How to use 3DES algorithm on Android?

Question

On the server side, the encyption/decryption of the password field is done in C#.

Now, i need to implement same functionality in my android application. So, i followed this tutorial: http://ttux.net/post/3des-java-encrypter-des-java-encryption/ as below:

    import java.security.MessageDigest; 
import java.security.spec.KeySpec; 
import java.util.Arrays; 

import javax.crypto.Cipher; 
import javax.crypto.SecretKey; 
import javax.crypto.SecretKeyFactory; 
import javax.crypto.spec.DESedeKeySpec; 
import javax.crypto.spec.IvParameterSpec; 

import org.apache.commons.codec.binary.Base64; 

public class Encrypter { 
  private KeySpec keySpec; 
  private SecretKey key; 
  private IvParameterSpec iv; 

  public Encrypter(String keyString, String ivString) { 
    try { 
      final MessageDigest md = MessageDigest.getInstance("md5"); 
      final byte[] digestOfPassword = md.digest(Base64.decodeBase64(keyString.getBytes("utf-8"))); 
      final byte[] keyBytes = Arrays.copyOf(digestOfPassword, 24); 
      for (int j = 0, k = 16; j < 8;) { 
    keyBytes[k++] = keyBytes[j++]; 
      } 

      keySpec = new DESedeKeySpec(keyBytes); 

      key = SecretKeyFactory.getInstance("DESede").generateSecret(keySpec); 

      iv = new IvParameterSpec(ivString.getBytes()); 
    } catch(Exception e) { 
      e.printStackTrace(); 
    } 
  } 

  public String encrypt(String value) { 
    try { 
      Cipher ecipher = Cipher.getInstance("DESede/CBC/PKCS5Padding","SunJCE"); 
      ecipher.init(Cipher.ENCRYPT_MODE, key, iv); 

      if(value==null) 
    return null; 

      // Encode the string into bytes using utf-8 
      byte[] utf8 = value.getBytes("UTF8"); 

      // Encrypt 
      byte[] enc = ecipher.doFinal(utf8); 

      // Encode bytes to base64 to get a string 
      return new String(Base64.encodeBase64(enc),"UTF-8"); 
    } catch (Exception e) { 
      e.printStackTrace(); 
    } 
    return null; 
  } 

  public String decrypt(String value) { 
    try { 
      Cipher dcipher = Cipher.getInstance("DESede/CBC/PKCS5Padding","SunJCE"); 
      dcipher.init(Cipher.DECRYPT_MODE, key, iv); 

      if(value==null) 
    return null; 

      // Decode base64 to get bytes 
      byte[] dec = Base64.decodeBase64(value.getBytes()); 

      // Decrypt 
      byte[] utf8 = dcipher.doFinal(dec); 

      // Decode using utf-8 
      return new String(utf8, "UTF8"); 
    } catch (Exception e) { 
      e.printStackTrace(); 
    } 
    return null; 
  } 
} 

but i dont know what values i need to provide for KeyValue and ivValue for the above code. Please help me...

Answer 1

Use this code to encrypt your string

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import android.util.Base64;
//string encryption
public class EncryptionHelper {



    // Encrypts string and encode in Base64
    public static String encryptText(String plainText) throws Exception {
        // ---- Use specified 3DES key and IV from other source --------------
        byte[] plaintext = plainText.getBytes();//input
        byte[] tdesKeyData = Constants.getKey().getBytes();// your encryption key

        byte[] myIV = Constants.getInitializationVector().getBytes();// initialization vector

        Cipher c3des = Cipher.getInstance("DESede/CBC/PKCS5Padding");
        SecretKeySpec myKey = new SecretKeySpec(tdesKeyData, "DESede");
        IvParameterSpec ivspec = new IvParameterSpec(myIV);

        c3des.init(Cipher.ENCRYPT_MODE, myKey, ivspec);
        byte[] cipherText = c3des.doFinal(plaintext);
        String encryptedString = Base64.encodeToString(cipherText,
                Base64.DEFAULT);
        // return Base64Coder.encodeString(new String(cipherText));
        return encryptedString;
    }

}

This is how you can encrypt the string

String encryptedPassword = EncryptionHelper.encryptText(edtText.getText().toString());

EDIT Code for Constants.java

     Class Constants {
         private final String initializationVector = "INITALIZATION_VECTOR";
         private final String ecnryptionKey = "ENCRYPTION_KEY";
         public static String getInitializationVector() {
             return initializationVector;
         }
         public static String getKey() {
             return ecnryptionKey;
         }
     }

Answer 2

Triple DES is called "DESede" (DES using single DES Encrypt, Decrypt, Encrypt for encryption) in both Java and Android runtimes. So it is build in functionality which can be access through the Cipher class. It also lists the available algorithms. For triple DES you could use "DESede/CBC/PKCS5Padding"`. Don't forget to supply it a random IV of 8 bytes.

Triple DES should only be used for backwards compatibility. If you decide to use it at least supply it 24 bytes of key material, otherwise there is a chance that your ciphertext can be cracked. For a more modern approach use AES, preferably in an authenticated mode such as GCM ("AES/GCM/NoPadding"). Note that GCM requires a unique nonce of 12 bytes.