Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Blowfish encryption problem with new JDK

843811Aug 5 2005 — edited Nov 17 2005
I'm a junior-level programmer, so please excuse me if I'm mistype a few things. Also this is not my coding...

We have a working version of the blowfish algorithm running on "Linux server1 2.4.9-e.34smp #1" with java version:

java version "1.4.2_02"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_02-b03)
Java HotSpot(TM) Client VM (build 1.4.2_02-b03, mixed mode)

However we are migrating to more powerful servers, the latest stable Tomcat, a slightly new version of Linux, and Java . More specifically, "Linux server2 2.4.21-15.EL #1 SMP" with java version:

java version "1.5.0_04"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_04-b05)
Java HotSpot(TM) Server VM (build 1.5.0_04-b05, mixed mode)

Our WORKING Blowfish implementation doesn't work when moved over to the new servers. So what I'm trying to figure out is what has changed in com.sun.crypto.provider.SunJCE or other associated classes that would negatively impact our code. Perhaps there's something that we are doing oddly in the code below:
    public static String encrypt(String cleartext, String key)
            throws Exception {
        return crypt(cleartext, key, Cipher.ENCRYPT_MODE);
    }

    public static String decrypt(String ciphertext, String key)
            throws Exception {
        return crypt(ciphertext, key, Cipher.DECRYPT_MODE);
    }

    /*
     * This actually does the encryption/decryption.
     */
    private static String crypt(String input, String key, int mode)
            throws Exception {

        // Install SunJCE provider
        Provider sunJce = new com.sun.crypto.provider.SunJCE();
        Security.addProvider(sunJce);

        KeyGenerator kgen = KeyGenerator.getInstance("Blowfish");
        kgen.init(448);
        SecretKey skey = kgen.generateKey();

        byte[] raw = key.getBytes();
        SecretKeySpec skeySpec = new SecretKeySpec(raw, "Blowfish");

        Cipher cipher = Cipher.getInstance("Blowfish/ECB/PKCS5Padding");
        cipher.init(mode, skeySpec);

        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        ByteArrayInputStream bis = new ByteArrayInputStream(input.getBytes());
        CipherOutputStream cos = new CipherOutputStream(bos, cipher);

        int length = 0;
        byte[] buffer =  new byte[8192];

        while ((length = bis.read(buffer)) != -1) {
           cos.write(buffer, 0, length);
        }

        bis.close();
        cos.close();

        return bos.toString();
    }
Working Blowfish:

Blowfish encryption of raw number: '1234000012340000'
...produces Blowfish code: '����G�������G���J�����v�'

Decryption of Blowfish code: '����G�������G���J�����v�'
...produces plain text string: '1234000012340000'


Broken Blowfish:

Blowfish encryption of raw number: '1234000012340000'
...produces Blowfish code: '������������G����������G�����J���������'

Decryption of Blowfish code:
'������������G����������G�����J���������'

...produces plain text string:
'@G,������������q���/�����������t������
���'

Any help would be greatly appreciated on this. Even guidance and speculation as to what it could possibly be is appreciated.

Brian
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Dec 15 2005
Added on Aug 5 2005
#cryptography
5 comments
600 views