Java / PHP加密CAST-256

I have this legacy Code in PHP that I want to reproduce in Java:

function enCrypt($data = null) {
    $key = 'thisismysupersecretkeyglhf1';

    $encoded=mcrypt_encrypt(MCRYPT_CAST_256,
    $key,
    $data,
    MCRYPT_MODE_ECB
    );

    $encoded = base64_encode($encoded);

    return $encoded;
}

function deCrypt($data = null) {
    $key = 'thisismysupersecretkeyglhf1';

    $decrypted= mcrypt_decrypt(
    MCRYPT_CAST_256,
    $key,
    base64_decode($data),
    MCRYPT_MODE_ECB
    );

    return $decrypted;
}

I am using Bouncy Castle CAST-6 Engine in the following way:

public static final String KEY = "thisismysupersecretkeyglhf1";


public static String encrypt(String toDecrypt) throws NoSuchPaddingException,
        NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException,
        InvalidKeyException, BadPaddingException, IllegalBlockSizeException, DecoderException, UnsupportedEncodingException {

    Cipher cipher = Cipher.getInstance("CAST6/ECB/NoPadding");

    SecretKeySpec key=new SecretKeySpec(KEY.getBytes(),"CAST6");

    cipher.init(Cipher.ENCRYPT_MODE, key);

    String decoded=org.apache.commons.codec.binary.Base64.encodeBase64String(cipher.doFinal(toDecrypt.getBytes()));

    return decoded;
}

public static String decrypt(String toDecrypt) throws NoSuchPaddingException,
        NoSuchAlgorithmException, InvalidKeySpecException, InvalidAlgorithmParameterException,
        InvalidKeyException, BadPaddingException, IllegalBlockSizeException, DecoderException, UnsupportedEncodingException {

    Cipher cipher = Cipher.getInstance("CAST6/ECB/NoPadding");

    SecretKeySpec key=new SecretKeySpec(KEY.getBytes(),"CAST6");

    cipher.init(Cipher.DECRYPT_MODE, key);

    byte[] decoded=org.apache.commons.codec.binary.Base64.decodeBase64(toDecrypt);

    return new String(cipher.doFinal(decoded));
}

However, I'm not being able to produce the same encrypted results or decrypt anything encrypted in PHP using JAVA.

What am I lacking?

Is this a Padding Issue? Reading through mcrypt documentation, they seem to be doing a lot of padding to keys and data. My Key (legacy key) is 27chars long, which I believe should be padded to 32 bytes by mcrypt, since mcrypt_get_key_size(MCRYPT_CAST_256,MCRYPT_MODE_ECB) results in 32.

For further info the string I'm trying to encrypt is "1111111111111111". I don't know if this get padded by PHP , but I would think it wouldn't because, mcrypt_get_block_size(MCRYPT_CAST_256,MCRYPT_MODE_ECB) returns 16, which is exactly the length Im using.

I am very inexperienced in cryptography, so I'am a little bit lost. Maybe if I could debug mcrypt internals, I could have a better idea of what's happening.

Any help implementing these functions in Java would be greatly appreciated.

PD. I know this algorithm is not the best, and not using an IV as well as using ECB is somehow alarming, but this is only for legacy code integration.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

1条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
duanqiao1961 2015-07-09 13:47
关注
So I finally figured this out.

Apparently it seems PHP implementation of the Cast6 Algorithm is not standard.

At first I had a nervous breakdown by not being able to even reproduce the same value as the ones in the test vectors for the algorithm. So it was time to look at PHP's source.

I downloaded the PhpCrypt Library by Ryan Gilfether, which produces the exact same result as php's mcrypt lib. And started debugging.

I noticed that php's implementation, after splitting the key and data into 4 bytes blocks, it reverses the contents of these blocks. This is particularly important in the generation of the Masking and Round Keys, because they change a lot because of this.

So, once the problem was spotted , it was a simple matter to recreate the process from the Java side, I created a new Bouncy Castle Engine extending the CAST5Engine and replaced the setKey and encryptBlock method. You can check out this gist to see how it works.

The key is the reverseByteArrayByBlock, which is called multiple times. In the exact same way as PHP does it.

In the Gist you can also check out how to use the class in the PHPCast256Crypter.java file in case you are not too familiar with how Bouncy Castle works (the encrypt/decrypt functions assume your keys are hex encoded).

Good Luck!

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

Java / PHP加密CAST-256 java php
2015-07-03 16:16

回答 1 已采纳 So I finally figured this out. Apparently it seems PHP implementation of the Cast6 Algorithm is n
使用Java和PHP的AES CBC 128位加密 java php
2016-11-13 16:03

回答 1 已采纳 At first glance I see three issues here: First: you are not using the same mode: in java you have
在PHP中复制Java的AES / CBC / PKCS5Padding加密 java php
2018-10-12 09:06

回答 1 已采纳 Finally figured out the solution as per following link : https://gist.github.com/odan/c1dc2798ef9
c# php加解密,加解密函数在php,java和c#上的适配
2021-04-03 08:27

春梅狐狸的博客 2015年08月06日加解密函数在php,java和c#上的适配一般加密解密使用通用的加解密算法, 但是各个语言的使用方法也不同, 有时候搞来搞去的, 发现php加出来的java又解不了, 最近看了下其实一个加密api的使用主要有三个...
关于PHP和JAVA之间的AES加密互通问题 java php
2019-03-02 12:04

回答 2 已采纳可以试试下面这种AES加密解密方式看行不行 ``` class AES { /** * * @param string $string 需要加密的字符串
Php如何实现base64加密数据和java互通 java php
2020-03-20 21:45

回答 2 已采纳 ``` = 3) { for($i=0;$i_debug) { echo '$bin = ',decbin($bin),"\n";
java如何实现前端的CryptoJS.SHA256加密方法 java javascript 前端
2022-02-14 15:58

回答 2 已采纳 import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.securit
discuz java版_discuz加密解密函数 java版
2021-03-07 18:58

几乎太累了的博客简介：这是discuz加密解密函数 java版的详细页面，介绍了和php,java, php, security discuz加密解密函数 java版有关的知识、技巧、经验，和一些php源码等。 class='pingjiaF' frameborder='0' src='...
在PHP代码加密中转换Java AES加密 java php
2019-03-14 11:39

回答 1 已采纳 base64_decode(base64_encode($appKey)) I believe you use the key in php as string bytes, not as a
Java md5两次加密32位 intellij-idea java spring
2021-02-03 13:49

回答 3 已采纳 String password = "123456"; String salt = System.currentTimeMillis()+""; String ret = S
AES-256-CBC加密在golang和node / php之间不匹配 node.js php
2018-06-08 13:42

回答 1 已采纳 Okay, I managed to get the go output to match your other outputs, but I'm not 100% clear on all of
c c++ php常用的加密解密算法
2021-04-13 06:13

zh7314的博客为什么需要加密解密算法？数据加密的基本过程就是对原来为明文的文件或数据按某种算法进行处理，使其成为不可读的一段代码为“密文”，使其只能在输入相应的密钥之后才能显示出原容，通过这样的途径来达到保护数据...
Java端的AES加密 - 在PHP端解密并选择单个密钥 android java php
2014-07-30 12:26

回答 2 已采纳 There seem to be a few things you are doing wrong, I'll go over these in order: Always specify "A
c++的加密库--crypto++/openssl库
2018-09-19 13:41

薇唯苇蔚的博客因为最近用到AES,RSA,SHA之类的... crypto++ ...Crypto ++ Library是一个加密方案的免费C ++类库。一.安装依赖库首先需要下载这个库 sudo apt-get install libcrypto++ 我用的是clion 在cmake...
mysql aes java解密,使用PHP Mcrypt加密并使用MySQL aes_decrypt解密？
2021-01-27 11:46

邱某某知了的博客 Is it possible to Encrypt data with PHP mcrypt and decrypt it in the database with MySQL AES_DECRYPT? At the moment, I'm using RIJNDAEL_128 for mcrypt on ...
没有解决我的问题, 去提问

悬赏问题

¥30 这是哪个作者做的宝宝起名网站
¥60 版本过低apk如何修改可以兼容新的安卓系统
¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
¥50 有数据，怎么建立模型求影响全要素生产率的因素
¥50 有数据，怎么用matlab求全要素生产率
¥15 TI的insta-spin例程
¥15 完成下列问题完成下列问题
¥15 C#算法问题, 不知道怎么处理这个数据的转换
¥15 YoloV5 第三方库的版本对照问题
¥15 请完成下列相关问题！

Java / PHP加密CAST-256

1条回答 默认 最新

悬赏问题

1条回答默认最新