Encrypt in Java, Decrypt in IBM DataPower

Hello,

I have an interesting problem. My lack of in-depth cryptor knowledge is hurting me here. I am tasked with encrypting some data in a java app and then decrypting that data inside IBM's DataPower SOA appliance. I'm so close I can taste it...I think! Here are the details.

1 - I've created an AES key, and saved a jvm version of it and a non-jvm version of if it (via .getEncoded() for use within DataPower).
2 - I encrypt some test data in the java app using the jvm version of the key. Below is the code I use to encrypt (its a mashup of several methods for pasting convenience):

FileInputStream fis = new FileInputStream(keyJVM); ObjectInputStream in = new ObjectInputStream(fis); Key key = (Key)in.readObject(); in.close(); byte[] ivAES = {(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22}; IvParameterSpec ivspec = new IvParameterSpec(ivAES); cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key, ivspec); byte[] bytes = cipher.doFinal(data.getBytes()); BASE64Encoder b64Encoder = new BASE64Encoder(); String encrypted = b64Encoder.encode(bytes);

3 - I upload the non jvm version of the key to DataPower (using the Crypto Shared Secret Key option)

4 - I take the resulting base 64 encoded encrypted value and pass it to DataPower via an XSL stylesheet. The DataPower Decrypt function within the style sheet is as follows:

... <xsl:variable name="algorithm">http://www.w3.org/2001/04/xmlenc#aes128-cbc</xsl:variable> <xsl:variable name="decryptOut"><xsl:value-of select="dp:decrypt-data($algorithm,'name:danadp',$valueToDecrypt)"/></xsl:variable> Decrypted Value: <xsl:copy-of select="$decryptOut"/> ...

Now, the decryption works great.....except the first 16 characters are lost. So if the encrypted data is "Hi from the datapower soa appliance", the result from DataPower is "apower soa appliance".

Conversely, if I encrypt data in DataPower and decrypt is in my java app, there are 16 EXTRA characters in front of the decrypted data. It seems like I'm just missing something obvious....anyone have any ideas? If you need more details, please let me know - I'm sure I left some crucial piece of information out while writing this!

Thanks!

You are close, you are just missing the IV. You have to arrange for its transmission yourself, typically by prepending the cipher with the IV. You need to find out the DataPower side takes an IV also.

Thanks for the information...now I just need to go research what you mean by "IV" and "arrange for its transmission"! I assume you mean the byte array I create in the java portion - that needs to be transmitted with the encrypted data?

Thanks again!

Got it working!

As an FYI, on the java side, after I encrypted the data (cipher.doFinal()) I prepended the resulting byte[] with the iv byte[], then base64 encoded it and sent it along its merry way.

Thanks!

Dana Spice wrote:Hello,

I have an interesting problem. My lack of in-depth cryptor knowledge is hurting me here. I am tasked with encrypting some data in a java app and then decrypting that data inside IBM's DataPower SOA appliance. I'm so close I can taste it...I think! Here are the details.

1 - I've created an AES key, and saved a jvm version of it and a non-jvm version of if it (via .getEncoded() for use within DataPower).
2 - I encrypt some test data in the java app using the jvm version of the key. Below is the code I use to encrypt (its a mashup of several methods for pasting convenience):

FileInputStream fis = new FileInputStream(keyJVM); ObjectInputStream in = new ObjectInputStream(fis); Key key = (Key)in.readObject(); in.close(); byte[] ivAES = {(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22}; IvParameterSpec ivspec = new IvParameterSpec(ivAES); cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key, ivspec); byte[] bytes = cipher.doFinal(data.getBytes()); BASE64Encoder b64Encoder = new BASE64Encoder(); String encrypted = b64Encoder.encode(bytes);

3 - I upload the non jvm version of the key to DataPower (using the Crypto Shared Secret Key option)

4 - I take the resulting base 64 encoded encrypted value and pass it to DataPower via an XSL stylesheet. The DataPower Decrypt function within the style sheet is as follows:

... <xsl:variable name="algorithm">http://www.w3.org/2001/04/xmlenc#aes128-cbc</xsl:variable> <xsl:variable name="decryptOut"><xsl:value-of select="dp:decrypt-data($algorithm,'name:danadp',$valueToDecrypt)"/></xsl:variable> Decrypted Value: <xsl:copy-of select="$decryptOut"/> ...

Now, the decryption works great.....except the first 16 characters are lost. So if the encrypted data is "Hi from the datapower soa appliance", the result from DataPower is "apower soa appliance".

Conversely, if I encrypt data in DataPower and decrypt is in my java app, there are 16 EXTRA characters in front of the decrypted data. It seems like I'm just missing something obvious....anyone have any ideas? If you need more details, please let me know - I'm sure I left some crucial piece of information out while writing this!

Thanks!

Hi, I need to do the reverse, encrypt in datapower and decrypt in Java

Encrypt in DP
<xsl:param name="dpconfig:algorithm" select="'http://www.w3.org/2001/04/xmlenc#aes128-cbc'" />
<xsl:variable name="cipherstring">
<xsl:value-of select="dp:encrypt-string($algorithm2,'name:ASE128bitkey,$plainText)"/>
</xsl:variable>

Decrypt in Java

get Key:
java.net.URL url =config.getServletContext().getResource("/secreyKey.der");
InputStreamReader inputreader = new InputStreamReader(url.openStream());
BufferedReader input =new BufferedReader(inputreader);
byte[] key=input.readLine().getBytes();

Init Cipher
byte[] ivAES = {(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22,(byte)0x22};
IvParameterSpec ivspec = new IvParameterSpec(ivAES);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
cipher.init(Cipher.DECRYPT_MODE,skeySpec,ivspec);

Set Encrypt Text
cipher.init(Cipher.DECRYPT_MODE,skeySpec,ivspec); //sun.misc
byte[] = decoder.decodeBuffer( request.getParameter("encryptedText");
cipher.update(decodedVal);
cipher.doFinal();

Getting following exception:

javax.crypto.BadPaddingException: Given final block not properly padded.
Let me know if we need to change anything in dp/java ends

patana patana wrote:
get Key:
java.net.URL url =config.getServletContext().getResource("/secreyKey.der");
InputStreamReader inputreader = new InputStreamReader(url.openStream());
BufferedReader input =new BufferedReader(inputreader);
byte[] key=input.readLine().getBytes();

Hello "patana patana"-

Welcome to JavaRanch.

On your way in you may have missed that we have a policy on screen names here at JavaRanch. It must consist of a first name and a last name, and not be obviously fictitious. Since yours does not conform with it, please take a moment to change it, which you can do using the "My Profile" link at the top of the page.

As to your question, you can't treat the key as text (which is what you're doing if you use a Reader or Writer with it). It's binary data, so you need to use the ...Stream classes for reading and writing it.

Hi ,

In Datapower I have to decrypt the data with the encrypted string provided. I am using xslt decrypt data function, but it is throwing me error Invalid key lenght 12 bytes for alogorith aes 256