iPhone 3Des Encrypting matching Java and .NET key issue, SecretKeySpec?

Question

I'm trying do some encrypt something using 3des on the iphone that must match the results from java and .NET.

the code i have is:

+ (NSString*) doCipher:(NSString*)plainText:(CCOperation)encryptOrDecrypt {

const void *vplainText;
size_t plainTextBufferSize;

if (encryptOrDecrypt == kCCDecrypt)
{
    NSData *EncryptData = [NSData dataWithBase64EncodedString:plainText];
    plainTextBufferSize = [EncryptData length];
    vplainText = [EncryptData bytes];
}
else
{
    NSData *tempData = [plainText dataUsingEncoding:NSASCIIStringEncoding];
    plainTextBufferSize = [tempData length];
    vplainText =  [tempData bytes];
}

CCCryptorStatus ccStatus;
uint8_t *bufferPtr = NULL;
size_t bufferPtrSize = 0;
size_t movedBytes = 0;
//  uint8_t ivkCCBlockSize3DES;

bufferPtrSize = (plainTextBufferSize + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1);
bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t));
memset((void *)bufferPtr, 0x0, bufferPtrSize);

NSString *key = [NSString MD5:@"HSDNIFFU"];

NSData *_keyData = [key dataUsingEncoding:NSASCIIStringEncoding];

NSLog(@"key byte is %s", [_keyData bytes]);

// Initialization vector; dummy in this case 0's.
uint8_t iv[kCCBlockSize3DES];
memset((void *) iv, 0x0, (size_t) sizeof(iv));

ccStatus = CCCrypt(encryptOrDecrypt,
                   kCCAlgorithm3DES,
                   kCCOptionPKCS7Padding,
                   (const void *)[_keyData bytes], //"123456789012345678901234", //key
                   kCCKeySize3DES,
                   iv,  //iv,
                   vplainText,  //plainText,
                   plainTextBufferSize,
                   (void *)bufferPtr,
                   bufferPtrSize,
                   &movedBytes);

//if (ccStatus == kCCSuccess) NSLog(@"SUCCESS");
/*else*/ if (ccStatus == kCCParamError) return @"PARAM ERROR";
else if (ccStatus == kCCBufferTooSmall) return @"BUFFER TOO SMALL";
else if (ccStatus == kCCMemoryFailure) return @"MEMORY FAILURE";
else if (ccStatus == kCCAlignmentError) return @"ALIGNMENT";
else if (ccStatus == kCCDecodeError) return @"DECODE ERROR";
else if (ccStatus == kCCUnimplemented) return @"UNIMPLEMENTED";

NSString *result;

if (encryptOrDecrypt == kCCDecrypt)
{

//  result = [[NSString alloc] initWithData: [NSData dataWithBytes:(const void *)bufferPtr length:[(NSUInteger)movedBytes] encoding:NSASCIIStringEncoding]];
    result = [[[NSString alloc] initWithData:[NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes] encoding:NSASCIIStringEncoding] autorelease];
}
else
{
    NSData *myData = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes];
    NSLog(@"data is: %@", myData);
    result = [myData base64Encoding];
}
return result;

}

This code successfully encrypts and decrypts a string. As you can see, it uses md5 on the key. However, it does not match the results from .NET and java.

The java code from the java developer looks like:

public static byte[] encryptTripleDES(String message) throws Exception {
    final MessageDigest md = MessageDigest.getInstance("md5");
    final byte[] digestOfPassword = md.digest("--KEY--".getBytes("utf-8"));
    final SecretKey key = new SecretKeySpec(digestOfPassword, "DESede");
    final IvParameterSpec iv = new IvParameterSpec(new byte[8]);
    final Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
    cipher.init(Cipher.ENCRYPT_MODE, key, iv);
    return cipher.doFinal(message.getBytes("utf-8"));
}

Unfortunately I'm not too familiar with java encryption. I did notice that after using md5 on the KEY it creates a SecretKey with the method SecretKeySpec. My Java developer told me that he needed to create a secretkey using the byte array of the key so that it could match the .NET key.

Can anyone explain this better to me and help me with a solution to match the results of the .NET and java counterparts?

Answer 1

I figured it out. The key that is generated after i md5 it is 32 bytes. From reading other posts, it seems that kCCKeySize3DES is only 24 bytes. If i put a key that is 24 bytes or less (no md5) this seems to work perfectly.