2

Apologies all - newbie at encryption - been googling for days and finally asking outright.

I need to use PHP to encrypt and decrypt data that is readable by a Java TripleDES "DESede/ECB/NoPadding" function.

In Java there is a double-length 32 character key e.g. "F4D5CBDF57FEEDCFA41FD6AFE7BCDFEA" which gets converted to bytes and which provides an encrypted result without any problems. (I don't have the code.)

In PHP, when the same key is attempted via mcrypt for a tripledes, ecb function call, there is a key-length error because the system expects a max of 24 characters.

What do I need to do to the key so that PHP will produce the same encrypted result as Java?

Dash Weh
  • 198
  • 1
  • 5
  • 2
    You have to find out what the key derivation function is in Java. TripleDES accepts keys up to 168 bits (21 bytes) in size. That 32 character key looks like it's actually 128 bits of data encoded in hex. – NullUserException Feb 11 '14 at 16:46

1 Answers1

2

As NullUserException postulated: please convert the key from hexadecimals to binary before using it for your triple DES cipher. Your Java code must do the same thing; in Java a triple DES key must have either 24 bytes or 16 bytes (16 bytes is only supported for later versions of Java, previously you had to convert to 24 bytes by copying the first 8 bytes to the end to create an "ABA" DES key).

32 byte keys are never supported for triple DES. If you are using the horrible mcrypt libraries for PHP however, the key gets cut to the highest key size available. So instead of a fail-fast situation, PHP rather would have their users pull their hair out in frustration.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263