2

I am confused by JCE, I have tried a number of examples and example codes of encrypting and decrypting some text using JCE encryption decryption techniques but reaching on a confusing conclusion or may be missing the whole concept either. Actually all I wanted was to encrypt some text using various famous algorithms with a human readable alphanumeric key and then decrypt it back with same key. Here is the first example I tried

        String text = "Hello World";
        String key = "Bar12345kjkj5454hggx1234"; 

        // Create key and cipher
        Key aesKey = new SecretKeySpec(key.getBytes(), "DESede");
        Cipher cipher = Cipher.getInstance("DESede");

        // encrypt the text
        cipher.init(Cipher.ENCRYPT_MODE, aesKey);
        byte[] encrypted = cipher.doFinal(text.getBytes());
        System.err.println("Using Tripple DES algorithm and with key <"+key+">, <"+text+">  converted into <"+new String(encrypted)+">");

        // decrypt the text
        String key1 = "Bar12345kkkj5454hggx1234"; // 128 bit key
        Key aesKey1 = new SecretKeySpec(key1.getBytes(), "DESede");
        Cipher cipher1 = Cipher.getInstance("DESede");


        cipher1.init(Cipher.DECRYPT_MODE, aesKey1);
        String decrypted = new String(cipher1.doFinal(encrypted));
        System.err.println("Using Tripple DES algorithm and with key <"+key1+">, encrypted text <"+new String(encrypted)+"> decrypted into <"+decrypted+">");

The confusing thing is with a different key also I can decrypt the data which was originally encrypted using a different key, does it make any sense. It should fail if the supplied key for decryption is not exactly same as the one which was used for encryption.

Can somebody please help me to understand why it is happening like this and what is the purpose of having this algorithms if we can decrypt the data with a wrong key as well, what's the point of security then?

Thanks in advance! Manish

Manish Kumar
  • 21
  • 1
  • Note that keys should not be confused with passwords; keys should be binary. To show human readable keys, use hexadecimals instead. Also note that you should define a mode of operation and padding mode. Currently you are using ECB and PKCS#5 padding. ECB is no good for encrypting text. – Maarten Bodewes Nov 05 '14 at 01:57

1 Answers1

2

If I'm not mistaken, that comes from the fact that when you transform 'k' and 'j' to bytes, the bytes you obtain only differ by their last bit, and the DES algorithm considers it as a parity bit and excludes it from the key.

See http://en.wikipedia.org/wiki/Triple_DES

To show what happens, try this code:

SecretKeyFactory kf = SecretKeyFactory.getInstance("DESede");
SecretKey parityAdjusted = kf.generateSecret(new DESedeKeySpec(aesKey.getEncoded()));
SecretKey parityAdjusted1 = kf.generateSecret(new DESedeKeySpec(aesKey1.getEncoded()));
System.out.println(new String(parityAdjusted.getEncoded()));
System.out.println(new String(parityAdjusted1.getEncoded()));

will output:

Cas12244kkkk4444hggy1224
Cas12244kkkk4444hggy1224

As you can see, both keys are essentially the same key after parity adjustment.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255
  • Thanks for your reply! Sorry but I am not getting your point The parity is just the last bit which tells about even or odd number of 1's how does it play any role in this example, how did you figure out that changing that letter just changed the parity bit? I also tried some another change at odd number of place and replace the character by next character and the new key also worked. – Manish Kumar Nov 05 '14 at 19:28
  • 2
    j is 106 in ASCII, or 01101010 in binary. k is 107 in ASCII, or 01101011 in binary. The only difference between j and k is the last bit, which is ignored by DES. – JB Nizet Nov 05 '14 at 20:00