4

Using the Rijndael algorithm is it possible to encrypt a config file (or section(s) in a config file) and then decrypt that file in Java? Assumptions can be made such as:

  1. Pass in IV (not Autogenerated idea :: GenerateIV(); )
  2. Pass in Key
  3. BlockSize is 128 (standard)

Assuming this can be done, my next question on this would be:

  1. Can the keySize be 256? I know 128 is AES but we would like to use 256. I also don't know if Java has that provider for 256 or if I need to use BouncyCastle
  2. What is the Padding? PKCS7?
  3. I assume the CiperMode would be CBC

Something like this in c#? But, no clue if it can be decrypted in Java...perhaps even my c# is wrong? 

public static void initCrypt()
    {
        byte[] keyBytes = System.Text.UTF8Encoding.UTF8.GetBytes("abcdefghijklmnop");

        rijndaelCipher = new RijndaelManaged();
        PasswordDeriveBytes pdb = new PasswordDeriveBytes(keyBytes, new SHA1CryptoServiceProvider().ComputeHash(keyBytes));
        byte[] key = pdb.GetBytes(32);
        byte[] iv = pdb.GetBytes(16);
        rijndaelCipher.Mode = CipherMode.CBC;
        rijndaelCipher.Padding = PaddingMode.PKCS7; //PaddingMode.PKCS7 or None or Zeros
        rijndaelCipher.KeySize = 256; //192, 256
        rijndaelCipher.BlockSize = 128;
        rijndaelCipher.Key = keyBytes;
        rijndaelCipher.IV = iv;
    }
Improve this question

3 Answers 3

Reset to default
2

I'd check if an external library such as keyczar supports this.

As Jeff Atwood has taught us in his blog recently, 99% of developers shouldn't be concerning themselves with the low level details of encryption routines (because we will probably screw them up).

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Absolutely - why I recommend an external program.
He mentions using bouncycastle as an example which abstracts this out. I do want to do that, so I am not doing much different...I just want to make sure the providers work cross-platform.
Well, encryption algorithms are just algorithms, right? So nothing about it should be platform dependent. Any series of steps that you can take in one language to encrypt a file, you should be able to write code in any other language to then decrypt it. If not, something is wrong with your algorithm.
1

Depending on your usage of this config file, you may want to use an external program.

For example, if you want to protect the config file while it resides on disk, but you're okay with its contents being held in memory while the program is running, you could use gpg to encrypt the file, decrypt it into memory using a user-supplied password required by the program when you start it, and then clear out the memory when you shut down the program.[1]

[1] It's worthwhile to note that there's no real way to guarantee the contents won't be written to disk because of memory paging and the like. That's dependent on operating system and a lot of factors you can look up if you are interested in it.

Improve this answer

Comments

0

Q1 : It have to be 128 or you will have to use BouncyCastle

Q2 : Yes PKCS7

Q3 : Yes CBC

If your question is not dead I could give you working examples c# and java

Improve this answer

1 Comment

I would be interested in seeing examples..I am trying to do something similar

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.