Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > encryption in Oracle, decryption in Java

Reply
Thread Tools

encryption in Oracle, decryption in Java

 
 
schw
Guest
Posts: n/a
 
      05-10-2007
Hi

I encountered a problem not sure how to solve it. please help if
possible.

in oracle9 I do a simple encryption (using DES) that gives me the
following RAW:

F26D94ECDACDBD111584C7A8A9018A5C

when decrypted I get 36463643363133313332333333343335 which is
correct.

However in java when I try decrypting the
'F26D94ECDACDBD111584C7A8A9018A5C' I get this:

3646364336313331c15fa7dfe9f98e24

First 8 bytes are exactly the same, the other 8 bytes differ, why ?

In Java I use the following code:

Cipher dcipher = null;

dcipher = Cipher.getInstance("DES/ECB/NoPadding");

SecretKey myKey = new SecretKeySpec(_key, "DES");

dcipher.init(_cryptMode, myKey);

return dcipher.doFinal(_buffer);

Obviously keys in both encryption and decryption are the same.

Thanks for any hints.

 
Reply With Quote
 
 
 
 
rossum
Guest
Posts: n/a
 
      05-10-2007
On 10 May 2007 07:16:58 -0700, schw <(E-Mail Removed)> wrote:

>Hi
>
>I encountered a problem not sure how to solve it. please help if
>possible.
>
>in oracle9 I do a simple encryption (using DES) that gives me the
>following RAW:

Why DES? AES is faster and more secure.

>
>F26D94ECDACDBD111584C7A8A9018A5C
>
>when decrypted I get 36463643363133313332333333343335 which is
>correct.
>
>However in java when I try decrypting the
>'F26D94ECDACDBD111584C7A8A9018A5C' I get this:
>
> 3646364336313331c15fa7dfe9f98e24

This example is now insecure and must be changed in your production
system.

>
>First 8 bytes are exactly the same, the other 8 bytes differ, why ?

DES has a 8 byte blocksize. You are probably using different block
cypher modes at each end so the decryption fails. Given that the
first block decrypts correctly using ECB, it is possible that the
Oracle encryption is CBC with a zero initialisation vector (IV).
Decrypting that with ECB will give the effect you describe.

>
>In Java I use the following code:
>
>Cipher dcipher = null;
>
>dcipher = Cipher.getInstance("DES/ECB/NoPadding");

ECB mode is not secure, I would be surprised if the Oracle code is
using plain ECB. For a literal illustration of the insecurity of ECB
see http://en.wikipedia.org/wiki/Block_c...s_of_operation

Try changing to CBC mode:
Cipher dcipher = Cipher.getInstance("DES/CBC/NoPadding");
^^^

CBC mode is more common and more secure than ECB. As I said above,
using ECB to decrypt CBC with a zero IV will give one block of
plaintext followed by gibberish. Using a zero IV is somewhat
insecure, but less insecure than ECB.

You can also try any other modes that your Java implementation allows.
If none of them work then try to find out what mode the Oracle
encryption is using.

Added: I have done a quick hand calculation for the first three bytes
of the second block, my conjecture is probably correct - it looks as
if Oracle is encrypting in CBC mode with a zero IV.

rossum

>
>SecretKey myKey = new SecretKeySpec(_key, "DES");
>
>dcipher.init(_cryptMode, myKey);
>
>return dcipher.doFinal(_buffer);
>
>Obviously keys in both encryption and decryption are the same.
>
>Thanks for any hints.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Java string encryption/decryption dj_uncas Java 12 11-24-2008 01:55 AM
Encryption/Decryption on both Java and Delphi Aidan Diffey Java 11 10-24-2005 08:12 AM
NCrypto Encryption & Decryption sushant.bhatia@gmail.com ASP .Net 2 05-03-2005 01:14 AM
how to encryption/decryption works with java 1.2 dishan@gmail.com Java 6 01-12-2005 09:14 AM
database connection string encryption and decryption Srinivasa Reddy K Ganji ASP .Net 1 07-18-2003 11:30 AM



Advertisments