PHP code:
<?php
class Crypter {
private $Key;
private $Algo;
private $Mode;
private $Iv;
public function __construct() {
$this->Algo = MCRYPT_BLOWFISH;
$this->Mode = MCRYPT_MODE_CBC;
$this->Key = substr('7890', 0, mcrypt_get_key_size($this->Algo, $this->Mode));
}
public function Encrypt($data) {
$iv_size = mcrypt_get_iv_size($this->Algo, $this->Mode);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
$this->Iv = $iv;
$blocksize = mcrypt_get_block_size('blowfish', 'cbc'); // get block size
$pkcs = $blocksize - (strlen($data) % $blocksize); // get pkcs5 pad length
$data.= str_repeat(chr($pkcs), $pkcs); // append pkcs5 padding to the data
$crypt = mcrypt_encrypt($this->Algo, $this->Key, $data, $this->Mode, $this->Iv);
return base64_encode($crypt);
}
public function Decrypt($data) {
$crypt = base64_decode($data);
$decrypt = mcrypt_decrypt($this->Algo, $this->Key, $crypt, $this->Mode, $this->Iv);
$block = mcrypt_get_block_size('blowfish', 'cbc');
$pad = ord($decrypt[($len = strlen($decrypt)) - 1]);
return substr($decrypt, 0, strlen($decrypt) - $pad);
}
}
?>
JAVA code:
package blowfishcbc;
import java.security.MessageDigest;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class BlowfishCBC {
public static void main(String[] args) throws Exception {
String keyString = "7890";
String input = "some data";
Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
// for IV
byte[] iv = new byte[cipher.getBlockSize()];
new SecureRandom().nextBytes(iv);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
// for key
byte[] keyData = (keyString).getBytes();
SecretKeySpec keySpec = new SecretKeySpec(keyData, "Blowfish");
// encrypt
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
byte[] encrypted = cipher.doFinal(input.getBytes("UTF-8"));
String enc = new BASE64Encoder().encode(encrypted);
System.out.println("encrypted: " + new String(enc));
// decrypt
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
byte[] dec = new BASE64Decoder().decodeBuffer(enc);
byte[] decrypted = cipher.doFinal(dec);
System.out.println("decrypted: " + new String(decrypted, "UTF-8"));
}
}
I have a scenario where encoding and decoding will be in between two systems like JAVA and PHP. Now the above classes are both examples of PHP and JAVA respectively.
First of all if I use Blowfish algorithm in CBC mode I have to provide a parameter IV (initialization vector). Which is generated randomly and length is equal to the block size. And the block size depends on the encryption mode and algorithm which are being used. Now if I want to decode some data in PHP which was encoded in JAVA then first of all the encryption key must be same as well as the IV (initialization vector).
Now in the java code the IV is generated randomly and if I pass that same IV in the PHP code along with the encoded string (encoded in java) then I get an error in the PHP system that the IV size must be same as the block size.
Now,
for PHP
$iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_CBC);
and for JAVA
cipher.getBlockSize();
Both gives the size is 8. But when I pass the IV generated in JAVA to PHP it gives the error of Message: mcrypt_encrypt(): The IV parameter must be as long as the blocksize
Now how can I solve this problem.
So far I understand the IV generation process in both system must be same. To be specific the IV length must be same. A little help will be much appreciated. Thanks.