CODEWITHSUNDEEP
javacryptographydesencryption
OscarRyz
OscarRyz

Reputation: 199294

Encrypting with DES and password

I'm using the code I've found here to encrypt using DES. I'm sending this value to 3rd party servce, but doesn't seem to work.

Question in code given code, salt and iteration are used as parameters to create initialize the cipher with the parameter spec:

// Prepare the parameter to the ciphers
AlgorithmParameterSpec paramSpec = new PBEParameterSpec( salt, iterationCount );

// Create the ciphers
ecipher.init(Cipher.ENCRYPT_MODE, key , paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key , paramSpec);

If I change the iteration count, I have different results.

How can I know what is being used in the other side of the wire? The only thing I know from this third party service, is, the algorithm to use is DES and of course the secret password.

What am I missing?

Upvotes: 2

Views: 2098

Answers (2)

Robert
Robert

Reputation: 42754

Your problem is that you know the encryption algorithm (DES) but not the key generation algorithm. For deriving a key from a password there are a lot of possibilities. The PBEParameterSpec from your example uses the PKCS#5 algorithm for deriving the key from the password. This is a very good algorithm for that purpose but often people try to develop a simple algorithm themselves - e.g. just hashing the password or some even worse methods. Detecting what method is used is not easy. If you have a working app using that 3rd party service yon can try to reverse engineer it to see how it works.

Upvotes: 1

Wesley
Wesley

Reputation: 10862

"DES" itself is just a single iteration. Its successor, "Triple DES" encrypts each data block three times performs three iterations of the algorithm. If you are expected to perform encryption using just "DES", one iteration should be correct.

In general, it is considered bad practice to write your own cryptographic functions for anything other than toy implementations. Writing secure, correct libraries for cryptography can sometimes be tricky. Consider using the Java Cryptography Architecture, part of the Java Platform SE 6.

Upvotes: 2

Related Questions