Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

DES/CBC Decrypt of libdes file using javax.crypto

843811Oct 11 2006 — edited Jun 26 2007
I have a program that receives des encrypted files from a third party. I need to take the file, decrypt it and process it. To do the decryption, I am spawning a program (des.exe) to do the decryption. I would like to rewrite this routine to use the javax.crypto packages and avoid the need of maintaining an external program.

Note that I have no control over the des encryption. I know that it is being done using the des.exe application, or an equivalent, that is based on libdes. I also know that it is using DES and CBC. (I am assuming that it is using PKCS5Padding as it seems the most probable to me.) I know the secret key.

So my code is something like: 
String secretDESkey = "12345678";
Cipher myCipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
SecretKeySpec myKeySpec = new SecretKeySpec(secretDESkey.getBytes(), "DES");
IvParameterSpec myIV = new IvParameterSpec( new byte[8] );
myCipher.init(Cipher.DECRYPT_MODE, myKeySpec, myIV);

InputStream is = new CipherInputStream( new FileInputStream("encrypted.des"), myCipher);
...
is.close();
But of course, this code doesn't exactly work as I would expect... The decrypted content is incorrect.

I think my biggest question is: How can I figure out the initialization vector? I thought that I could read the first 12 bytes of the file and use the 5th to 12th bytes as my initialization vector (see the Payload Format diagram on http://ietfreport.isoc.org/idref/draft-ietf-ipsec-esp-des-cbc/ ), but that does not seem to work. I have also tried all zeros (a blank array), and that does not seem to work.

I must say that I am also surprised that the algorithm is "DES" for SecretKeySpec, but "DES/CBC/PKCS5Padding" for Cipher.getInstance. Should this be consistent? (I gathered this inconsistency from sample code from a forum -- and if I am consistent with DES/CBC/PKCS5Padding, I get an InvalidKeyException saying that DES required.)

Also, am I specifying the secret key OK? I know the key as a string, and the method requires a byte array, so I just use getBytes. Do I need to do something else?

For what it is worth, to decrypt using des.exe, I simply say something like: des -D -k 12345678 encrypted.des

I appreciate any help!
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jul 24 2007
Added on Oct 11 2006
#cryptography
12 comments
1,905 views