Archive

Posts Tagged ‘Java’

AES 128bit Cross Platform (Java and C#) Encryption Compatibility

September 21, 2011 73 comments

It seems quite a minor issue but doing cross platform encryption and decryption specifically AES was a bit a challenge for me. When you  get it working it just seems like no big change to the original code you where working on but you wasted fruitless hours debugging. Just sharing so that another person doesn’t have to waste time wondering why same settings produce a different cipher and going through a number of unhelpful posts where it ” works on my machine”.

I initially used ISO 10126 padding, but that seemed to produce a different cipher in C# and Java. I decided to go with no padding which leads me to the  cryptographic exception: Length of the data to decrypt is invalid. After some head banging I settled with PKCS7

Same encoding of strings has to be used in java and c#, other wise you will end up having different ciphers in java and c#.

The java code below uses a base64 util class from android SDK but you can replace it like with one from apache commons

C# encryption utility

public RijndaelManaged GetRijndaelManaged(String secretKey)
        {
            var keyBytes = new byte[16];
            var secretKeyBytes = Encoding.UTF8.GetBytes(secretKey);
            Array.Copy(secretKeyBytes, keyBytes, Math.Min(keyBytes.Length, secretKeyBytes.Length));
            return new RijndaelManaged
            {
                Mode = CipherMode.CBC,
                Padding = PaddingMode.PKCS7,
                KeySize = 128,
                BlockSize = 128,
                Key = keyBytes,
                IV = keyBytes
            };
        }

        public byte[] Encrypt(byte[] plainBytes, RijndaelManaged rijndaelManaged)
        {
            return rijndaelManaged.CreateEncryptor()
                .TransformFinalBlock(plainBytes, 0, plainBytes.Length);
        }

        public byte[] Decrypt(byte[] encryptedData, RijndaelManaged rijndaelManaged)
        {
            return rijndaelManaged.CreateDecryptor()
                .TransformFinalBlock(encryptedData, 0, encryptedData.Length);
        }

        /// <summary>
        /// Encrypts plaintext using AES 128bit key and a Chain Block Cipher and returns a base64 encoded string
        /// </summary>
        /// <param name="plainText">Plain text to encrypt</param>
        /// <param name="key">Secret key</param>
        /// <returns>Base64 encoded string</returns>
        public String Encrypt(String plainText, String key)
        {
            var plainBytes = Encoding.UTF8.GetBytes(plainText);
            return Convert.ToBase64String(Encrypt(plainBytes, GetRijndaelManaged(key)));
        }

        /// <summary>
        /// Decrypts a base64 encoded string using the given key (AES 128bit key and a Chain Block Cipher)
        /// </summary>
        /// <param name="encryptedText">Base64 Encoded String</param>
        /// <param name="key">Secret Key</param>
        /// <returns>Decrypted String</returns>
        public String Decrypt(String encryptedText, String key)
        {
            var encryptedBytes = Convert.FromBase64String(encryptedText);
            return Encoding.UTF8.GetString(Decrypt(encryptedBytes, GetRijndaelManaged(key)));
        }

Java Encryption Utility

private final String characterEncoding = "UTF-8";
	private final String cipherTransformation = "AES/CBC/PKCS5Padding";
	private final String aesEncryptionAlgorithm = "AES";

	public  byte[] decrypt(byte[] cipherText, byte[] key, byte [] initialVector) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
	{
		Cipher cipher = Cipher.getInstance(cipherTransformation);
		SecretKeySpec secretKeySpecy = new SecretKeySpec(key, aesEncryptionAlgorithm);
		IvParameterSpec ivParameterSpec = new IvParameterSpec(initialVector);
		cipher.init(Cipher.DECRYPT_MODE, secretKeySpecy, ivParameterSpec);
		cipherText = cipher.doFinal(cipherText);
		return cipherText;
	}

	public byte[] encrypt(byte[] plainText, byte[] key, byte [] initialVector) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
	{
		Cipher cipher = Cipher.getInstance(cipherTransformation);
		SecretKeySpec secretKeySpec = new SecretKeySpec(key, aesEncryptionAlgorithm);
		IvParameterSpec ivParameterSpec = new IvParameterSpec(initialVector);
		cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec);
		plainText = cipher.doFinal(plainText);
		return plainText;
	}

	private byte[] getKeyBytes(String key) throws UnsupportedEncodingException{
		byte[] keyBytes= new byte[16];
		byte[] parameterKeyBytes= key.getBytes(characterEncoding);
		System.arraycopy(parameterKeyBytes, 0, keyBytes, 0, Math.min(parameterKeyBytes.length, keyBytes.length));
		return keyBytes;
	}

	/// <summary>
	/// Encrypts plaintext using AES 128bit key and a Chain Block Cipher and returns a base64 encoded string
	/// </summary>
	/// <param name="plainText">Plain text to encrypt</param>
	/// <param name="key">Secret key</param>
	/// <returns>Base64 encoded string</returns>
	public String encrypt(String plainText, String key) throws UnsupportedEncodingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException{
		byte[] plainTextbytes = plainText.getBytes(characterEncoding);
		byte[] keyBytes = getKeyBytes(key);
		return Base64.encodeToString(encrypt(plainTextbytes,keyBytes, keyBytes), Base64.DEFAULT);
	}

	/// <summary>
	/// Decrypts a base64 encoded string using the given key (AES 128bit key and a Chain Block Cipher)
	/// </summary>
	/// <param name="encryptedText">Base64 Encoded String</param>
	/// <param name="key">Secret Key</param>
	/// <returns>Decrypted String</returns>
	public String decrypt(String encryptedText, String key) throws KeyException, GeneralSecurityException, GeneralSecurityException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException{
		byte[] cipheredBytes = Base64.decode(encryptedText, Base64.DEFAULT);
		byte[] keyBytes = getKeyBytes(key);
		return new String(decrypt(cipheredBytes, keyBytes, keyBytes), characterEncoding);
	}

Hopefully this saves someone time.

Categories: Programming Tags: , ,

My First Android Application

September 15, 2011 1 comment

I was hesitant to learn android development because of time. Last week, a requirement kicked in that needed an android front-end. Target platform was android 2.2.  This is my feel of android development after six days of using android SDK. Actually I had also never used an android phone, so I was amazed how cool android OS  is.I should say mobile development should have been easier like how android development is from the beginning. I have developed in QT, and J2ME, but both dont match up to android development with ease. The great UI controls that come out of the box, the eclipse integrated plugin, the ability to reuse most of the standard java code, its all great.

I did consult the SDK documentation and the hello tutorials during the development. They where of great help. The application pulls the data from a .NET WCF JSON Rest based service. I used the Google Gson for the serialization and de-serialization of json to object types.  On the WCF service I decorated by operation contracts with WebGet and WebInvoke depending on whether am making GET or POST requests. To reuse the forms based authentication, the http connection service takes care of  managing the cookies mainly the forms based authentication cookie to receive and send it on requests.

Coding in android though seams easier than QT or j2me, I got some beating for not reading the documentation. Some of the beating I got:-

  • Embedding more than one root view in the scroll viewer was just throwing exception. I was quite big headed on googling for a solution on this one, because I just couldn’t expect it was the cause.
  • The table layout. This I had to abandon and choose another approach. I needed to replicate a telerik like silverlight gridview with a details view on each row. Was t0o ambitous about it, but abandoned it. Got headaches about the table row layout parameters and scrollview.
  • Adding an activity to the manifest file. Was always forgetting about this step and that led me to debugging. And pretty much I would remember (f***) when the exception is raised from the line where I start the Activity.
  • A point I got so frustrated with exceptions from setting content view. The exceptions just could’t make sense. I don’t know what I f.*up, but when I change layouts, or add new layouts. I tend to get exceptions when setting activity view. It just couldn’t make sense why. so I went to the bin folder and did the mighty SHIFT-DELETE-RETURN. Damn. all references to resources in R.java couldn’t be recognized any more. I was quick to think may be its a build order, so I moved gen above src folder, build project and back. Some magic happened, no more errors even when setting the content view. I still don’t know why for now. But this seems to be the solution I do for now when I get exceptions when setting content view. It seems to work. Till when I become a sniper at android, I will overlook this.

Damn! Hooking my configuration service to android preferences activity has been the easiest way of managing preferences on a mobile app have seen.

Lastly for now. The way resources are managed in android development, I can’t find an execuse for the laziness of harding cording strings in code files. Its damn fast, easy. Android is great. Android development platform is very great. Now I just feel cheated because I was missing a lot for a long time. I must boostrap my N900 with Nitdroid.

Android development is the way mobile development should have been like from the beginning.

Categories: Programming Tags: , ,

AspectF in Java

AspectF is a Fluent Aspect Framework written in C# by Omar AL Zabir. It helps reduce on the plumbing code. For more information about AspectF framework, you can read an article by Omar AL Zabir on code project. There are different aspect frameworks you can choose from, for C# there is postsharp, Castle.DynamicProxy, LinfuDynamicProxy, Sprint.Net etc and for java there is Spring, AspectJ etc. My experience in .Net is with Postsharp and AspectF. When it comes to java, I have played around with Spring AOP but I haven’t found it easy as with AspectF in .Net. I took the decision to convert AspectF by Omar AL Zabir in C# to Java. Read more…

Categories: Programming Tags: , ,