The question is, what could be the most preferable approach one can follow while working with encryption and decryption when dealing with different platforms.
As per my knowledge , whenever one wants to work with such scenarios , he/she has to take certain things into account. Like say,
- Encryption/decryption Algorithm
- Padding pattern
- Character Encoding at both sides
- Cipher key and block sizes
Certainly ,the Encryption/Decryption algorithm one wants to use must be same at both the sides and i guess i can say the same thing about remaining three things.
Please suggest me the steps to follow while i work with following or similar scenarios.
- Encrypting in c & decrypting in java
- Encrypting in php & decrypting in java
One very important aspect for good interoperability is standard compliance.
Good cryptographic standards come with test vectors. If the two ends implement the same specification and the relevant test cases have been verified, there are much higher chances they will successfully talk to each other.
For instance, let’s say you need to derive an AES key from a password. If you use openssl, you may be tempted to use the common
EVP_BytesToKeyfunction. Unfortunately, that is not a standard derivation algorithm and you will find yourself in troubles if at the other end you don’t have openssl too. Using a standard like PBKDF2 is better, because you have a clear, well-known, and widespread specification for it (RFC2898) that most libraries implement.Unfortunately, cryptographic standards tend to focus on the primitives only and it is often necessary to graft together several ones. The "grafting" may prove to be the area where interoperability falls apart. For that reason, I suggest to use the widest possible standardized algorithm, even at the cost of some extra complexity.
For instance, if you want to encrypt something, it would be good to choose a standard authenticated mode like CCM (defined – amongst others – in RFC3610). In one go you obtain interoperability for: