Symmetric Encryption between .NET and Java

时光毁灭记忆、已成空白 提交于 2019-12-23 17:28:00

问题


I am using a 3rd party platform to create a landing page, it is a business requirement that I use this particular platform.

On their page I can encrypt data and send it to my server through a request parameter when calling a resource on my site. This is done through an AES Symmetric Encryption.

I need to specify a password, salt (which must be a hex value) and an initialization vector (but be 16 characters).

Their backend is a .NET platform. I know this because if I specify an IV longer than it expects the underlying exception is:

System.Security.Cryptography.CryptographicException: Specified initialization vector (IV) does not match the block size for this algorithm. Source: mscorlib

So for example, on their end I specify:

EncryptSymmetric("Hello World","AES","P4ssw0rD","00010203040506070809", "000102030405060708090A0B0C0D0E0F")

Where the inputs are: plain text, algorithm, pass phrase, salt, and IV respectively.

I get the value: eg/t9NIMnxmh412jTGCCeQ==

If I try and decrypt this on my end using the JCE or the BouncyCastle provider I get (same algo,pass phrase, salt & IV, with 1000 iterations): 2rrRdHwpKGRenw8HKG1dsA== which is completely different.

I have looked at many different Java examples online on how to decrypt AES. One such demo is the following: http://blogs.msdn.com/b/dotnetinterop/archive/2005/01/24/java-and-net-aes-crypto-interop.aspx

How can I decrypt a AES Symmetric Encryption that uses a pass phrase, salt and IV, which was generated by the .NET framework on a Java platform?

I don't necessarily need to be able to decrypt the contents of the encryption string if I can generate the same signature on the java side and compare (if it turns out what is really being generated here is a hash).

I'm using JDK 1.5 in production so I need to use 1.5 to do this.

As a side note, a lot of the example in Java need to specify an repetition count on the java side, but not on the .NET side. Is there a standard number of iterations I need to specify on the java side which matches the default .NET output.


回答1:


It all depends on how the different parts/arguments of the encryption are used.

AES is used to encrypt bytes. So you need to convert the string to a byte array. So you need to know the encoding used to convert the string. (UTF7, UTF8, ...).

The key in AES has some fixed sizes. So you need to know, how to come from a passphrase to an AES key with the correct bitsize.

Since you provide both salt and IV, I suppose the salt is not the IV. There is no standard way to handle the Salt in .Net. As far as I remember a salt is mainly used to protect against rainbow tables and hashes. The need of a Salt in AES is unknown to me.

Maybe the passphrase is hashed (you did not provide the method for that) with the salt to get an AES key.

The IV is no secret. The easiest method is to prepend the encrypted data with the IV. Seen the length of the encrypted data, this is not the case.

I don't think your unfamiliarity of .Net is the problem here. You need to know what decisions the implementer of the encryption made, to come from your parameters to the encrypted string.




回答2:


As far as I can see, it is the iteration count which is causing the issue. With all things the same (salt,IV,iterations), the .Net implementation generates the same output as the Java implementation. I think you may need to ask the 3rd party what iterations they are using



来源:https://stackoverflow.com/questions/7872771/symmetric-encryption-between-net-and-java

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!