Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Diffie Hellman with DES

 
Partheban Udayakumar
Ranch Hand
Posts: 496
AngularJS Java Spring
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am trying Diffie Hellman key generation with DES encryption. My code is a sample code from exampledepot.8waytrips.com. When I compile it in Java, it works fine but when I generate the key in Java and send it to J2ME, it throws java.security.InvalidKeyException

Key generation code is



I send the byte[] to a servlet and send it to J2ME client with the servlet code below



Key receiving code is


and the encryption is done with the following code



The stack trace is

java.security.InvalidKeyException
at javax.crypto.Cipher.init(), bci=185
at javax.crypto.Cipher.init(), bci=4
- red.DEScrypters.<init>(DESwithDH.java:102)
- red.DESwithDH.connect(DESwithDH.java:79)
- red.DESwithDH.commandAction(DESwithDH.java:63)
at javax.microedition.lcdui.Display$ChameleonTunnel.callScreenListener(), bci=39
at com.sun.midp.chameleon.layers.SoftButtonLayer.processCommand(), bci=62
at com.sun.midp.chameleon.layers.SoftButtonLayer.commandSelected(), bci=14
at com.sun.midp.chameleon.layers.MenuLayer.pointerInput(), bci=150
at com.sun.midp.chameleon.CWindow.pointerInput(), bci=80
at javax.microedition.lcdui.Display$DisplayEventConsumerImpl.handlePointerEvent(), bci=52
at com.sun.midp.lcdui.DisplayEventListener.process(), bci=346
at com.sun.midp.events.EventQueue.run(), bci=130
at java.lang.Thread.run(Thread.java:723)
java.lang.IllegalStateException
at com.sun.midp.crypto.BlockCipherBase.doFinal(), bci=18
at com.sun.midp.crypto.DES.doFinal(), bci=8
at com.sun.j2me.crypto.Cipher.doFinal(), bci=8
at javax.crypto.Cipher.doFinal(Cipher.java:1970)
- red.DEScrypters.encrypt(DESwithDH.java:114)
- red.DESwithDH.connect(DESwithDH.java:80)
- red.DESwithDH.commandAction(DESwithDH.java:63)
at javax.microedition.lcdui.Display$ChameleonTunnel.callScreenListener(), bci=39
at com.sun.midp.chameleon.layers.SoftButtonLayer.processCommand(), bci=62
at com.sun.midp.chameleon.layers.SoftButtonLayer.commandSelected(), bci=14
at com.sun.midp.chameleon.layers.MenuLayer.pointerInput(), bci=150
at com.sun.midp.chameleon.CWindow.pointerInput(), bci=80
at javax.microedition.lcdui.Display$DisplayEventConsumerImpl.handlePointerEvent(), bci=52
at com.sun.midp.lcdui.DisplayEventListener.process(), bci=346
at com.sun.midp.events.EventQueue.run(), bci=130
at java.lang.Thread.run(Thread.java:723)

 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That exception will get thrown if sk.length is not equal to 8 !

Note - without even looking at your DH code you have created an insecure system. When you specify

this is equivalent to
ECB mode is insecure.

Note 1 - even more insecure - you are doing all the key generation in the servlet and then passing the key in the clear to the client! What is the point of encryption if you publish the key to the whole world? That is not not not how DH functions. The client and server have a dialogue and both participate in the generation and at no point is anything that cannot be public passed between the client and the server. You need to spend more time reading about DH to make sure you understand it fully! Take a look at this .

 
Partheban Udayakumar
Ranch Hand
Posts: 496
AngularJS Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Richard,

I am sorry this took so long to reply but I forgot that I posted this. I saw this when I was going through my profile now. Ya I get it, its very insecure to transfer keys from server to client. Thanks by the way for replying. I am sorry again I took to long to reply.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic