Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / General / May 2007

Tip: Looking for answers? Try searching our database.

encryption in Oracle, decryption in Java

Thread view: 
Enable EMail AlertsStart New Thread
schw - 10 May 2007 15:16 GMT
Hi

I encountered a problem not sure how to solve it. please help if
possible.

in oracle9 I do a simple encryption (using DES) that gives me the
following RAW:

F26D94ECDACDBD111584C7A8A9018A5C

when decrypted I get 36463643363133313332333333343335 which is
correct.

However in java when I try decrypting the
'F26D94ECDACDBD111584C7A8A9018A5C' I get this:

3646364336313331c15fa7dfe9f98e24

First 8 bytes are exactly the same, the other 8 bytes differ, why ?

In Java I use the following code:

Cipher dcipher = null;

dcipher = Cipher.getInstance("DES/ECB/NoPadding");

SecretKey myKey = new SecretKeySpec(_key, "DES");

dcipher.init(_cryptMode, myKey);

return dcipher.doFinal(_buffer);

Obviously keys in both encryption and decryption are the same.

Thanks for any hints.
Reply to this Message
rossum - 10 May 2007 17:49 GMT
>Hi
>
[quoted text clipped - 3 lines]
>in oracle9 I do a simple encryption (using DES) that gives me the
>following RAW:
Why DES?  AES is faster and more secure.

>F26D94ECDACDBD111584C7A8A9018A5C
>
[quoted text clipped - 5 lines]
>
> 3646364336313331c15fa7dfe9f98e24
This example is now insecure and must be changed in your production
system.

>First 8 bytes are exactly the same, the other 8 bytes differ, why ?
DES has a 8 byte blocksize.  You are probably using different block
cypher modes at each end so the decryption fails.  Given that the
first block decrypts correctly using ECB, it is possible that the
Oracle encryption is CBC with a zero initialisation vector (IV).
Decrypting that with ECB will give the effect you describe.

>In Java I use the following code:
>
>Cipher dcipher = null;
>
>dcipher = Cipher.getInstance("DES/ECB/NoPadding");
ECB mode is not secure, I would be surprised if the Oracle code is
using plain ECB.  For a literal illustration of the insecurity of ECB
see http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

Try changing to CBC mode:
 Cipher dcipher = Cipher.getInstance("DES/CBC/NoPadding");
                                          ^^^

CBC mode is more common and more secure than ECB.  As I said above,
using ECB to decrypt CBC with a zero IV will give one block of
plaintext followed by gibberish.  Using a zero IV is somewhat
insecure, but less insecure than ECB.

You can also try any other modes that your Java implementation allows.
If none of them work then try to find out what mode the Oracle
encryption is using.

Added: I have done a quick hand calculation for the first three bytes
of the second block, my conjecture is probably correct - it looks as
if Oracle is encrypting in CBC mode with a zero IV.

rossum

>SecretKey myKey = new SecretKeySpec(_key, "DES");
>
[quoted text clipped - 5 lines]
>
>Thanks for any hints.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.