On 10 May 2007 07:16:58 -0700, schw <(E-Mail Removed)> wrote:

>Hi

>

>I encountered a problem not sure how to solve it. please help if

>possible.

>

>in oracle9 I do a simple encryption (using DES) that gives me the

>following RAW:
Why DES? AES is faster and more secure.

>

>F26D94ECDACDBD111584C7A8A9018A5C

>

>when decrypted I get 36463643363133313332333333343335 which is

>correct.

>

>However in java when I try decrypting the

>'F26D94ECDACDBD111584C7A8A9018A5C' I get this:

>

> 3646364336313331c15fa7dfe9f98e24
This example is now insecure and must be changed in your production

system.

>

>First 8 bytes are exactly the same, the other 8 bytes differ, why ?
DES has a 8 byte blocksize. You are probably using different block

cypher modes at each end so the decryption fails. Given that the

first block decrypts correctly using ECB, it is possible that the

Oracle encryption is CBC with a zero initialisation vector (IV).

Decrypting that with ECB will give the effect you describe.

>

>In Java I use the following code:

>

>Cipher dcipher = null;

>

>dcipher = Cipher.getInstance("DES/ECB/NoPadding");
ECB mode is not secure, I would be surprised if the Oracle code is

using plain ECB. For a literal illustration of the insecurity of ECB

see

http://en.wikipedia.org/wiki/Block_c...s_of_operation
Try changing to CBC mode:

Cipher dcipher = Cipher.getInstance("DES/CBC/NoPadding");

^^^

CBC mode is more common and more secure than ECB. As I said above,

using ECB to decrypt CBC with a zero IV will give one block of

plaintext followed by gibberish. Using a zero IV is somewhat

insecure, but less insecure than ECB.

You can also try any other modes that your Java implementation allows.

If none of them work then try to find out what mode the Oracle

encryption is using.

Added: I have done a quick hand calculation for the first three bytes

of the second block, my conjecture is probably correct - it looks as

if Oracle is encrypting in CBC mode with a zero IV.

rossum

>

>SecretKey myKey = new SecretKeySpec(_key, "DES");

>

>dcipher.init(_cryptMode, myKey);

>

>return dcipher.doFinal(_buffer);

>

>Obviously keys in both encryption and decryption are the same.

>

>Thanks for any hints.