using AES with JAVA and C++

[Norbert Thek]

Hello

This question was asked several days ago, but I'm not able to find the mails anymore and the mailist archive is also not working.
(http://www.mail-archive.com/crypto...@eskimo.com isn't working)

I tried to use the build in JAVA Cipher but the only way to get it working was by using
"Cipher.getInstance("AES/ECB/NoPadding")"

But this is not very clever  (I want to crypt a licensfile which have about 3 kb or little less)

Can somebody tell, which padding I can use to let java and C++ work together?

It would be optimal if someone can send some democode!


regards
Norbert

[Jeffrey Walton]

Hi Norbert,

The FAQ has a few examples of Block Cipher use with AES as a demonstration.

Jeff

http://www.eskimo.com/~weidai/cgi-bin/fom-serve/cache/79.html

[Haytham Mohammed]

Hi Norbert

 

Since ECB mode is working

then the problem is in setting the same IV initial value in both sides for CBC mode or any other mode that require IV .

 

don't forget to initialize your cipher in java before encryption and decryption with the "Initial value"

 

byte[] ivBytes = new byte[]{..,..,..};

 

IvParameterSpec ivSpec = new IvParameterSpec(ivBytes );

 

Cipher c = Cipher.getInstance("...","..."/*provider name, u may use Bouncy castle*/);

 

//in encrption function

cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);

 

//in decryption function

cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);

 

and The example Jeffery sent for Crypto++ code is very helpful

 

u may send your c and java code

 

 

Regards

Haytham Mohammed

---

Everyone is raving about the all-new Yahoo! Mail beta.

[Jeffrey Walton]

Hi Norbert,

> Crypto ++ Version 4.2, because I'm not able to get
> 5.1 (or 5.2) running on our VS 6.0 project
I would recommend getting this issue resolved first. Have you applied
the processor pack? Also, a static link may be easier if you do not
require FIPS certification. Dor the basic "how to Compile and use a
Static Library", see http://www.codeguru.com/article-preview.php/12799

> encrypt in Java -> decrypt in Java ok (with CBC or some other block
> SNIP...
> encrypt in C++ -> decrypt in Java fail (except ECB with nopadding)
Examples of your code (which compiles and fails) would be nice.

The mailing list has an example of Java/Crypto++ interoperability, but
I don't recall the details.

Jeff

On 11/14/06, Norbert Thek <nor...@thek.at> wrote:

> I know
>
> this isn't the problem
>
> encrypt in Java -> decrypt in Java ok (with CBC or some other block
> cipher)
> encrypt in C++ -> decrypt in C++ ok (with CBC or some other block
> cipher)
>
> encrypt in Java -> decrypt in C++ fail (except ECB with nopadding)
> encrypt in C++ -> decrypt in Java fail (except ECB with nopadding)
>
> The problem with ECB with nopadding is...
>
> that if encrypt for example a binary where most of the data is NULL
> the ecnrypted has lots of repeated data
> exampe
> Hex 00 00 00 00 00 00 00 00 00 ...00 00 00 00 00 00 00
> becomes to
> Hex 01 EA EA 2B 01 EA EA 2B ... 01 EA EA 2B 01 EA EA 2B
> (no real data, only a example)
>
> I forgot to mention I use Crypto ++ Version 4.2, because I'm not able to get
> 5.1 (or 5.2) running on our
> VS 6.0 project ( i get a lot of linker errors, but working with 4.2 is ok
> !?!?!??!)
>
> If somebody can give me some example
> How JAVA and Crypto CPP can work together (with AES, if possible)
> I would be very glad :-)
>
> regards
> Norbert
>
>
> 2006/11/14, Jeffrey Walton < nolo...@gmail.com>:

> > Hi Norbert,
> >
> > The FAQ has a few examples of Block Cipher use with AES as a
> demonstration.
> >
> > Jeff
> >
> >
> http://www.eskimo.com/~weidai/cgi-bin/fom-serve/cache/79.html
> >
> > On 11/14/06, Norbert Thek < nor...@thek.at> wrote:
> > > Hello
> > >
> > > This question was asked several days ago, but I'm not able to find the
> mails
> > > anymore and the mailist archive is also not working.

> > > ( http://www.mail-archive.com/crypto...@eskimo.com

> isn't
> > > working)
> > >
> > > I tried to use the build in JAVA Cipher but the only way to get it
> working
> > > was by using

> > > "Cipher.getInstance ("AES/ECB/NoPadding")"

[Norbert Thek]

I know

this isn't the problem

encrypt in Java  -> decrypt in Java    ok   (with CBC or some other block cipher)
encrypt in C++ -> decrypt in C++     ok   (with CBC or some other block cipher)

encrypt in Java -> decrypt in C++    fail   (except ECB with nopadding)
encrypt in C++ -> decrypt in Java    fail   (except ECB with nopadding)

The problem with ECB with nopadding is...

that if encrypt for example a binary where most of the data is NULL
the ecnrypted has lots of repeated data
exampe
Hex 00 00 00 00 00 00 00 00 00 ...00 00 00 00 00 00 00
becomes to
Hex 01 EA EA 2B 01 EA EA 2B ...  01 EA EA 2B 01 EA EA 2B
(no real data, only a example)

I forgot to mention I use Crypto ++ Version 4.2, because I'm not able to get 5.1 (or 5.2) running on our
VS 6.0 project  ( i get a lot of linker errors, but working with 4.2 is ok !?!?!??!)

If somebody can give me some example
How JAVA and Crypto CPP can work together  (with AES, if possible)
I would be very glad :-)

regards
Norbert

2006/11/14, Jeffrey Walton < nolo...@gmail.com>:

Hi Norbert,

The FAQ has a few examples of Block Cipher use with AES as a demonstration.

Jeff

http://www.eskimo.com/~weidai/cgi-bin/fom-serve/cache/79.html

On 11/14/06, Norbert Thek < nor...@thek.at> wrote:
> Hello
>
> This question was asked several days ago, but I'm not able to find the mails
> anymore and the mailist archive is also not working.

> ( http://www.mail-archive.com/crypto...@eskimo.com isn't

> working)
>
> I tried to use the build in JAVA Cipher but the only way to get it working
> was by using

> "Cipher.getInstance ("AES/ECB/NoPadding")"

[Mouse]

I believe the problem is with padding. One of these (don't remember which
one - Java or Crypto++) does not use the current revision, so they produce
encryption incompatible with each other.

Norbert, it would be interesting to see how AES-CFB fares - because it does
not need padding.

[Christophe Meessen]

Isn't padding always required with chained block cipher ?
Maybe it can work if you ensure your data is a multiple of the block size.
CTR doesn't have the size constrain so it should work without padding.
Don't know if it is supported by Java though.

[Mouse]

> Isn't padding always required with chained block cipher?

Padding it required for full-size chaining block ciphers. So CBC requires
it, but other modes (ECB, CFB, OFB, CTR) do not.

> Maybe it can work if you ensure your data is a multiple of
> the block size.

I'd be interested to know the result of this experiment.

> CTR doesn't have the size constrain so it should work without padding.
> Don't know if it is supported by Java though.

I'd start this trial with CFB.

[Christophe Meessen]

Mouse a écrit :

> I'd start this trial with CFB.
>

Is it possible to know the reason of such preference ?
Are there reason to think CTR is not as secure ?

[Mouse]

> > I'd start this trial with CFB.
>
> Is it possible to know the reason of such preference?

CFB mixes in the previous ciphertext - thus propagating the error a little,
and thus being "more able" to detect mucking with the ciphertext.

> Are there reason to think CTR is not as secure ?

No. But CTR is pure XOR of the keystream with the plaintext - thus
genreating MDC (Modification Detection Code) is a-must. With CFB you also
need MDC, but to some very limited extent CFB itself will reveal
modification.

Finally, that is my personal preference. :-)