Encryption in Android equivalent to php's MCRYPT_RIJNDAEL_256 -


i using below php code encryption:

$enc_request = base64_encode(     mcrypt_encrypt(mcrypt_rijndael_256,                   $this->_app_key,                   json_encode($request_params),                   mcrypt_mode_ecb) );

now trying encrypt in android , getting different encrypted string. below android code:

public void enc(){     byte[] rawkey = getrawkey("my_key".getbytes());     secretkeyspec skeyspec = new secretkeyspec(rawkey, "aes");     cipher cipher = cipher.getinstance("aes");     cipher.init(cipher.encrypt_mode, skeyspec);     byte[] encrypted = cipher.dofinal("my_message".getbytes());     string result=base64.encodetostring(encrypted, base64.default); }  private static byte[] getrawkey(byte[] seed) throws exception {     keygenerator kgen = keygenerator.getinstance("aes");     securerandom sr = securerandom.getinstance("sha1prng");     sr.setseed(seed);     kgen.init(256, sr);      secretkey skey = kgen.generatekey();     byte[] raw = skey.getencoded();     return raw; }

could 1 me, wrong? , same correct encrypted string in android too.

i've created main method in java using bouncy castle show inner workings of mcrypt_encrypt() used in code sample.

this show other developers php's mcrypt_encrypt() dangerous method use. won't fail much, because rather continues should have stopped long ago. instance, adds or removes values key. emits warning when this, won't directly show in code.

public static void main(string[] args) throws datalengthexception, illegalstateexception, invalidciphertextexception {      // constants     boolean encrypt = true;     boolean decrypt = false;      // key either in binary in php or string (dynamic isn't it?), lets assume ascii     byte[] givenkey = args[0].getbytes(charset.forname("ascii"));      // determine key size dynamically, thought idea...     // note: php emit warning if key size larger, use     // largest key size otherwise     final int keysize;     if (givenkey.length <= 128 / byte.size) {         keysize = 128;     } else if (givenkey.length <= 192 / byte.size) {         keysize = 192;     } else {         keysize = 256;     }      // create 256 bit key adding 0 bytes decoded key     byte[] keydata = new byte[keysize / byte.size];     system.arraycopy(givenkey, 0, keydata, 0, math.min(givenkey.length, keydata.length));     keyparameter key = new keyparameter(keydata);      // create rijndael cipher 256 bit block size, not aes     blockcipher rijndael = new rijndaelengine(256);      // use padding method works on data cannot end 0 valued bytes     zerobytepadding c = new zerobytepadding();      // use ecb mode encryption, should never used     paddedbufferedblockcipher pbbc = new paddedbufferedblockcipher(rijndael, c);      // initialize cipher using key (no need iv, ecb)     pbbc.init(encrypt, key);      // create plain text byte array     byte[] plaintext = args[1].getbytes(charset.forname("utf8"));      // create buffer ciphertext     byte[] ciphertext = new byte[pbbc.getoutputsize(plaintext.length)];      int offset = 0;     offset += pbbc.processbytes(plaintext, 0, plaintext.length, ciphertext, offset);     offset += pbbc.dofinal(ciphertext, offset);      // show ciphertext     system.out.println(new string(hex.encode(ciphertext), charset.forname("ascii")));      // reverse encryption     pbbc.init(decrypt, key);     byte[] decrypted = new byte[pbbc.getoutputsize(ciphertext.length)];     offset = 0;     offset += pbbc.processbytes(ciphertext, 0, ciphertext.length, decrypted, offset);     offset += pbbc.dofinal(decrypted, offset);      // print out correctly, isn't correct     system.out.println(new string(decrypted, charset.forname("utf8")));      // check out zero's @ end     system.out.println(new string(hex.encode(decrypted), charset.forname("utf8")));      // lets make bit shorter... php way     // note in php, string may *not* contain null terminator     // add before printing string     system.out.println(new string(decrypted, charset.forname("utf8")).replaceall("\\x00+$", "")); }

warning: above code contains zerobytepadding. later discovered there difference between bouncy castle , php in respect: bouncy castle expects have pad, while php doesn't. bouncy adds 1..n bytes while php adds 0..(n-1) bytes, n block size (32 bytes rijndael-256/256). may have padding/unpadding yourself; sure test edge cases!


Comments

Post a Comment

Popular posts from this blog

image - ClassNotFoundException when add a prebuilt apk into system.img in android -

i'm in trouble add prebuilt apk system.img based taiwan mtk android phone platform, when push apk onto device,after reboot phone,the apk can installed succecessfully,but if add apk alps/out/target/product/$prj/system/app or vendor/mediatek/$prj/artifacts/out/target/product/$prj/system/app ,and produce system.img,the apk can't installed normally,the logcat say: a.lang.runtimeexception: unable instantiate activity componentinfo{com.sec.android.widgetapp.ap.hero.accuweather.widget/com.sec.android.widgetapp.ap.hero.accuweather.widget.weatherclock}: java.lang.classnotfoundexception: com.sec.android.widgetapp.ap.hero.accuweather.widget.weatherclock. can tell me what's problem ? when package manager installs apps part of system partition different installing apps on data partition. looks app using libraries somewhere else. when install on data lib directory created in apps data directory , symlinked /data/app-lib/. when apps installed on system it's expecte...
Read more

I need to import mysql 5.1 to 5.5? -

i have mysql 5.1 database , need import localhost running 5.5. how import 5.5 or downgrade mysql? install phpmyadmin 5.1 os: http://www.wikihow.com/install-phpmyadmin-on-your-windows-pc or https://www.digitalocean.com/community/articles/how-to-install-and-secure-phpmyadmin-on-ubuntu-12-04 then login, click on database, hit export, , export in sql format (quick fine). import .sql file 5.5 server (after installing phpmyadmin) logging in clicking database , hit import. hope helps!
Read more

Java, Hibernate, MySQL - store UTC date-time -

i saw here on few related questions (like this one , of course, this one )... essentially, want store date-time utc, , let application user choose time zone wants display date-time in. since seems date-time fields affected underlying jdbc driver, wonder if acceptable way go storing utc date-time: set both mysql , application server machine utc time zone (no need separate) both mysql , jvm should pick underlying system time settings (if not instructed otherwise) use datetime table columns on mysql side use java.util.date corresponding mapping on hibernate side (i guess java.sql.timestamp used too) let application worry interpreting date-time fields - i.e. let user choose preferred time zone is ok? edit clarify - here meant refer timestamps created strictly on server (e.g.date-time of record creation). application server instantiates date objects (new date() equals current date-time on server, , time zone agnostic). if client user wants supply date searching/filte...
Read more