Menu
I wrote a Java Card applet to do DES encryption/Decryption. The source code of my applet (If you want to use it, consider that Mr Bodewes found some bugs in this source code (those are mentioned in the comments under his answer. So fix it and then use) have the following functions:
I did a comparison between output of my program and output of an online tool, and finally I find them different. So I want to check correctness of my program's output using OpenSSL.
These are results for encrypting 0x30 0x30 0x30 0x30 0x30 0x30 0x30 0x30 with key = 0x11 0x22 0x33 0x44 0x55 0x66 0x77 0x88 :
::> SendToApplet.exe -key 1122334455667788 -data 3030303030303030
Command::
Data: 3030303030303030
Key : 1122334455667788
Results::
DES_ECB_ISO9797_M1:
8E 43 CF B8 91 02 01 38 .C.....8
DES_ECB_ISO9797_M2:
A6 DE 1C D9 1B A9 EE D0 ........
DES_ECB_NOPAD:
0B FC BF EE 82 F4 8B 19 .......
DES_ECB_PKCS5:
AA 6E 4D 79 E5 0C B1 51 .nMy...Q
The question is how I can check to see if these results are OK?
This is list of OpenSSL tool commands and arguments:
OpenSSL> ?
openssl:Error: '?' is an invalid command.
Standard commands
asn1parse ca ciphers crl crl2pkcs7
dgst dh dhparam dsa dsaparam
ec ecparam enc engine errstr
gendh gendsa genrsa nseq ocsp
passwd pkcs12 pkcs7 pkcs8 prime
rand req rsa rsautl s_client
s_server s_time sess_id smime speed
spkac verify version x509
Message Digest commands (see the `dgst' command for more details)
md2 md4 md5 rmd160 sha
sha1
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx idea idea-cbc
idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40
Unfortunately I can see anything related to the Padding modes (i.e ISO9797_M1, ISO9797_M2, NOPAD and PKCS5). How I can specify them in my command?
447
Padding[edit] OpenSSL uses PKCS padding by default. If the mode you are using allows you to change the padding, then you can change it with EVP_CIPHER_CTX_set_padding.
From OpenSSLWiki. This page describes the command line tools for encryption and decryption. Enc is used for various block and stream ciphers using keys based on passwords or explicitly provided. It can also be used for Base64 encoding or decoding.
What is padding? Block cipher algorithms like AES and Triple DES in Electronic Code Book (ECB) and Cipher Block Chaining (CBC) mode require their input to be an exact multiple of the block size. If the plaintext to be encrypted is not an exact multiple, you need to pad before encrypting by adding a padding string .
It was straightforward to test with the following commands: So, OpenSSL is padding keys and IVs with zeroes until they meet the expected size. Note that if -aes-192-cbc is used instead of -aes-256-cbc, decryption will fail, because OpenSSL will pad it with fewer zeroes and so the key will be different.
A tutorial example is provided to show you how to OpenSSL controls padding on plaintext. OpenSSL uses the PKCS#5 padding algorithm by default, unless you specify the '-nopad' option. © 2022 Dr. Herong Yang.
The openssl program provides a rich variety of commands, each of which often has a wealth of options and arguments. Many commands use an external configuration file for some or all of their arguments and have a -config option to specify that file.
There are three different kinds of commands. These are standard commands, cipher commands, and digest commands. Calling the OpenSSL top-level help command with no arguments will result in openssl printing all available commands by group, sorted alphabetically.
Padding happens before encryption with the block cipher. That means you can always check by decrypting the ciphertext and validating the padding by hand. Using openssl you can simply use -nopad and -K <key in hex> and then validate the output (converting the binary to human readable format first).
Currently we cannot validate because your applet is not returning enough data; you probably forgot to finalize the encryption.
150
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
