tags:

views:

1778

answers:

2
Q: 

Encrypt/Decrypt ECB/PKS5/Blowfish between AS3Crypto & Javax.Crypto fails with padding error

I have a secret key that was sent to me as a file so I can encrypt some xml data using Blowfish. How do I access the key so that I can use it with AS3Crypto? I assume I need to Embed it using the [Embed] meta tag. It's mimeType="application/octet-stream" but I'm not sure if thats right. How do I embed, then reference this file as the secret key? The xmls that I'm encrypting cannot be decrypted on the Java side. Each attempt fails with this exception:

javax.crypto.BadPaddingException: Given final block not properly padded.

As a bonus, if anyone has experience using the lib to work with the Java implementation and knows the ideal mode/padding/IV to use that would be awesome. Thanks!

//keyFile is an embedded asset. I was given a file to use as the key
var kdata:ByteArray = new keyFile() as ByteArray;

//Convert orderXML to Base64
var orderData:ByteArray = Base64.decodeToByteArray(String(orderXML));

//Cipher name   
var cname:String = "simple-blowfish-ecb";

var pad:IPad = new PKCS5;
var mode:ICipher = Crypto.getCipher(cname, kdata, pad);

//not sure if this is necessary. seems to be also set in mode
pad.setBlockSize(mode.getBlockSize());

mode.encrypt(orderData);

var transmitXML:String = Base64.encodeByteArray(orderData);

//DEBUG: Output to TextArea
storePanel.statusBox.text += "\n--TRANSMIT--\n"+transmitXML;
A: 

The error sounds like the file was not "flushed" before it was closed by the encryption code.

I've never used as3crypto but it looks like it would inter-operate with "AES/CBC/PKCS5Padding" on the Java side, and that's the cipher I'd recommend in new applications (a 128-bit key is considered "strong").

erickson  2009-05-15 16:07:29
How would I go about closing the file to avoid this error? Its embedded into the Flash File. I don't see a reference for a flush() method in the ByteArray class.
BlueDude  2009-05-15 22:14:19
I'm not familiar with the API. Post a link to the docs and the code and I'd be happy to take a look at it. You should be looking for a method like "finish", "dispose", etc. on the cipher object. In Java it's called "doFinal".
erickson  2009-05-15 22:51:52
Apparently for AS3 Crypto, the source is the documentation. http://crypto.hurlant.com/demo/srcview/ There does appear to be a dispose method. When would I call this method?
BlueDude  2009-05-17 08:02:27
Okay, I took a look at the library, but it appears that the dispose method just erases the keys. I looked at the ECBMode implementation, and it looks like your code above should work properly with it, including padding the plaintext. It's possible the problem is with the Java code. If you want to post it, I'll review that too. Also, a test case using a short message would be helpful... post a test key and short message, then show the Base64-encoded output of the as3crypto lib.
erickson  2009-05-19 17:07:11
A: 

Dunno if you're still unsure about how to embed binary data, but you're right about using the [Embed] tag (it's certainly one good way of doing it).

I often embed like this:

[Embed(source="myKeyFile.key", mimeType="application/octet-stream")]
private const _KeyFile:Class;
private var keyFile:ByteArray = new _KeyFile();

...

trace(keyFile.length + " bytes"); // XYZ bytes

More info: http://dispatchevent.org/roger/embed-almost-anything-in-your-swf/

aaaidan  2010-09-01 02:48:41

related questions

Are there any good programs for actionscript/flex that'll count lines of code, number of functions, files, packages,etc...
Drawing a custom label on a pie chart in Yahoo's Flash Library ASTRA
Is there a way to render svg data in a swf at runtime?
How can I resize a swf during runtime to have the browser create html scrollbars?
FLVPlayback component memory issues
Create an EXE from a SWF using Flex 3 without requiring AIR?
What are the naming conventions of an AS3 class?
How To Get Label Of Combobox to Fade In Flex
Best Practices for AS3 XML Parsing
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
Printing Flex components in FireFox 3
ActionScript 3.0 sockets can't reconnect
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.