3

I'm trying to encrypt a string with rijndael (keysize 256 bit, blocksize 256 bit, CFB mode) currently i'm doing something like this:

BufferedBlockCipher c = new BufferedBlockCipher(new CFBBlockCipher(new RijndaelEngine(256), 256));
    c.init(false, new ParametersWithIV(new KeyParameter(keybytes), iv));

I can encrypt and decrypt my own stuff just fine. Unfortunately the string i have to decrypt comes from mcrypt in php.

I cant decrypt this string and i guess the failure is on my side. could anybody give me an example how to configure a cipher with the required parameters?

EDIT:

following some advice here and in the php documentation comments. i changed my cypher to:

PaddedBufferedBlockCipher c = new PaddedBufferedBlockCipher(new CFBBlockCipher(new RijndaelEngine(256)), new ZeroBytePadding());

still the encryptions are not compatible.

EDIT 2

got it working in CBC mode. I guess the problem is somewhere in iv.

Laures
  • 5,389
  • 11
  • 50
  • 76
  • I did a php-java encryption/decryption and had a hard time doing it. As far as I remember, I had to do padding of input in order to get cross encryption/decryption working. – Manish Nov 11 '11 at 11:25
  • seems like padding was not the problem. – Laures Nov 11 '11 at 15:34
  • Are you sure you are using the same IV in Java as you did in PHP? Also read: http://stackoverflow.com/questions/7821678/any-equivalent-for-mcrypt-in-php-to-use-in-java/7823385#7823385 – NullUserException Nov 11 '11 at 15:36
  • yeah, currently (for testing) the iv is hardcoded. out of paranoia we are generating it from a base64 string. same goes for the key. same key, same iv ... – Laures Nov 11 '11 at 15:41
  • Zero padding is not a good scheme, because if the data is ending with 00h, you run into trouble. Zero padding can only be used if you know the length of the plain data before decrypting. If you are decrypting, you can always try to decrypt without a padding scheme and see how the content & padding bytes look. If they are different than expected, it's not the padding. It's seems more likely however that there are decoding or interpretation differences for the key or IV. We need more code to see what's happening there. – Maarten Bodewes Nov 11 '11 at 23:05
  • zero padding is the padding mechanism used by php mcrypt. took some time to find that info. – Laures Nov 13 '11 at 22:57
  • Zero byte padding of PHP and Bouncy Castle differ for plaintexts that are exactly the block size. For CFB with an output of 8 bits (less secure than using the full block size, and dog slow) you don't need any padding at all. – Maarten Bodewes Nov 29 '14 at 15:23

1 Answers1

3
PaddedBufferedBlockCipher c = new PaddedBufferedBlockCipher(new CFBBlockCipher(new RijndaelEngine(256), 8), new ZeroBytePadding());
c.init(false, new ParametersWithIV(new KeyParameter(keybytes), iv));

this did the trick. All examples and tutorials say that the second param of the CFBBlockCipher object is the blocksize of the chiffre, which would work, but mcrypt uses a blocksize of 8 bit for CFB.

Laures
  • 5,389
  • 11
  • 50
  • 76