Questions of 3DES

I write a Java service of 3DES encryption, however, if the encrypt string length is not 8, 16, 24 … bytes, it will throw “javax.crypto.IllegalBlockSizeException: Input data length not a multiple of blocksize.”, howevere, when i test it in another server, it works properly, did any of you have any idea on that?

Furthermore, what should be the length of the key? is it 24 bytes or 32 bytes? is it possible to use a 32 bytes key to encrypt?

Thank you in advance

[highlight=java]

byte[] passphrase = null;
byte[] instring = null;
IDataCursor idc = null;
String Algorithm = “DESede”;
byte[] encryptString = null;
try {
idc = pipeline.getCursor();
if (idc.first(“instring”))
{
instring = (byte[])idc.getValue();
}
else
{
throw new ServiceException(“Input parameter ‘passphrase’ was not found.”);
}
if (idc.first(“passphrase”))
{
passphrase = (byte[])idc.getValue();
}
else
{
throw new ServiceException(“Input parameter ‘inputstring’ was not found.”);
}
SecretKey deskey = new SecretKeySpec(passphrase, Algorithm);
Cipher c1 = Cipher.getInstance(Algorithm);
c1.init(Cipher.ENCRYPT_MODE, deskey);
encryptString = c1.doFinal(instring);
}
catch (Exception ex) {
throw new ServiceException(ex.toString());
}
finally {
IDataUtil.put(idc, “encryptString”,encryptString);
idc.destroy();
idc = null;
instring = null;
passphrase = null;
Algorithm = null;
encryptString = null;
}

[/highlight]

The issue may be that the default security provider in the JVM that is used by your IS installation may be different from the security provider used by your other server.

Different providers may implement the 3DES algorithm differently which could account for the differences in the block sizes and padding approaches.

You can specify a particular provider as the second parameter of your Cipher.getInstance() call. If both IS and your other test server use the same provider you should get the same results.

The following IS java service will return a stringlist containing the names of the security providers that are installed in your current JVM. You can specify one of these names to use a specific security provider.

[highlight=java]

//Requires import statement for java.security.Provider and java.security.Security in the IS java service “shared” tab

IDataCursor idc = pipeline.getCursor();
String providerName = null;

Provider[] providerArray = Security.getProviders();
String[] providers = new String[providerArray.length];

for (int i=0;i<providerArray.length;i++) {
providerName = providerArray[i].getName();
providers[i] = providerName;
}

idc.insertAfter(“providers”,providers);
idc.destroy();

[/highlight]

A great book on understanding Java-based encryption, certificates, etc. is Beginning Cryptography with Java by David Hook.

HTH,

Mark

I make it work by defining the Algorithm = “DESede/ECB/PKCS5Padding”

Thanks!

Good on you, mate!

Did you find out which java security providers were in use on each of your servers? Did you change providers or just pick an algorithm that was implemented the same in the providers you were already using?

Mark