I am having some odd issues here….
I have the two following scripts:
First, a PHP script (which I am using http://writecodeonline.com/php/ to test)
$key = '[E%Xr6pG-IDIA89_&=NI[AREofOy0#Mv[nJ7rO@T^PwgT!NVY*Hri@($p4luBM)ugVvbnAnWL@xGK*jBP3s$g#-XTH{e3@X*0StJ';
$string = 'Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing ';
//
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_128, md5($key), $string, MCRYPT_MODE_ECB));
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_128, md5($key), base64_decode($encrypted), MCRYPT_MODE_ECB), "\0");
echo $encrypted . "<br>";
echo $decrypted;
Second, a Java class,
import java.io.*;
import java.net.*;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.*;
import javax.crypto.spec.*;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
public class Main {
/**
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
String pw = "[E%Xr6pG-IDIA89_&=NI[AREofOy0#Mv[nJ7rO@T^PwgT!NVY*Hri@($p4luBM)ugVvbnAnWL@xGK*jBP3s$g#-XTH{e3@X*0StJ";
String str = encode("Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing Testing ", pw);
System.out.println(str);
System.out.println(decode(str, pw));
}
public static String encode(String s, String p) throws Exception
{
String cleartext = padRight(s, s.length()+(16-(s.length()%16)));
String key = DigestUtils.md5Hex(p);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(cleartext.getBytes());
return Base64.encodeBase64String(encrypted);
}
public static String decode(String encrypted, String p) throws Exception
{
byte[] bts = Base64.decodeBase64(encrypted);
String key = DigestUtils.md5Hex(p);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes(), "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(bts);
return new String(decrypted).replaceAll("\0", "");
}
public static String padRight(String s, int n) {
while (s.length() < n)
{
s+="\0";
}
return s;
}
}
Something very strange happens. When I test the PHP script, I get:
/wyCRFRmXFDGk0O5+EAHWv8MgkRUZlxQxpNDufhAB1r/DIJEVGZcUMaTQ7n4QAda/wyCRFRmXFDGk0O5+EAHWv8MgkRUZlxQxpNDufhAB1r/DIJEVGZcUMaTQ7n4QAda/wyCRFRmXFDGk0O5+EAHWv8MgkRUZlxQxpNDufhAB1r/DIJEVGZcUMaTQ7n4QAda/wyCRFRmXFDGk0O5+EAHWg==
as the encrypted code.
When I test the java code, however, I get:
/wyCRFRmXFDGk0O5+EAHWv8MgkRUZlxQxpNDufhAB1r/DIJEVGZcUMaTQ7n4QAda/wyCRFRmXFDGk0O5+EAHWv8MgkRUZlxQxpNDufhAB1r/DIJEVGZcUMaTQ7n4QAda/wyCRFRmXFDGk0O5+EAHWv8MgkRUZlxQxpNDufhAB1r/DIJEVGZcUMaTQ7n4QAda/wyCRFRmXFDGk0O5+EAHWsdyQJ3DP2jBsJcLh2n2wv0=
If you look closely, you will see that (somehow) the java text is longer! But, oddly, both of the texts are exactly the same up until “+EAH” which is when they diverge. I find this completely strange — why?
Because I have tested this code on numerous other strings, from lorum ipsum, to the word “Testing” with no errors. The only way I have found of causing this (so far) is to repeat a shortish word many times separated by spaces.
I am incredibly worried about this because I have no idea what other ways there are to trigger this strange behavior. So that leads me to my question… WHat in the name of davy jone’s locker is casking this?
I’m not an expert of encryption, but it may be a padding issue. You may try with the following.
PHP
Set the padding as follows:
This will use PKCS#5 padding, instead of PHP’s null padding.
Java
Change the following line:
to:
Unfortunately I don’t have an environment with Java where I can compare the results, but I hope it helps.