Solved

Java crypto

Posted on 2011-02-13
8
354 Views
Last Modified: 2012-05-11
String hashPassword = md5(arg4);

byte[] hPassword = AES.getAESKey(hashPassword, "888");
response = AES.encrypt(hPassword, "challenge");

//---------------------------------------------------------------------------------------

String driverHash = hashPassword;

byte[] driver_hash = AES.getAESKey(driverHash, "888");
String checkResponse = AES.decrypt(driver_hash, "challenge");

I compiled the codes. no error. Tried running the codes, I got a java.lang.NumberFormatException: For input string: "ch"

When I changed "challenge" to a single digit "1", it can run fine. Im stuck. What can be the problem??
0
Comment
Question by:moombaz
  • 4
  • 4
8 Comments
 
LVL 47

Expert Comment

by:for_yan
ID: 34883763
Sorry, I was trying to find this method getAESKey in Java Crypto API, and
somehow, I could not. What is the type of this AES in your code, or
is it a static method. But could not find class AES in Java Crypto either.

Most obvious general point is that it expects String which should be possible to be evaluated
as integer (so "1" will work and "challenge" would not, did you try some other number?),
 but this is certainly not too helpful.

Perhaps someone with experience in Crypto would advise.

Still if you elaborate a little bit on the context, maybe it will help.
0
 
LVL 1

Author Comment

by:moombaz
ID: 34884896
hi for_yan,

im using all of this

import java.io.*;
import java.net.*;
import java.util.*;
import java.text.*;
import cryptosystem.*;
import java.security.*;
0
 
LVL 47

Expert Comment

by:for_yan
ID: 34884914
So is AES a class within these packages or it is an instance
of some class? If the latter, then what is the class name?
I was looking for a method getAESKey in Java crypto
but it for some reason escapes me.
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 47

Expert Comment

by:for_yan
ID: 34884944

Do you have a link to the API documentation for these classes?
Those which I see for Java crypto don't seem to contain this stuff.
Is getAESKey method something which is part of your program, not some method from API?
0
 
LVL 1

Author Comment

by:moombaz
ID: 34885037
No I just call it directly. Im not calling from another class or method
0
 
LVL 1

Author Comment

by:moombaz
ID: 34885043
ouh.. my bad.. it is from this class.

package cryptosystem;

import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.KeyGenerator;

import java.security.NoSuchAlgorithmException;

public class AES {
	
	public static String asHex (byte buf[]){
		StringBuffer strbuf = new StringBuffer(buf.length*2);
		int i;
		
		for(i=0; i<buf.length;i++){
			if(((int) buf[i] & 0xff) < 0x10)
				strbuf.append("0");
			
			strbuf.append(Long.toString((int) buf[i] & 0xff, 16));
		}
		return strbuf.toString();
	}
	
	public static byte[] asByte (String hex){
		byte[] bts = new byte[hex.length()/2];
		for(int i=0;i<bts.length;i++){
			bts[i] = (byte) Integer.parseInt(hex.substring(2*i, 2*i+2), 16);
		}
		
		return bts;
	}
	
	/* returns a 128 bit key */
	public static byte[] getAESKey(String password, String salt) 
													throws Exception{
		int IC = 2;
		byte[] keyBytes = null;
		
		MessageDigest md = MessageDigest.getInstance("MD5");
		md.update(password.getBytes("CP1252"));
		md.update(salt.getBytes("CP1252"));
		for(int i=1; i<IC; i++){
			md.update(md.digest());
		}
		
		keyBytes = md.digest();
		
		return keyBytes;
	}
	
	public static byte[] generateKey(){
		byte[] raw = null;
		try {
			KeyGenerator kgen = KeyGenerator.getInstance("AES");
			kgen.init(128);
			
			SecretKey skey = kgen.generateKey();
			raw = skey.getEncoded();
			
		}catch (NoSuchAlgorithmException e){
			System.out.println(e);
		}
		
		return raw;
	}
	
	public static String encrypt(byte[] key, String plainText) 
													throws Exception{
		byte[] encrypted = null;
		
		SecretKeySpec sKeySpec = new SecretKeySpec(key, "AES");
		Cipher cipher = Cipher.getInstance("AES");
		
		cipher.init(Cipher.ENCRYPT_MODE, sKeySpec);
		
		encrypted = cipher.doFinal(plainText.getBytes());
		
		return asHex(encrypted);
	}
	
	public static String decrypt(byte[] key, String cipherText) 
													throws Exception{
		byte[] decrypted = null;
		
		SecretKeySpec sKeySpec = new SecretKeySpec(key, "AES");
		Cipher cipher = Cipher.getInstance("AES");
		
		cipher.init(Cipher.DECRYPT_MODE, sKeySpec);
		
		decrypted = cipher.doFinal(asByte(cipherText));
		
		return new String(decrypted);
	}
	
	public static void main(String[] args) throws Exception {
		String message="This is just an example";
		String password = "apple1";
		String salt = "47BCE5C74F589F4867DBD57E9CA9F808";
		
		// Create a key
		byte[] key = getAESKey(password, salt);
		
		String hex = asHex(key);
		System.out.println("hex: "+hex+" Len:"+hex.getBytes().length);
		
		String hash = "48c27a623063a286358e0bf65bd5afbd";
		byte[] hashBytes = asByte(hash);
		
		boolean expected = java.util.Arrays.equals(hashBytes, key);
		System.out.println("Test " + (expected ? "SUCCEEDED!" : "FAILED!"));
		
		String encrypted = encrypt(key, message);
		System.out.println("encrypted: "+encrypted);
		
		String original = decrypt(hashBytes, encrypted);
		System.out.println("original: "+original);
	}
}

Open in new window

0
 
LVL 47

Accepted Solution

by:
for_yan earned 500 total points
ID: 34885185
Is "challenge" - is something that you yourself specify?
As you understand I'm no specialist in this stuff, but looking at this code
it seems to me that it expects in this place the string which has only Hex number,
which means this string is a key which should be made up of digits and letters "a" through "f",
that's why "challenge"  which contains "h" and "l" and "g" causes problems.
If this is something you select yourself - try to select the key following this rule,
say 3a4b2345e should be fine, but 1t34s - is not good as "s" and "t" has no meaning in Hex number.
0
 
LVL 1

Author Comment

by:moombaz
ID: 34885663
I've tried and it doesnt work. "challenge" i replaced to "3a4b2345e". Error message that I got is javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16.

Still doesnt work. anw, i have been encrypting and decrypting using the same key. all of them works except for this one.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Protect jar file - windows app 2 50
servlet  URL Rewriting 1 36
hibernate insert example 13 28
How to determine if a string is a valid SHA value 7 28
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Java functions are among the best things for programmers to work with as Java sites can be very easy to read and prepare. Java especially simplifies many processes in the coding industry as it helps integrate many forms of technology and different d…
Viewers learn about the scanner class in this video and are introduced to receiving user input for their programs. Additionally, objects, conditional statements, and loops are used to help reinforce the concepts. Introduce Scanner class: Importing…
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now