tags:

views:

653

answers:

2
Q: 

Encryption in Java & Flex

I want tp encrypt and decrypt string, with defined salt. But the result must be same if the code run in java and adobe flex. The main goal is: the app in adobe flex will be generate a string that can be decrypt in server using java.

I use this flex library http://crypto.hurlant.com/demo/

Try to 'Secret Key' Tab. I want to use AES Encryption, 'CBC' or 'PKCS5'.

var k:String = "1234567890123456";
var kdata:ByteArray = Hex.toArray(k);
var txt:String = "hello";
var data:ByteArray = Hex.toArray(Hex.fromString(txt));;
var name:String = "simple-aes-cbc";
var pad:IPad =new PKCS5();
var mode:ICipher = Crypto.getCipher(name, kdata, pad);
pad.setBlockSize(mode.getBlockSize());
mode.encrypt(data);
encrypted.text=Hex.fromArray(data);
trace(Hex.fromArray(data));

And here is the code in java

String plaintext = "hello";
String key = "1234567890123456";

SecretKey keyspec = new SecretKeySpec(key.getBytes(), "AES");       

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE,keyspec);
byte[] encrypted = cipher.doFinal(plaintext.getBytes());

BASE64Encoder base64 = new BASE64Encoder();
String encodedString = base64.encode(encrypted);

System.out.println(encodedString);

Why the result is not same? Can you guys provide the sample with the same result both of java and flex (encrypt and decrypt)? And if I want to change the paramater, for example, from cbc to ebc, which line that need to be changed?

Thanks!

+1  A: 

"Simple" encryption mode (simple-aes-cbc) uses random initialization vector which is different each time you use it even if your secret key is the same.

If you wish to guarantee the same results when using the same key you should use "aes-cbc". Additionally you have to manually set the IV on the Cipher:

var ivmode:IVMode = mode as IVMode;
ivmode.IV = "some string guaranteed to be constant"

The IV can be made dependent on something like userId, which makes encryption repeatable for the same user.

You should consider how this affects your security scheme.

Goran  2009-12-16 09:11:34
When I try to castvar ivmode:IVMode = mode as IVModeit shows null resultand I try to with or without 'simple' it still produce same result.
Jef  2009-12-16 09:42:46
I've dealt with this problem as stated above. You can checkout the hurlan library source at http://crypto.hurlant.com/demo/srcview/index.html. They've implemented the same method.
Goran  2009-12-16 09:58:04
I'll see again. thx anyway
Jef  2009-12-16 10:15:23
A: 

Seems like I do not convert into hex first in java when pass the key. And so on when get result byteArray at adobe flex, I do not cast again in java.

That's what I got when I see Arcadio code. Thanks.

Jef  2009-12-16 10:11:47

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.