Java. net3des differences and interoperability

The main differences are as follows:

1. The fill modes of data to be encrypted and decrypted are different.

C # has the following modes: ansix923, iso10126, none, pkcs7, and zero, while Java has the following: nopadding, pkcs5padding, and ssl3padding.

2. Default 3DES implementations, with different modes and filling modes

The default mode of C # is CBC, and the default filling mode is pkcs7. The default mode of Java is ECB, and the default filling mode is pkcs5padding.

3. The size of each key is different.

In C #, the size of the key is 16 and 24. in Java, the size of the key must be 24. In CBC mode, both the size of the vector IV must be 8.

 

Based on the principle of 3DES:

Des uses replacement and shift methods to encrypt 64-bit binary data blocks with a 56-bit key. Each encryption can perform 16 rounds of encoding on 64-bit input data,

After a series of replacement and shift, the 64-bit input is converted to a safe 64-bit output data.

.
3DES: Based on Des, it uses triple DES, that is, two 56-bit keys K1 and K2, the sender uses K1 to encrypt and K2 to decrypt, and then uses K1 to encrypt. the receiver uses K1 for decryption and K2 for encryption, and then K1 for decryption,

The effect is equivalent to doubling the key length.

 

Therefore, the key is supplemented in Java, that is, the first eight bytes are used as byte [16] ~ in byte [24]. Byte [23]; same as the encrypted result in C! So it is bold to assume that C # may check the size of the key as 16.

The first eight bytes are automatically used as the K3 complement, but Java does not implement this (Because Java's 3DESAlgorithmThe size of the key must be 24 ). In this case, the sender may use K1 encryption, K2 decryption, and K3 encryption; the receiver K3 decryption, K2 encryption, and K1 decryption.

 

The encryption and decryption results of Java and C # Are consistent when the key size is confirmed to be 24.

When implemented in Java, you only need to pay attention to completing the key with less than 24 characters, and adopt the CBC mode. The filling mode is pkcs5padding.

 

Implementation in C:

Public void test ()

{

Repeated ricalgorithm des = new tripledescryptoserviceprovider ();

Des. Key = encoding. utf8.getbytes ("wserrtyuiop12fer ");

Des. IV = encoding. utf8.getbytes ("12345678 ");

String STR = "test ";

Byte [] BYT = encoding. utf8.getbytes (STR );

Memorystream MS = new memorystream ();

Icryptotransform Ct = MCSP. createencryptor (DES. Key, Des. IV );

Cryptostream cs = new cryptostream (MS, CT, cryptostreammode. Write );

CS. Write (BYT, 0, byt. Length );

CS. flushfinalblock ();

CS. Close ();

String enctext64 = convert. tobase64string (Ms. toarray ());

Console. Out. writeline ("enctext64: {0}", enctext64 );

}

 

Java implementation:

Public static void main (string [] ARGs ){

Try {

Byte [] Key = "wserrtyuiop12fercsffswqh". getbytes ();

Byte [] IV = "12345678". getbytes ();

String S = "test ";

S = "9ec610e687ca 2642147f 3bb1779e 1c 56: 820124 ";

Base64decoder base64decoder = new base64decoder ();

Base64encoder base64encoder = new base64encoder ();

 

IV = base64decoder. decodebuffer ("h06bdkgg/ki = ");

Byte [] bt = base64decoder. decodebuffer ("nsyq5ofkjkiufzuxd54cvg = ");

System. Out. println ("original key size:" + bt. Length );

Byte [] kbt = new byte [BT. Length + 8];

System. arraycopy (BT, 0, kbt, 0, BT. Length );

System. arraycopy (BT, 0, kbt, 16, 8 );

System. Out. println ("Key base64:" + base64encoder. encode (kbt ));

Key = kbt;

System. Out. println ("key size:" + key. Length );

String result = encryptwithiv (Key, IV, S );

System. Out. println ("encrypt Result:" + result );

} Catch (exception e ){

E. printstacktrace ();

}

}

Public static string encryptwithiv (byte [] key, byte [] IV, string Str) throws exception {

Securerandom sr = new securerandom ();

Desedekeyspec DKS = new desedekeyspec (key );

Secretkeyfactory keyfactory = secretkeyfactory. getinstance ("desede ");

Secretkey securekey = keyfactory. generatesecret (DKS );

Ivparameterspec IPS = new ivparameterspec (IV );

Cipher cipher = cipher. getinstance ("desede/CBC/pkcs5padding ");

Cipher. INIT (Cipher. encrypt_mode, securekey, IPS, Sr );

Byte [] bt = cipher. dofinal (Str. getbytes ("UTF-8 "));

System. Out. println ("encrypt base64:" + new base64encoder (). encode (BT ));

Return new string (Hex. encodehex (BT ));

}

 

There is also a way to make Java and. net compatibility, in. in. net, specify the mode as ECB, fill it with pkcs7, and then use the default mode (desede/ECB/pkcs5padding) in Java. Note that the size of the key is set to 24 bytes by both parties. It is recommended that both parties inform the key of base64 encoded strings, because the byte bytes in Java and. NET are in different ranges (the former-128 ~ 127, the latter 0 ~ 255) to avoid unnecessary processing.

From http://gaoge2000.blog.hexun.com/18731819_d.html