex As OverflowException
                    Return "Overflow Exception in Byte() to sByte() conversion: " & ex.Message
                End Try
            Next

            HashMD5 = Nothing

            'the following line must be functionally equivalent to the values held in 'sByteHash' sByte array
            CryptoDescription.Key = sByteHash

            CryptoDescription.Mode = CipherMode.CBC
            CryptoDescription.Padding = PaddingMode.PKCS7
            byteBuff = ASCIIEncoding.ASCII.GetBytes(inputString)

            Return Convert.ToBase64String(CryptoDescription.CreateEncryptor().TransformFinalBlock(byteBuff, 0, byteBuff.Length))
        Catch ex As Exception
            Return "Bad Input. " & ex.Message
        End Try

    End Function


Obviously, in this code line 23 doesn't compile, and therein lies my current problem. I *can* convert back to a Byte(), which is what the TripleDESCryptoServiceProvider.Key needs to receive...but then I'll be assigning that Key the 'wrong' values and the encrypted string will never match what I'm getting in the Java version. Keep in mind I have the ability to modify both the VB.NET and the Java code, I just must use MD5 hashing and Triple Des Encryption.

g00se: I just saw your message, and yes, I agree.
Was This Post Helpful? 0
  • +
  • -

#5 macosxnerd101  Icon User is online

  • Games, Graphs, and Auctions
  • member icon




Reputation: 12276
  • View blog
  • Posts: 45,364
  • Joined: 27-December 08

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 26 February 2014 - 03:52 PM

So you're happy with your Java code then? I personally haven't worked with the Java Crypto library much, but I did find a ton of examples online of using it to hash data using the MD5 algorithm. That's probably a better starting point than converting code from VB.NET.
Was This Post Helpful? 0
  • +
  • -

#6 g00se  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3534
  • View blog
  • Posts: 16,017
  • Joined: 20-September 08

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 26 February 2014 - 04:28 PM

Sorry - my VB is almost non-existent but i don't get it .. you get the hash a a byte array and then convert into a string. Why, since, as you say, TripleDESCryptoServiceProvider.Key is of type System.Byte[]?

This post has been edited by g00se: 26 February 2014 - 04:29 PM

Was This Post Helpful? 0
  • +
  • -

#7 _ELement_8215  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 34
  • Joined: 14-December 11

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 27 February 2014 - 07:27 AM

macosxnerd101, I'm not trying to convert code from one language to another, I'm trying to *match* the functionality in both languages. Maybe some background would help here: I have to use Java to call a .NET web service, therefore I have to send over an encrypted string that the web service "understands" and can decrypt; and then when I receive an encrypted response from the web service, I have to be able to decrypt that string sent over on the Java side as well.

g00se, the only conversion to a string in either piece of code (Java or VB.NET) is when I'm base64-encoding the final encrypted string that will be passed on to the web service. And it's not that TripleDESCryptoServiceProvider.Key is "of type byte", it's that the property 'Key' that is set in the TripleDESCryptoServiceProvider class *is* a byte array. Therefore to set that property, one can only assign a byte array to TripleDESCryptoServiceProvider.Key, *not* an sByte array. So it would seem that I *must* find another way to work with the class TripleDESCryptoServiceProvider, or that the Java code must be modified instead (somewhere beyond line 7).
Was This Post Helpful? 0
  • +
  • -

#8 macosxnerd101  Icon User is online

  • Games, Graphs, and Auctions
  • member icon




Reputation: 12276
  • View blog
  • Posts: 45,364
  • Joined: 27-December 08

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 27 February 2014 - 07:42 AM

That makes more sense. In this case, g00se is right. Type differences don't matter. Data gets passed as 1's and 0's. I would encrypt something on your client side, and send it over to the .NET web service. Can you get it to decrypt correctly? Conversely, if you send ciphertext to the Java client, can it decrypt correctly? That's the test I'd go for.
Was This Post Helpful? 0
  • +
  • -

#9 _ELement_8215  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 34
  • Joined: 14-December 11

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 27 February 2014 - 08:05 AM

macosxnerd101, the VB.NET code posted *is what is used in the web service* and the decryption is a mirror of this, I can post that as well, but I don't really see the point since it's much of the same (with the same issues). If the encrypted strings are not the same, the decryption cannot happen. Hence this *is* the correct initial test.
Was This Post Helpful? 0
  • +
  • -

#10 _ELement_8215  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 34
  • Joined: 14-December 11

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 27 February 2014 - 08:15 AM

macosxnerd101, since it seems most of the code changes are on the VB.NET side, and you guys aren't really able to help me with that, please close this post and reopen my post on the VB.NET forum. Since most people do not check multiple forums, the people I need the actual help from will never see this post, and if I must only have 1 post about a topic open at a time, I'd prefer it to be in the other forum. Thank you.
Was This Post Helpful? 0
  • +
  • -

#11 macosxnerd101  Icon User is online

  • Games, Graphs, and Auctions
  • member icon




Reputation: 12276
  • View blog
  • Posts: 45,364
  • Joined: 27-December 08

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 27 February 2014 - 08:18 AM

I'll move this thread on over then.
Was This Post Helpful? 0
  • +
  • -

#12 g00se  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3534
  • View blog
  • Posts: 16,017
  • Joined: 20-September 08

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 27 February 2014 - 09:08 AM

Quote

And it's not that TripleDESCryptoServiceProvider.Key is "of type byte",
Actually if you look, i said it was of type System.Byte[]
On the other point - my apologies - i was reading 'sByteHash' as some kind of string

But the following seems to support my previous point:

http://msdn.microsof...=vs.110%29.aspx

Quote

Property Value
Type: System.Byte[]

http://msdn.microsof...#code-snippet-1

Quote

Type: System.String

The string containing the characters to encode.

Return Value
Type: System.Byte[]

This post has been edited by g00se: 27 February 2014 - 09:20 AM

Was This Post Helpful? 0
  • +
  • -

#13 _ELement_8215  Icon User is offline

  • New D.I.C Head

Reputation: 2
  • View blog
  • Posts: 34
  • Joined: 14-December 11

Re: Equivalent Encryption in Java and .NET, despite byte array limitations

Posted 27 February 2014 - 09:25 AM

g00se, ah I see where you might have gotten confused. :smile2:
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1