12-21-2012 06:20 PM
I have encrypted a file on Ubuntu Linux 12.4 using the following command line:
openssl aes-128-cbc -in IDFile.txt -out IDFile.enc -K AAAAAAAAAAAAAAAA -iv 0101010101010101
I have tried several methods of decryption on my BlackBerry Bold 9800 and they all either end up with garbled results or an empty buffer.
The current implementation is as follows and returns an returns a "null" exception:
. . .
// Get encrypted file data InputStream inStream = fconn.openInputStream();
// Create array of bytes for data int nDataSize = (int)fconn.fileSize();
byte dataArray = new byte[nDataSize];
// Read data int nBytesRead = inStream.read(dataArray);
// Create encryption key AESKey key = new AESKey("AAAAAAAAAAAAAAAA".getBytes(), 0, 128);
// Create initialization vector
InitializationVector iv =
// Create byte array input stream
ByteArrayInputStream is = new ByteArrayInputStream(dataArray);
// Create Decryptor stream DecryptorInputStream stream =
DecryptorFactory.getDecryptorInputStream(key, is, "AES/CBC/PKCS5", iv); // Setup buffer to hold unencrypted output byte output = new byte[nBytesRead];
// Read unencrypted data stream.read(output);
// Close input stream is.close(); // Get ID string String strID = new String(output);
. . .
Has anyone successfully decrypted on the BlackBerry a file encrypted on Ubuntu Linux using openssl? Thanks in advance for your assistance!
12-22-2012 04:14 AM
Never done this with OpenSSL, but I have done several cross platform encryptions and all have been painful.
I believe from reading the documentation, that OpenSSL might use a salt by default, and the BB encryption does not. So that is one thing you might want to stop for OpenSSL.
Also when you specify this:
you get 256 bits, being the byte 0x'41' repeated 16 times. I'm pretty sure that if you specify AAAAAAAAA to OpenSSL you will end up with the the bytes x'AA' repeated 4 times, i.e. only 128 bits. That for both your IV and key might explain the difference.
When approaching cross platform encryption, I would recommend that you try to round trip a 16 byte plain text on both platforms and make sure that the cipher text is the same. Doing this test, means you are not being worried about the differences in the way that the encryption pads (because you have supplied a full 16 bytes) nor the way it carries forward the encryption results (because you have only used 16 bytes). You have to make sure that both ends use the same salt.
Once you can round trip both ends, then compare the results at each end. The cipher text should be the same.
Hope this helps.
12-22-2012 10:24 AM
For some reason I was thinking ASCII instead of hex when I set the Key and iv. I appreciate you pointing that out. In regard to the openssl salt, you are absolutely correct. When I look at a hex dump of the encyrpted file, it starts with the word "SALTED". I believe I can turn this off in openssl, so I'll try that plus adjust the Key and iv values appropriately.
Thanks again for your help. I'll let you know how it goes.