Monday, June 15, 2009

TripleDES encryption compatibility when using Java and .NET

Note: This article shows you how to generate a SecretKey to use with a TripleDES encryption cipher. The shared-secret key can be 24 byte or even 16 bytes long.
For a quick brief of how TripleDES (3DES) works have a look here.

The most common problem related to encrypting something in Java and decrypting in .NET or vice-versa is a misunderstanding of the Keying options that are defined in the standards and those implemented by Java and .NET

A DES key is made up of 56 bits and 8 parity bits (8 bytes)
A 3DES key is made up of a bunch of 3, 8-byte DES keys i.e. a 24 bytes long

If you are going to use a 24 byte key for both Java and .NET, you're safe; then encryption will be compatible.

Java will force you to use only a 24 byte key when using TripleDES; the subtly is that .NET supports both a 16 byte as well as a 24 byte key.
Now If you generate a key from a MD5 hash of a shared secret, it will be just 16 bytes. .NET has no problem with this. It implements Keying Option 2. It will intelligently take the first 8 bytes and append it after the 16th byte - forming a 24 byte key. Java, *sigh* sadly doesn't do this. You'll have to spoon feed it like so:

public SecretKey getSecretKey(byte[] encryptionKey) {
SecretKey secretKey = null;
if (encryptionKey == null)
return null;

byte[] keyValue = new byte[24]; // final 3DES key

if (encryptionKey.length == 16) {
// Create the third key from the first 8 bytes
System.arraycopy(encryptionKey, 0, keyValue, 0, 16);
System.arraycopy(encryptionKey, 0, keyValue, 16, 8);

} else if (encryptionKey.length != 24) {
throw new IllegalArgumentException("A TripleDES key should be 24 bytes long");

} else {
keyValue = encryptionKey;
}
DESedeKeySpec keySpec;
try {
keySpec = new DESedeKeySpec(keyValue);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
secretKey = keyFactory.generateSecret(keySpec);
} catch (Exception e) {
throw new RuntimeException("Error in key Generation",e);
}
return secretKey;
}

4 comments:

Sam Walker said...

Thank you for this informative artice. It helped me find the solution. Find my java and .NET solution here.

http://blog.bluesam.com/2009/07/triple-des-encryption-implementation.html

Anonymous said...

this worked very well, didnt know it had to be 24 bytes... thanks!

Malinga said...

Thankz

Ignacio said...

thanks! you make my day!