3DES output size

I want to encrypt data HEX 16 characters + HEX 16 characters KEY with 3DES algorithm and expect encrypted out put HEX 16 characters, has any one suggest me?

My code gen more 16 characters.


//------------------------------------------------------------

import java.math.BigInteger; import java.security.MessageDigest; import java.util.Arrays; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base64; public class TripleDESTest { String KEY = "46DF1AF55783D507"; public static void main(String[] args) throws Exception { String text = "015674FFAAAEBAFC"; System.out.println("Plaing text String byte "+text.length()); byte[] codedtext = new TripleDESTest().encrypt(text); String decodedtext = new TripleDESTest().decrypt(codedtext); StringBuilder sb = new StringBuilder(); for (byte b : codedtext) { sb.append(String.format("%02X", b)); } } public byte[] encrypt(String message) throws Exception { final MessageDigest md = MessageDigest.getInstance("MD5"); final byte[] digestOfPassword = md.digest(KEY.getBytes("utf-8")); final byte[] keyBytes = Arrays.copyOf(digestOfPassword, 24); for (int j = 0, k = 16; j < 8;) { keyBytes[k++] = keyBytes[j++]; } final SecretKey key = new SecretKeySpec(keyBytes, "DESede"); final IvParameterSpec iv = new IvParameterSpec(new byte[8]); final Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); final byte[] plainTextBytes = message.getBytes("utf-8"); final byte[] cipherText = cipher.doFinal(plainTextBytes); System.out.println("Cipher encrype hex = "+convertToHex(cipherText)); return cipherText; } public String decrypt(byte[] message) throws Exception { final MessageDigest md = MessageDigest.getInstance("MD5"); final byte[] digestOfPassword = md.digest(KEY.getBytes("utf-8")); final byte[] keyBytes = Arrays.copyOf(digestOfPassword, 24); for (int j = 0, k = 16; j < 8;) { keyBytes[k++] = keyBytes[j++]; } final SecretKey key = new SecretKeySpec(keyBytes, "DESede"); final IvParameterSpec iv = new IvParameterSpec(new byte[8]); final Cipher decipher = Cipher.getInstance("DESede/CFB8/NoPadding"); decipher.init(Cipher.DECRYPT_MODE, key, iv); final byte[] plainText = decipher.doFinal(message); return new String(plainText, "UTF-8"); } public static String convertToHex(byte[] data) { StringBuffer buf = new StringBuffer(); for (int i = 0; i < data.length; i++) { int halfbyte = (data[i] >>> 4) & 0x0F; int two_halfs = 0; do { if ((0 <= halfbyte) && (halfbyte <= 9)) buf.append((char) ('0' + halfbyte)); else buf.append((char) ('a' + (halfbyte - 10))); halfbyte = data[i] & 0x0F; } while(two_halfs++ < 1); } return buf.toString(); } public static String toHex(byte[] bytes) { BigInteger bi = new BigInteger(1, bytes); return String.format("%0" + (bytes.length << 1) + "X", bi); } public static String toHexString(byte[] bytes) { char[] hexArray = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; char[] hexChars = new char[bytes.length * 2]; int v; for ( int j = 0; j < bytes.length; j++ ) { v = bytes[j] & 0xFF; hexChars[j*2] = hexArray[v/16]; hexChars[j*2 + 1] = hexArray[v%16]; } return new String(hexChars); } }
//------------------------------------------------------------

You seem to apply convertToHex.

Welcome to the Ranch
I am afraid that question is too difficult for us “beginners”, so I shall move it. You should always use the code button; I have applied it to your code and you can see how much better it looks.

How to fix length of out put character?

For 3DES using PKCS5Padding the encrypted length for N hex characters is calculated along the lines of

1) Converting the cleartext characters to bytes. Since you decode the Hex cleartext characters using utf-8 and don't Hex decode them your N hex characters will convert to N bytes and not N/2. For your example this will be 16 bytes.

2) The PKCS5Padding will add between 1 and 8 padding bytes so the cleartext length after padding will be ((N+8)/8)*8 bytes (integer division that ignores the remainder). For your example this will result in 24 bytes.

3) The ciphertext length will be the same as the padded cleartext length i.e. ((N+8)/8)*8 bytes.

4) Hex encoding of the raw ciphertext will produce 2 characters for every one byte of ciphertext so you will end up with 2*((N+8)/8)*8 characters. For your 16 hex character cleartext example this will result in 48 characters.

It seems to me that before encrypting you should first hex decode the hex bytes of the cleartext. This will then result in just 32 Hex characters of ciphertext.

You can get a further saving if you Base64 encode the ciphertext rather than Hex encode it and an even bigger saving use ASCII85 encoding.

Note - it is normally better to leave ciphertext as bytes and not turn them into text at all. Do not even think about just converting them to a String without some form of encoding; String is not a suitable container for binary data and raw ciphertext is most definitely binary data.

Note 1 - you use a fixed IV of 8 zero bytes. This has security implications since it allows an observer to tell whether or not two ciphertext have the same first 8 bytes of cleartext. To get round this it is normal to use a random IV and either include the IV as a prefix to the ciphertext or store it separately.

Thanks Richard.

But my cleartext is Hex format (i.e. "015674FFAAAEBAFC") and I expect to get ciphertext in Hex format 16 characters for sending to another system.

What I should to do?

Andre Chevchenko wrote:
But my cleartext is Hex format (i.e. "015674FFAAAEBAFC") and I expect to get ciphertext in Hex format 16 characters for sending to another system.

What I should to do?

Who has imposed this constraint on the ciphertext and why is there this constraint on the ciphertext? Are you trying to match an existing system? If so you must find out exactly what the existing system is doing or you are just wasting your time.

The obvious approach to meet your requirements is :-

1) Hex decode the Hex encoded cleartext to get 8 bytes.
2) 3DES encrypt the resulting 8 bytes usng ECB block mode with no padding.
3) Hex encode the resulting 8 bytes to get your 16 hex characters of ciphertext.

Note - ECB is used because there is no point in using CBC for a single block of data when you are just using an IV of all zeros; you would get the same ciphertext anyway. Padding is not used because you always have exactly one block of raw cleartext so no padding is needed.