views:

149

answers:

2

I have a new application written in java that needs to read encrypted values out of a db. The problem is that all the values in the db were encrypted by .NET code that uses the ANSI x923 padding scheme. I have done some research and it doesn't look like the Java TripleDes libraries have a way to specify this padding scheme. I was wondering if anyone knows if I am correct and the ANSI x923 isn't supported in java, or if there is a way to get this working.

A: 

The "Cipher Algorithm Padding" section in Sun's document on JCA Standard Algorithm Names contains no mention of that padding scheme so it seems that it is unsupported. That being said, Bouncy Castle provides an implementation of X9.23 padding that can be used directly if you are able to use an external library and venture out of the confines of JCA.

laz
+1  A: 

If you use Bouncy Castle JCE, it supports X923 padding. You can get cipher like this (assuming you use CBC mode),

cipher = Cipher.getInstance("DESede/CBC/X9.23PADDING");

I don't think Sun's JCE supports it. But you can simply decrypt it without padding and remove padding yourself. With X9.23, the last byte is the number of padding added. So you can do something like this,

cipher = Cipher.getInstance("DESede/CBC/NOPADDING");
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
int outSize = cipher.getOutputSize(cipherText.length);  
plainText = new byte[outSize];
length = cipher.update(cipherText, plainText, 0);
cipher.doFinal(plainText, length);

//Remove padding
int newLen = plainText.length - (plainText[plainText.length-1] & 0xFF);
byte[] data = new byte[newLen];
System.arraycopy(plainText, 0, data, 0, newLen);
ZZ Coder
Good find on that first method. I briefly looked through the Bouncy Castle API to see if their JCE provider supported it that way, but I didn't look hard enough.
laz