I need to have a basic/simple String encryption (i.e. low security is good enough, I just want to avoid that the communication is human readable) between my Java client application and the PHP server.
I opted thus for the symmetric DES encryption as it doesn't require any key exchange (same key will be used on client and on server) + it doesn't require Java Security Policy updates for longer keys. I also encode/decode Base64 as the data gets sent by a Http post.
Unfortunately my code doesn't work as decrypted text doesn't match input.
My Java code to encrypt:
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
DESKeySpec keySpecEncrypt = new DESKeySpec(ParamsProvider.SERVER_ECRYPTION_SECRETKEY2); //Secret key is a byte[8] = {1, 2, 3, 4, 5, 6, 7, 8}
SecretKey keyEncrypt = keyFactory.generateSecret(keySpecEncrypt);
// Create the cipher
Cipher desCipher = Cipher.getInstance("DES/CFB8/NoPadding");
// Initialize the cipher for encryption
desCipher.init(Cipher.ENCRYPT_MODE, keyEncrypt);
// Encrypt the text
byte[] textEncrypted = desCipher.doFinal(data.getBytes("UTF-8"));
//B64 encoding and return
byte[] encryptedB64ByteArray = (new org.apache.commons.codec.binary.Base64()).encode(textEncrypted);
return new String(encryptedB64ByteArray, "UTF8");
My PHP code to decrypt:
function decrypt($message) {
$secret_key = array(1, 2, 3, 4, 5, 6, 7, 8);
$decodedMsg = base64_decode($message);
return base64_decode(mcrypt_decrypt(MCRYPT_DES, $key, $decodedMsg, MCRYPT_MODE_CFB));
}
My best guess is that my Java and PHP en/decryption parameters are not equal (e.g. CFB8 mode) but I have no clue on how to solve this.
Any help or hint would be greatly appreciated (I already lost a few hours on this one), Cheers, Thomas
