Unable to decrypt the cipher text in Java which is ecrypted in GoLang using Blowfish.
Encryption
import (
"testing"
"golang.org/x/crypto/blowfish"
"github.com/andreburgaud/crypt2go/ecb"
"github.com/andreburgaud/crypt2go/padding"
"fmt"
"encoding/base64"
)
func TestEncrypt(t *testing.T) {
bytes := []byte("cap")
key := []byte("1c157d26e2db9a96a556e7614e1fbe36")
encByte := encrypt(bytes, key)
enc := base64.StdEncoding.EncodeToString(encByte)
fmt.Printf("ENC - %s\n", enc)
}
func encrypt(pt, key []byte) []byte {
block, err := blowfish.NewCipher(key)
if err != nil {
panic(err.Error())
}
mode := ecb.NewECBEncrypter(block)
padder := padding.NewPkcs5Padding()
pt, err = padder.Pad(pt) // padd last block of plaintext if block size less than block cipher size
if err != nil {
panic(err.Error())
}
ct := make([]byte, len(pt))
mode.CryptBlocks(ct, pt)
return ct
}
// Output
// ENC - AP9atM49v8o=
Decryption
import lombok.SneakyThrows;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import static java.util.Base64.getDecoder;
import static java.util.Base64.getEncoder;
public class UserAuthenticationFilter {
public static void main(String[] args) throws Exception {
String key = "1c157d26e2db9a96a556e7614e1fbe36";
System.out.println(decrypt(getDecoder().decode("AP9atM49v8o="), key));
// encryption and decryption verification
// String plainText = "cap";
// String cipher = encrypt(plainText, key);
// String decrypted = decrypt(getDecoder().decode(enc), key);
// assert decrypted.equals(plainText);
}
@SneakyThrows
public static String encrypt(String plainText, String key) {
byte[] myKeyByte = hexToBytes(key);
SecretKeySpec skeySpec = new SecretKeySpec(myKeyByte, "Blowfish");
Cipher ecipher = Cipher.getInstance("Blowfish/ECB/PKCS5Padding");
ecipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] src = ecipher.doFinal(plainText.getBytes("ISO-8859-1"));
return getEncoder().encodeToString(src);
}
@SneakyThrows
public static String decrypt(byte[] cipherContent, String key) {
byte[] myKeyByte = hexToBytes(key);
SecretKeySpec skeySpec = new SecretKeySpec(myKeyByte, "Blowfish");
Cipher dcipher = Cipher.getInstance("Blowfish/ECB/NoPadding");
dcipher.init(2, skeySpec);
byte[] dcontent = dcipher.doFinal(cipherContent);
return (new String(dcontent, "ISO-8859-1")).trim();
}
private static byte[] hexToBytes(String str) {
if (str == null) {
return null;
} else if (str.length() < 2) {
return null;
} else {
int len = str.length() / 2;
byte[] buffer = new byte[len];
for(int i = 0; i < len; ++i) {
buffer[i] = (byte)Integer.parseInt(str.substring(i * 2, i * 2 + 2), 16);
}
return buffer;
}
}
}
// Output
// BY x³
As per the outputs, encryption in GoLang and decryption in Java doesn't produce the same plain text. Initially, thought the problem might be related to golang's byte (0 to 255) and java's byte (-128 to 127) involved in base64 encoding and decoding. But poking in Java's decryption code, it's handled correctly with value & 255.
Decryption of the same cipher text in golang works perfectly. Also encryption and decryption in Java works perfectly. But not the encryption in one and decryption in other.
I think the encryption and decryption logic were correct. Only guess might be there's some language specific ??? is missing when the cipher text is ported to other language for decryption.
key := []byte("1c157d26e2db9a96a556e7614e1fbe36")
I believe this piece of code returns byte array of the string itself, not hex decoded value. To get a valid key you may try to use hex decoding