Note: This article shows you how to generate a SecretKey to use with a TripleDES encryption cipher. The shared-secret key can be 24 byte or even 16 bytes long.
The most common problem related to encrypting something in Java and decrypting in .NET or vice-versa is a misunderstanding of the Keying options that are defined in the standards and those implemented by Java and .NET
A DES key is made up of 56 bits and 8 parity bits (8 bytes)
A 3DES key is made up of a bunch of 3, 8-byte DES keys i.e. a 24 bytes long
If you are going to use a 24 byte key for both Java and .NET, you're safe; then encryption will be compatible.
Java will force you to use only a 24 byte key when using TripleDES; the subtly is that .NET supports both a 16 byte as well as a 24 byte key.
Now If you generate a key from a MD5 hash of a shared secret, it will be just 16 bytes. .NET has no problem with this. It implements Keying Option 2. It will intelligently take the first 8 bytes and append it after the 16th byte - forming a 24 byte key. Java, *sigh* sadly doesn't do this. You'll have to spoon feed it like so:
public SecretKey getSecretKey(byte[] encryptionKey) {
SecretKey secretKey = null;
if (encryptionKey == null)
return null;
byte[] keyValue = new byte[24]; // final 3DES key
if (encryptionKey.length == 16) {
// Create the third key from the first 8 bytes
System.arraycopy(encryptionKey, 0, keyValue, 0, 16);
System.arraycopy(encryptionKey, 0, keyValue, 16, 8);
} else if (encryptionKey.length != 24) {
throw new IllegalArgumentException("A TripleDES key should be 24 bytes long");
} else {
keyValue = encryptionKey;
}
DESedeKeySpec keySpec;
try {
keySpec = new DESedeKeySpec(keyValue);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
secretKey = keyFactory.generateSecret(keySpec);
} catch (Exception e) {
throw new RuntimeException("Error in key Generation",e);
}
return secretKey;
}
0 comments:
Post a Comment