Rob Lee

Hello Jelle Klap,

First of all Thank you for your reply. At the Oracle download page I found "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7" which has two executable jar files and "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6" which has the same number of jars as well. As being a noob I have Tried to add all of those Jars (I know how to add them properly), I tried 1 jar at the time ,two jars and four jars, well all of the possibilities to be honest. But Still got the same exception of illegal key size. Anyway that should not be a problem as with using (PBEWithMD5AndDES) and a random salt am pretty much protected from rainbow-tables attacks I assume.

Kindly, Can you help me in solving the small problem below:

Cipher cipher = Cipher.getInstance(algorithm); cipher.init(Cipher.ENCRYPT_MODE,secretKey,pbeParamSpec); SealedObject str= new SealedObject(data, cipher);

The problem basically is I want to convert the Slealedobject str to a Hex String by using Apache Base64 or any simpler way and then display it with (System.out.println(TheNameOfThestringDerivedFromThe SlealedObject);)

I have tried many ways but with no success. the output has been for the desired string in the below format with just a change in the the numbers in the output

javax.crypto.SealedObject@1d5550d

help by code is much appreciated for a noob like me

Thank you

Hello everyone,

Well I found a solution for this but its problem that it uses less secure transformation algorithm

The output when using (PBEWITHSHA256AND128BITAES-CBC-BC) through an exception of illegal key size. However, when I have changed it to (PBEWithMD5AndDES) it worked just fine

the thing that I do not understand is Bouncycastle support (PBEWITHSHA256AND128BITAES-CBC-BC) but the program report the above exception. Any explanation(with code) would be much appreciated.

at last please help me in finding a solution for the below two topics:

PBE decryption does not work

Sorry about spamming the board with questions! But here another question about PBE encryption

Hello all,

public class passphrase { static String algorithm = "AES"; public static String ss = "the queen diamond jubilee"; static char[] S=ss.toCharArray(); static String secretData = "Very Secret Data!!"; private static SealedObject myEncryptedMessage; static byte[] salt = "a9v5n38s".getBytes(); public passphrase() throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException, IOException, ClassNotFoundException, DecoderException{ encrypt(secretData); decrypt(encrypt(secretData)); } public static byte[] gensalt() throws DecoderException{ byte[] x=Hex.decodeHex("ab987e8999ee".toCharArray()); return x; } public static byte[] convert(String h) { char[] buffer = ss.toCharArray(); byte[] b = new byte[buffer.length]; for (int i = 0; i < b.length; i++) { b[i] = (byte) buffer[i]; } return b; } public static String encrypt (String lp) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException, IOException, DecoderException{ PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 10); PBEKeySpec pbeKeySpec = new PBEKeySpec(S); SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); SecretKey key = factory.generateSecret(pbeKeySpec); Cipher c = Cipher.getInstance("PBEWithMD5AndDES"); c.init(Cipher.ENCRYPT_MODE,key,pbeParamSpec); byte[] input = secretData.getBytes("UTF-8"); byte[] encrypted = c.doFinal(input); String encryptedString = new String(Base64.encodeBase64(encrypted)); return encryptedString; } public static String decrypt (String encryptedString) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException, ClassNotFoundException, UnsupportedEncodingException, DecoderException{ PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 10); PBEKeySpec pbeKeySpec = new PBEKeySpec(S); SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); SecretKey key = factory.generateSecret(pbeKeySpec); Cipher c = Cipher.getInstance("PBEWithMD5AndDES"); c.init(Cipher.ENCRYPT_MODE,key,pbeParamSpec); byte[] encryptedText = Base64.decodeBase64(encrypt(secretData)); byte[] plainText = c.doFinal(encryptedText); String decryptedText= new String(plainText); System.out.println(decryptedText); return decryptedText; } public static void main(String args[]) throws Exception { passphrase p= new passphrase(); } }

I get this frustrating output(Exception in thread "main" java.security.spec.InvalidKeySpecException: Salt not found)

Why is That?

Thank you all

Hello mates,

import org.bouncycastle.jce.provider.BouncyCastleProvider; public class passphrase2 { static String algorithm = "PBEWITHSHA256AND128BITAES-CBC-BC"; static char[] passPherase = "secretpass".toCharArray(); static byte[] salt = "a9v5n38s".getBytes(); static String secretData = "Very Secret Data!!"; static SealedObject encrypt(String data) throws Exception{ PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt,20); PBEKeySpec pbeKeySpec = new PBEKeySpec(passPherase); SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithm); SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec); Cipher cipher = Cipher.getInstance(algorithm); cipher.init(Cipher.ENCRYPT_MODE,secretKey,pbeParamSpec); return new SealedObject(data,cipher); } static String decrypt(SealedObject sealedObject) throws Exception{ PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt,20); PBEKeySpec pbeKeySpec = new PBEKeySpec(passPherase); SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance(algorithm); SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec); Cipher cipher = Cipher.getInstance(algorithm); cipher.init(Cipher.DECRYPT_MODE,secretKey,pbeParamSpec); return (String)sealedObject.getObject(cipher); } public static void main(String[] args) { try{ Security.addProvider(new BouncyCastleProvider()); SealedObject encryptedString = encrypt(secretData); String decryptedString = decrypt(encryptedString); System.out.println(decryptedString); }catch( Exception e ) { System.out.println(e.toString()); } } }
the output is included in the topic.
Thank you all

Hello all,

The encryption in the code below works fine but i get error for decryption. any clues?

public final class lastry { /** name of the character set to use for converting between characters and bytes */ private static final String CHARSET_NAME = "UTF-8"; /** random number generator algorithm */ private static final String RNG_ALGORITHM = "SHA1PRNG"; /** message digest algorithm (must be sufficiently long to provide the key and initialization vector) */ private static final String DIGEST_ALGORITHM = "SHA-256"; /** key algorithm (must be compatible with CIPHER_ALGORITHM) */ private static final String KEY_ALGORITHM = "AES"; /** cipher algorithm (must be compatible with KEY_ALGORITHM) */ private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding"; private static byte[] salt="985abb".getBytes(); private static final int iterations=64; private static final String password="ya man"; private static final byte[] cleartext="to be enc".getBytes(); public lastry() throws Exception{ encrypt(salt, iterations, password, cleartext); decrypt(salt, iterations, password, cleartext); } public static byte[] encrypt( byte[] salt, int iterations, String password, byte[] cleartext) throws Exception { /* generate salt randomly */ SecureRandom.getInstance(RNG_ALGORITHM).nextBytes(salt); /* compute key and initialization vector */ final MessageDigest shaDigest = MessageDigest.getInstance(DIGEST_ALGORITHM); byte[] pw = password.getBytes(CHARSET_NAME); for (int i = 0; i < iterations; i++) { /* add salt */ final byte[] salted = new byte[pw.length + salt.length]; System.arraycopy(pw, 0, salted, 0, pw.length); System.arraycopy(salt, 0, salted, pw.length, salt.length); Arrays.fill(pw, (byte) 0x00); /* compute SHA-256 digest */ shaDigest.reset(); pw = shaDigest.digest(salted); Arrays.fill(salted, (byte) 0x00); } /* extract the 16-byte key and initialization vector from the SHA-256 digest */ final byte[] key = new byte[16]; final byte[] iv = new byte[16]; System.arraycopy(pw, 0, key, 0, 16); System.arraycopy(pw, 16, iv, 0, 16); Arrays.fill(pw, (byte) 0x00); /* perform AES-128 encryption */ final Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); cipher.init( Cipher.ENCRYPT_MODE, new SecretKeySpec (key, KEY_ALGORITHM), new IvParameterSpec(iv)); Arrays.fill(key, (byte) 0x00); Arrays.fill(iv, (byte) 0x00); byte[] encrypted = cipher.doFinal(cleartext); String encryptedString = new String(Base64.encodeBase64(encrypted)); System.out.println(encryptedString); String salte=new String (Base64.encodeBase64(salt)); salte.toString(); System.out.println(salte); return encrypted; } public static String decrypt( byte[] salt, int iterations, String password, byte[] ciphertext) throws Exception { /* compute key and initialization vector */ final MessageDigest shaDigest = MessageDigest.getInstance(DIGEST_ALGORITHM); byte[] pw = password.getBytes(CHARSET_NAME); for (int i = 0; i < iterations; i++) { /* add salt */ final byte[] salted = new byte[pw.length + salt.length]; System.arraycopy(pw, 0, salted, 0, pw.length); System.arraycopy(salt, 0, salted, pw.length, salt.length); Arrays.fill(pw, (byte) 0x00); /* compute SHA-256 digest */ shaDigest.reset(); pw = shaDigest.digest(salted); Arrays.fill(salted, (byte) 0x00); } /* extract the 16-byte key and initialization vector from the SHA-256 digest */ final byte[] key = new byte[16]; final byte[] iv = new byte[16]; System.arraycopy(pw, 0, key, 0, 16); System.arraycopy(pw, 16, iv, 0, 16); Arrays.fill(pw, (byte) 0x00); /* perform AES-128 decryption */ final Cipher ciph = Cipher.getInstance(CIPHER_ALGORITHM); ciph.init( Cipher.DECRYPT_MODE, new SecretKeySpec(key, KEY_ALGORITHM), new IvParameterSpec(iv)); Arrays.fill(key, (byte) 0x00); Arrays.fill(iv, (byte) 0x00); byte[] cciphertext=Base64.decodeBase64(encrypt(salt, 1000, "ya man", "to be enc".getBytes())); byte[] plainText = ciph.doFinal(cciphertext); String decryptedText= new String (Base64.decodeBase64 (plainText)); System.out.println(decryptedText); return decryptedText; } public static void main(String args[]) throws Exception { lastry tr= new lastry(); } }
the output is (Exception in thread "main" javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher)
I do prefer salt to victors , so any sample code to tweak the program to use salt only will be much welcomed.

Thank you

Hello Tim,

thank you very much now I understand what I have been doing wrong. I am very pleased thank you again. here is the code if someone encounter the same problem. please note that this is a just a simple example!

public class digitalsignature { public static void main(String[] args) throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(2048); KeyPair keyPair = kpg.genKeyPair(); byte[] data = "test".getBytes("UTF-8"); Signature sig = Signature.getInstance("MD5WithRSA"); sig.initSign(keyPair.getPrivate()); sig.update(data); byte[] signatureBytes = sig.sign(); int m =signatureBytes.length; String str = new String(Base64.encodeBase64(signatureBytes)); System.out.println(str); System.out.println(m); System.out.println("Singature:" + Base64.encodeBase64(signatureBytes)); sig.initVerify(keyPair.getPublic()); sig.update(data); System.out.println(sig.verify(signatureBytes)); } }

Now I do get different results from different sizes of key.

I don't mean to sound rude, but that being the case you should not be in charge of implementing security. It's all too easy to put in place insecure systems, especially if you come by them in a trial-and-error approach.

No am not in charge. I have BSC in information Systems(more oriented towards the people and the business side of computing). but recently I have applied for a job in a company that's main operation is securing data and voice communication for some international military organizations. it is a junior job but I wanted to study about cryptography to ease up the training period and make a good impression(i hope so). My main problem is that I am from Sudan and we have no access for those in-depth materials.Moreover because of the U.S embargo in Sudan we are not permitted to download java from oracle website but fortunately I have used some proxies to do so.

anyway thank you very much for your help. I really do appreciate it

Sorry about that, copy/paste error. That should have read:

You seem to assume that "Base64.encodeBase64(signatureBytes).toString()" returns something useful; obviously, it does not.

Make as much errors as you want mate.....I am here to benefit from your experience not the opposite

still in the code I did not include the(.toString()). I have only used the Apache encoding scheme which has outputted the signature and the rest of the code has verified it with the public key to be true(matching).

I feel that you have not understood my question because it has nothing to do with your appreciated response. I repeat my question is why the signature character length has not increased when using a bigger key? it is the encryption of the fixed length hash what I mean.

Please be more generous by responding with a bit more lengthy explanation. I am a beginner and I do not understand the hints behind those"telegraphic responses"

Hello Dittmer,

Thank you for your reply

You seem to assume that "sig.verify(signatureBytes).toString()" returns something useful; obviously, it does not.

well that is not included in the code above, but anyway the result is"true"

My question is basically why the signature length has not increased when I changed the key size from 1024 to 2048?

Wikipedia says"If the unlock/decryption key is the one published then the system serves as a signature verifier of documents locked by the owner of the private key. Although in this latter case, since encrypting the entire message is relatively expensive computationally, in practice just a hash of the message is encrypted for signature verification purposes."

so my understanding is the message will be hashed to a fixed character length no matter how long the message is(which is 32 characters using MD5). Then this hash will get encrypted (RSA encryption) in my example. I have tried both key sizes and still got the same length of characters in the signature, I was expecting it to increase by using 2048 bit but it has not(the output is 10 characters long regardless of the size of the key) and this is what is puzzling me.

Can you please clarify what I am missing/misunderstanding?

up!

Hello, new member over here with a noob question

I have the following Simple code to generate a digital signature, as far as I can understand only a hash of the message get encrypted but when I change the key size I still get the same length of characters in the digital signature! below is the code:

public class digitalsignature { public static void main(String[] args) throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(1024); KeyPair keyPair = kpg.genKeyPair(); byte[] data = "test".getBytes("UTF8"); Signature sig = Signature.getInstance("MD5WithRSA"); sig.initSign(keyPair.getPrivate()); sig.update(data); byte[] signatureBytes = sig.sign(); System.out.println("Singature:" + Base64.encodeBase64(signatureBytes)); sig.initVerify(keyPair.getPublic()); sig.update(data); System.out.println(sig.verify(signatureBytes)); } }

the output is:
Singature:[B@10b4199
true

but when changing the key size to 2048 the output has the same length!

public class digitalsignature { public static void main(String[] args) throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); kpg.initialize(2048); KeyPair keyPair = kpg.genKeyPair(); byte[] data = "test".getBytes("UTF8"); Signature sig = Signature.getInstance("MD5WithRSA"); sig.initSign(keyPair.getPrivate()); sig.update(data); byte[] signatureBytes = sig.sign(); System.out.println("Singature:" + Base64.encodeBase64(signatureBytes)); sig.initVerify(keyPair.getPublic()); sig.update(data); System.out.println(sig.verify(signatureBytes)); } }

the output this time is
Singature:[B@13a328f
true

I was expecting the digital signature length to increase but only the processing time has(which just natural), why is that?

thanks in advance