Problem using mcrypt for use with Java

[harleyh]

I need to send an encrypted string to a client who is then using Java for decryption. The problem is that my encryption is no where near what it needs to be.

 

Here are the parameters they are using;

 

Algorithm: 3-DES

Mode: CBC

Padding: PKCS5

Key Hashing: MD5

IV: 00000000

Encoding: Base64

 

 

Here is my php code;

 

function pkcs5_pad ($text, $blocksize)
{
    $pad = $blocksize - (strlen($text) % $blocksize);
    return $text . str_repeat(chr($pad), $pad);
}

$string = "string to encrypt";

// pad the string
$size = mcrypt_get_block_size('tripledes', 'cbc');
$string = pkcs5_pad($string, $size);

// create iv
$iv = '00000000';

// hash the key
$my_key = md5("MYKEY"); 

// final encryption
$enc_string = mcrypt_encrypt(MCRYPT_3DES, $my_key, $string, MCRYPT_MODE_CBC, $iv); 

//and finally Base64 encoding
$final_string = base64_encode($enc_string);

 

I read quite a bit about getting php to be compatible with Java on this and this seemed like the correct way to go?

[harleyh]

I've whittled down the problem some and it appears to be the PKCS5Padding that's the problem. The client sent me the encrypted string to attempt to decrypt with php.

 

Here is the urldecoded encrypted string;

 

myb6ruN0pf8BjytWkiRc7pH6J3TZCsl2KDtu3woc3xQzu+b77MsnNdErqqU8gapP6qbLPTccGoA3

BaqwQ4z9zzly5/SxlzxjW0a1AF10OQC19FJphpZpoLMl2jt1khPVNhmSa9a8qVh1lDT3X4E9844Y

G8myEgTzTjRW/VFYVz74eKXaZnU6nTW28RAmVtmi5iyN6XlKThrHhg0bf+azHchpXhFTihxnj3zk

qcOjLbTGNoPLFlRkvY4Oj1aJhr9VNBYASA9n7nVaj1FvTclmALzc2F8aJ+loZ+D7EolkSk76K3VR

TFh4UWaFGdFBYJMQeQX2+ZmuQjl5gNUp2BfGa1MF2B9iAS2FkcJ34a2wwNYhq4x+Tp/Jke61s9qk

TSAUoaCczHPiebtxjEHhT68XYyrUsYjZpl/TdbdzbV2vHfWIK7hJUMWjsLL/q7zMuVt8ylPun2Au

WIHWEo4tUdCQGbIAm8LM90oWyIBxHBkedBU2ZjNbemb3eNTf5Q+yfySt/oStoWlIQhU97WEB5WWc

RBPt0AI1Ss90iXTcvuJ+wxxM8rnL8noUVFXk7oQkG2SgdJAf6OsH7pATesk7HEC9H9iobfOpS99u

+mPO6l1ojyHsV9pzSdRRBgIJWG4dYqDfsMih//UVUqUH0T+Al6tYq3SXCUhrdEAod9Wm+SHQgxCd

8l2NH7BrH/3t64ijOGwNARmS73/KOmHeU0wFqWzrA6vTbFslquBuxj0HwH7kLK8ok8GAkENJ35YW

ktyomcTdTFleilmGePM/0h7+nHBASAH54+x8Cu36GnUCU3VaY5F4vuIqrclyy/Yx80a2HrDfQB6m

sdlBZUULEAZyucR4yTBU7HQgtB9odO43SUYzIcG7yMbopHUpnRiXMP13ZN7DIVlvr8w7suJ6fFPF

Z551kEKgob7n3EmY1yrsGJ8/H3v/fc4Cof4Ixe6MBGxb9bgt5bshQ3NBlWRba9gNWxH7tVymzCbJ

bEie8Gl5DHQfpfFBsQvD6223EwgvftwT2c1NJkuoW5TWxGdCKmkJe6ab/hflamHOIIG+TFcV4g34

8zkF+8weVj549RhWCICiZyDSD24KWxuviCdLYGGKjPctGA+SjElvVhHqkFewR2HHcjaYKvsF4lab

9qdb9LhXTTNDSKnhK1a4xc15v2CjSHJfWX2VMgbqfg/T5YBYWE0LAqoLFE8M+fO26V0d1/Xehdb+

71YDSTDBtAW03lsaMh4ofWmEY89j/NS38tz82di9P38KDFyUoPnCz8lqoAemTKFlv7/xBYTaSAUl

XUf9GfAYGWoYADhkGCgC+M/cVg4KfZk1tHuNE5v87mI65jZYKg8K8ZdcG7HoH4IQVrZkrDwlJQX9

pCKEB/IifIklVZyMBH0u2vTumG/CgqBf22eI1tIqpz4sopBgN5/WAa998YE6Bzig1fPIA8uLITmO

Z5QK6zz+aoJIBKnhwRruwOmO9jpT52Mc3WbT8CbH7ObP3QJWlcZyhfCFSSUdBx59bRYancLPSOpz

Sq+LJT/AykA0D9dYHX6KXCAzZ7/2XN9mIVMKv6/51MaS/Kz7+HwaZkNsOyzujTxaVaxNu/NEIxbz

nEdNUJL/rqbNTi1EjcWhW4zHbE7UeX6feCtqQ5gegUDNYDiMObalUMViyyZpUSRXh7x7hYTd1+4r

itHfD3cKTIqxdvB7ezb4ouC1u63YbgLD2Ivf2bsVW0N9z98OAI0QD18J6qd3Rq9b84cbYJbd1M3f

YLyka7OcQU1sQcbqEFwKL7OAt3SqT2o9YqGEsvMJ6o5G1a4rMr7mDlsfpQ2tTrR6593rbdRt8ciU

GOdZoMlqxKEm/q1Ciq/7MuCi5roZ54wx2gFbVk7vq/voa7OchHuhY5JfG0ls2XO0Og2YsNjHc77+

8iq2E+7qMrgi+25NZ9l+Iq7bI5yOim5G6+iFCNZy2aT02xCNWrcQIokZbyCuD7qNJ4mLrpzcHEzP

cv5Gb6BNBZXHy/I8XhS7QGVEhqR2SA==

 

Then after a Base64_decode I still have a very large string. The problem seems to happen after I try a pkcs5_unpad function that I found in numerous places on the web. Here is that function;

 

function pkcs5_unpad ($text)
{
  $pad = ord($text{strlen($text)-1});
  if ($pad > strlen($text)) return false;
  if (!strspn($text, chr($pad), strlen($text) - $pad)) return false;
  return substr($text, 0, -1 * $pad);
}

 

This now returns nothing!??  If I skip this step I get this;

 

H]\FUrsion="1.0" standalone="yes"?> First Name Last Name test@test.com MTMI 4102 AHospitalName aLicensure

 

which is very close to what it should be;

 

First Name Last Name test@test.com MTMI 4102 AHospitalName aLicensure

 

Anyone have any ideas on what may be going on now?