Win a copy of Functional Design and Architecture this week in the Functional programming forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Triple Des decryption with hex key different values

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi guys,

i am new to encryption/decryption and i have to decrypt a hex value using a specific hex key. I found some decryption samples in java but my problems are that when i use a self made encryption the decryption is working correctly, but when i encrypt the value online, different websites give different values(ecb mode used) and of course my decryption gives wrong output for these encrypted values.

My questions are:

1) I know that the provider of the encrypted value will encrypt it with triple des, ecb mode with specific given hex key. Are there a lot of different ways to encrypt values with 3des so i need to know the encryption method to decrypt it, or if you have key and mode there is only one possible encrypted output?

2)I know that there as a difference in encryption with hex key and normal key, but does it matter that my encrypted value will be hex value or it will be treated as a string?

3)If there is only one way to decrypt hex values with 3des ecb using hex key and given key, is there a sample java code to do this?

Thanks!
 
Marshal
Posts: 73953
332
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch

I shall try moving you to our security forum because that question is too difficult tor “beginning”.
 
Saloon Keeper
Posts: 13244
291
  • Likes 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Jimmy.

You don't encrypt/decrypt strings. Encryption works with binary data. If you need to decrypt a hex string, you need to decode it first. After decoding, you decrypt the binary data. Finally, you encode the binary data to a string again. The same goes for a key. Keys are binary data, you need to decode the string first.

Furthermore, you need to know what padding scheme is used to create blocks and keys of the correct size for the algorithm. Just knowing the algorithm and the cipher mode isn't enough.

This is what it should look like roughly:
 
Jimmy Ice
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Hi Jimmy.

You don't encrypt/decrypt strings. Encryption works with binary data. If you need to decrypt a hex string, you need to decode it first. After decoding, you decrypt the binary data. Finally, you encode the binary data to a string again. The same goes for a key. Keys are binary data, you need to decode the string first.

Furthermore, you need to know what padding scheme is used to create blocks and keys of the correct size for the algorithm. Just knowing the algorithm and the cipher mode isn't enough.

This is what it should look like roughly:



Thanks for the answer Stephan. I know they encryption key that will be used, so i need to know only padding scheme right? Let's say that PKCS5Padding is going to be used. Does this code look right?

 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not really, I'm afraid. It looks like you're applying the padding scheme to the key material. This is a bad idea, because it's easy to get wrong, and the key probably already has the correct size for the algorithm.

You're also decoding the hex string using Base 64. Hex is not base 64.

Finally, I hope this is some sort of exercise, because you shouldn't be using cryptographic primitives, and certainly not an outdated one like triple-DES. For proper encryption, use AEAD.
 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Do you have an example of the key and encrypted message? Do you know what message was encrypted?
 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My apologies, my example showed operations working with Strings. Keys and secret messages should never be stored as Strings. The hexKey and hex parameters should be of type char[], and decrypt() should return char[].

The reason is that char arrays can be wiped after usage, while Strings are very hard to remove from memory.
 
Jimmy Ice
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Do you have an example of the key and encrypted message? Do you know what message was encrypted?



Sample hex key: 3402711110CA93C96A2DCE4E3402711110CA93C96A2DCE4EA
Message that will be encrypted and then decrypted by me: 32 hex characters e.g FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF

If i the encrypt with no padding and i change to hex.decode will it be ok?

Thanks for the help Stephan you are very helpful.
 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
PKCS#5 requires a multiple of 8 bytes, so the key isn't valid using that padding scheme. As a matter of fact, it can't unambiguously be decoded to a byte array at all, because the number of bytes is uneven. Is the final 'A' at the end a mistake?
 
Jimmy Ice
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:PKCS#5 requires a multiple of 8 bytes, so the key isn't valid using that padding scheme. As a matter of fact, it can't unambiguously be decoded to a byte array at all, because the number of bytes is uneven. Is the final 'A' at the end a mistake?



Yes the final A is a mistake
 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I encrypt to:

"97dc8adaa616f58c97dc8adaa616f58c"

without padding and:

"97dc8adaa616f58c97dc8adaa616f58cacbb931e9406b125"

with padding.
 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Notice how in this example you can immediately see the disadvantage of ECB mode? The encrypted string contains "97dc8adaa616f58c" twice, which is a BIG no no in cryptography.
 
Jimmy Ice
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I've changed my code and replaced Base64 decoding with:



But now i get some some weird characters when i print out the result..
 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Because your encoding the binary data to UTF-8, and the original message probably wasn't UTF-8.

Are you trying to decrypt some message given to you, or are you trying to reverse your own encryption process?
 
Jimmy Ice
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Because your encoding the binary data to UTF-8, and the original message probably wasn't UTF-8.

Are you trying to decrypt some message given to you, or are you trying to reverse your own encryption process?



I've just replaced my "message" variable with the encrypted hex you gave me "97dc8adaa616f58c97dc8adaa616f58c". (I use ECB,NoPadding) Sorry if the questions are stupid but it's the first time i am doing something like this
 
Jimmy Ice
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't use my own encryption. I will get an encrypted string value and decrypt it with my method. That's why i used your encryption result..
 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I understand.

The reason you're getting garbage with UTF-8 is because I interpreted "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" as hexadecimal, not as UTF-8. Again, hexadecimal is an encoding, and it's different from UTF-8, ASCII, or Base64.

Do you know what an encoding is? Please take a look at this article: http://www.joelonsoftware.com/articles/Unicode.html

First I decoded the hexadecimal to a binary message, encrypted it, and encoded it to hexadecimal again. In order to get the original message, you have to reverse this process by decoding the hexadecimal, decrypting the message, and then encoding it to hexadecimal again, not UTF-8.
 
Jimmy Ice
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:I understand.

The reason you're getting garbage with UTF-8 is because I interpreted "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF" as hexadecimal, not as UTF-8. Again, hexadecimal is an encoding, and it's different from UTF-8, ASCII, or Base64.

Do you know what an encoding is? Please take a look at this article: http://www.joelonsoftware.com/articles/Unicode.html

First I decoded the hexadecimal to a binary message, encrypted it, and encoded it to hexadecimal again. In order to get the original message, you have to reverse this process by decoding the hexadecimal, decrypting the message, and then encoding it to hexadecimal again, not UTF-8.



Thank you very much Stephan Now it works fine after doing correct decoding and encoding and deleting the line:


Now i guess they have to provide me 48 hex byte string encrypted with ECB/Nopadding for my decryption to work.
 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Good job. Can you show your full solution?
 
Jimmy Ice
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Stephan van Hulst wrote:Good job. Can you show your full solution?



 
Stephan van Hulst
Saloon Keeper
Posts: 13244
291
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Alright. Please keep in mind that you should never use this for any form of proper encryption. ECB is a horrible broken block cipher mode, and encryption and decryption should not be done without authentication, so it's best to use an algorithm like AES-GCM.
 
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic