Re: [GNU Crypto] GNU Crypto and OpenSSL

[Casey Marshall]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Ben" == Ben  <address@hidden> writes:

Ben> Hi, I am trying to write a Java program that exchanges
Ben> Blowfish-encrypted data with a C program.  The C program uses the
Ben> OpenSSL libraries (BF_cbc_encrypt() specifically) to do the
Ben> encryption/decryption, and the Java program is using the GNU
Ben> Crypto Blowfish class.  It isn't working.  I am thinking this
Ben> might be because of the initialization vector.  BF_cbc_encrypt
Ben> requires an initialization vector, which I have set to 0, but I
Ben> can't find a way to set this or even see that it exists in GNU
Ben> Crypto.  Is it possible to make these two libraries work
Ben> together?

You need to use the mode API for CBC. The cipher API is a low-level,
ECB-only one.

Your Java application would look something like this:

===
import gnu.crypto.Registry;
import gnu.crypto.IMode;
import gnu.crypto.ModeFactory;

...

Map attrib = ...;
IMode blowfish_cbc = ModeFactory.getInstance(Registry.CBC_MODE,
  Registry.BLOWFISH_CIPHER, 8);

attrib.put(IMode.IV, your_iv); // byte[]
attrib.put(IMode.KEY_MATERIAL, your_key); // byte[]
attrib.put(IMode.STATE, new Integer(IMode.ENCRYPTION));

blowfish_cbc.init(attrib);

// in and out are byte[], offsets are int.
blowfish_cbc.update(in, in_offset, out, out_offset);

...
===

Also note that our CBC mode does not allow the input buffer to be the
same as the output buffer. This will probably change eventually.

Cheers.

- -- 
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>

iD8DBQE/98v4gAuWMgRGsWsRAjq/AJ4xODc2TlZGjGw+6ViEo0AFxdL3agCfa4Ra
u92koxfcLow6ijfQDfVNeEo=
=4aLx
-----END PGP SIGNATURE-----