Link to home
Start Free TrialLog in
Avatar of moombaz
moombaz

asked on

Java crypto

String hashPassword = md5(arg4);

byte[] hPassword = AES.getAESKey(hashPassword, "888");
response = AES.encrypt(hPassword, "challenge");

//---------------------------------------------------------------------------------------

String driverHash = hashPassword;

byte[] driver_hash = AES.getAESKey(driverHash, "888");
String checkResponse = AES.decrypt(driver_hash, "challenge");

I compiled the codes. no error. Tried running the codes, I got a java.lang.NumberFormatException: For input string: "ch"

When I changed "challenge" to a single digit "1", it can run fine. Im stuck. What can be the problem??
Avatar of for_yan
for_yan
Flag of United States of America image

Sorry, I was trying to find this method getAESKey in Java Crypto API, and
somehow, I could not. What is the type of this AES in your code, or
is it a static method. But could not find class AES in Java Crypto either.

Most obvious general point is that it expects String which should be possible to be evaluated
as integer (so "1" will work and "challenge" would not, did you try some other number?),
 but this is certainly not too helpful.

Perhaps someone with experience in Crypto would advise.

Still if you elaborate a little bit on the context, maybe it will help.
Avatar of moombaz
moombaz

ASKER

hi for_yan,

im using all of this

import java.io.*;
import java.net.*;
import java.util.*;
import java.text.*;
import cryptosystem.*;
import java.security.*;
So is AES a class within these packages or it is an instance
of some class? If the latter, then what is the class name?
I was looking for a method getAESKey in Java crypto
but it for some reason escapes me.

Do you have a link to the API documentation for these classes?
Those which I see for Java crypto don't seem to contain this stuff.
Is getAESKey method something which is part of your program, not some method from API?
Avatar of moombaz

ASKER

No I just call it directly. Im not calling from another class or method
Avatar of moombaz

ASKER

ouh.. my bad.. it is from this class.

package cryptosystem;

import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.KeyGenerator;

import java.security.NoSuchAlgorithmException;

public class AES {
	
	public static String asHex (byte buf[]){
		StringBuffer strbuf = new StringBuffer(buf.length*2);
		int i;
		
		for(i=0; i<buf.length;i++){
			if(((int) buf[i] & 0xff) < 0x10)
				strbuf.append("0");
			
			strbuf.append(Long.toString((int) buf[i] & 0xff, 16));
		}
		return strbuf.toString();
	}
	
	public static byte[] asByte (String hex){
		byte[] bts = new byte[hex.length()/2];
		for(int i=0;i<bts.length;i++){
			bts[i] = (byte) Integer.parseInt(hex.substring(2*i, 2*i+2), 16);
		}
		
		return bts;
	}
	
	/* returns a 128 bit key */
	public static byte[] getAESKey(String password, String salt) 
													throws Exception{
		int IC = 2;
		byte[] keyBytes = null;
		
		MessageDigest md = MessageDigest.getInstance("MD5");
		md.update(password.getBytes("CP1252"));
		md.update(salt.getBytes("CP1252"));
		for(int i=1; i<IC; i++){
			md.update(md.digest());
		}
		
		keyBytes = md.digest();
		
		return keyBytes;
	}
	
	public static byte[] generateKey(){
		byte[] raw = null;
		try {
			KeyGenerator kgen = KeyGenerator.getInstance("AES");
			kgen.init(128);
			
			SecretKey skey = kgen.generateKey();
			raw = skey.getEncoded();
			
		}catch (NoSuchAlgorithmException e){
			System.out.println(e);
		}
		
		return raw;
	}
	
	public static String encrypt(byte[] key, String plainText) 
													throws Exception{
		byte[] encrypted = null;
		
		SecretKeySpec sKeySpec = new SecretKeySpec(key, "AES");
		Cipher cipher = Cipher.getInstance("AES");
		
		cipher.init(Cipher.ENCRYPT_MODE, sKeySpec);
		
		encrypted = cipher.doFinal(plainText.getBytes());
		
		return asHex(encrypted);
	}
	
	public static String decrypt(byte[] key, String cipherText) 
													throws Exception{
		byte[] decrypted = null;
		
		SecretKeySpec sKeySpec = new SecretKeySpec(key, "AES");
		Cipher cipher = Cipher.getInstance("AES");
		
		cipher.init(Cipher.DECRYPT_MODE, sKeySpec);
		
		decrypted = cipher.doFinal(asByte(cipherText));
		
		return new String(decrypted);
	}
	
	public static void main(String[] args) throws Exception {
		String message="This is just an example";
		String password = "apple1";
		String salt = "47BCE5C74F589F4867DBD57E9CA9F808";
		
		// Create a key
		byte[] key = getAESKey(password, salt);
		
		String hex = asHex(key);
		System.out.println("hex: "+hex+" Len:"+hex.getBytes().length);
		
		String hash = "48c27a623063a286358e0bf65bd5afbd";
		byte[] hashBytes = asByte(hash);
		
		boolean expected = java.util.Arrays.equals(hashBytes, key);
		System.out.println("Test " + (expected ? "SUCCEEDED!" : "FAILED!"));
		
		String encrypted = encrypt(key, message);
		System.out.println("encrypted: "+encrypted);
		
		String original = decrypt(hashBytes, encrypted);
		System.out.println("original: "+original);
	}
}

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of for_yan
for_yan
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of moombaz

ASKER

I've tried and it doesnt work. "challenge" i replaced to "3a4b2345e". Error message that I got is javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16.

Still doesnt work. anw, i have been encrypting and decrypting using the same key. all of them works except for this one.