Compression-Encryption problem
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Anonymous
Posted On:   Friday, August 18, 2006 12:25 PM

Hi everybody! I am working on troubleshooting an encryption/decryption program which is currently in production. The JDK version is 1.3.1. The encryption program takes a payload string which is a combination of several parameters (each parameter is URL encoded) and generates an encrypted URL following the steps below: // // Steps for creating an encrypted URL: // // 1 - Calculate the checksum // 2 - Concatenate the checksum and payload // 3 - URL Encode // 4 - Compress the string using zipIt (GZIP) // 5 - Encrypt using Blowfish and SunJCE // 6 - Base 64 encode // 7 - URL encode // 8 - Return the complete string The program wor   More>>

Hi everybody!
I am working on troubleshooting an encryption/decryption program which is currently in production.
The JDK version is 1.3.1.
The encryption program takes a payload string which is a combination of several parameters (each parameter is URL encoded) and generates an encrypted URL following the steps below:
//
// Steps for creating an encrypted URL:
//
// 1 - Calculate the checksum
// 2 - Concatenate the checksum and payload
// 3 - URL Encode
// 4 - Compress the string using zipIt (GZIP)
// 5 - Encrypt using Blowfish and SunJCE
// 6 - Base 64 encode
// 7 - URL encode
// 8 - Return the complete string

The program works as long as the caller calls it once.
But, if the program is called in a loop, sometimes the output is invalid (5% of the time). And this is totally random and is not driven by any of the parameter values being passed in.
I am pasting relevant sections of the code. Could anybody help me with this to see what could be causing it?


Thanks in advance!


ss









			

public class PDFWebApiDelegate {


public PDFWebApiDelegate() {
}

public static String encryptPayload (String payload, String authKey) {

try {

BlowFishUtil bfUtil = new BlowFishUtil();

String sCheckSum = getMD5Checksum(payload);
String encodeBuffer = sCheckSum + payload;
encodeBuffer = URLEncoder.encode(encodeBuffer);
byte[] aryEncodeBuf = zipIt(encodeBuffer);
aryEncodeBuf = bfUtil.encryptSecretKey(authKey.getBytes(),aryEncodeBuf);
encodeBuffer = Base64.encodeBytes(aryEncodeBuf);
encodeBuffer = URLEncoder.encode(encodeBuffer);
return encodeBuffer;
}
catch (Exception e) {
return null;
}
}

public static String decryptPayload (String payload, String authKey) {

try {
String decodeBuffer = "";
BlowFishUtil bfUtil = new BlowFishUtil();
decodeBuffer = URLDecoder.decode(payload);
decodeBuffer = Base64.decodeToString(decodeBuffer);
byte[] aryDecodeBuf = bfUtil.decryptSecretKey(authKey.getBytes(), decodeBuffer.getBytes());
aryDecodeBuf = unzipIt(aryDecodeBuf);
String sBuf = new String(aryDecodeBuf);
sBuf = URLDecoder.decode(sBuf);
int iPos = sBuf.indexOf("gh=");
if (iPos>=0) {

String sURLCheckSum = sBuf.substring(0,iPos);
sBuf = sBuf.substring(iPos,sBuf.length());
String sCheckSum = getMD5Checksum(sBuf);

if (!sCheckSum.equals(sURLCheckSum)) {

}


}

return new String(sBuf);
}
catch (Exception e) {
return null;
}
}


private static String getMD5Checksum( String mess ) {

String hexHashCode = "";
String hashCode = "";

try {

MessageDigest md = MessageDigest.getInstance("MD5");

byte[] message = mess.getBytes("UTF-8");

md.update( message );

byte[] hash = md.digest();

for ( int i=0; i < hash.length; i++ ){

int x = hash[i] & 0xFF;
if (x < 0x10) {
hexHashCode += "0";
}
hexHashCode += (Integer.toHexString(x));

hashCode += hash[i]+" _ ";
}

}
catch (Exception e) {
e.printStackTrace();
return "error";
}

return hexHashCode;
}

private static byte[] zipIt ( String parameterString )
{

byte[] zipped;

try {

ByteArrayOutputStream catcher = new ByteArrayOutputStream();
GZIPOutputStream gzipOut = new GZIPOutputStream( catcher );

byte[] bytesToZip = parameterString.getBytes();

gzipOut.write( bytesToZip, 0, bytesToZip.length );
gzipOut.close();

return catcher.toByteArray();

}
catch ( Exception ioe ) {
ioe.printStackTrace();
return "error".getBytes();
}
}

private static byte[] unzipIt ( byte[] buffer ) {

ByteArrayOutputStream outBuffer = new ByteArrayOutputStream();
ByteArrayInputStream inBuffer = new ByteArrayInputStream(buffer);

try {
GZIPInputStream gzip = new GZIPInputStream(inBuffer);
byte[] tmpBuffer = new byte[256];
int n;
while ((n = gzip.read(tmpBuffer)) >= 0) {
outBuffer.write(tmpBuffer, 0, n);
}
return outBuffer.toByteArray();
}
catch (Exception e) {
return null;
}
}
}




Here is the encryption module. The key is a fixed 56 byte value.








			
// encryptSecretKey - uses javax.crypto.SecretKey to encrypt a java.util.String. It returns
// this string as a byte array.
//
public static byte[] encryptSecretKey(byte[] keyBytes, byte[] unencrypted)
{

try {



Provider sunJce = new com.sun.crypto.provider.SunJCE();
Security.addProvider(sunJce);

SecretKeySpec skeySpec = new SecretKeySpec(keyBytes, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);

byte[] myEncrypt = cipher.doFinal(unencrypted);


return myEncrypt;
}
catch (Exception e) {

e.printStackTrace();
return null;
}
}

//
// decryptSecretKey - uses a java.crypto.SecretKey to decrypt a byte array of encrypted characters
//
public static byte[] decryptSecretKey(byte[] keyBytes, byte[] encrypted)
{

try {
Provider sunJCE = new com.sun.crypto.provider.SunJCE();
Security.addProvider(sunJCE);

SecretKeySpec skeySpec = new SecretKeySpec(keyBytes, "Blowfish");

Cipher cipher = javax.crypto.Cipher.getInstance("Blowfish");

cipher.init(javax.crypto.Cipher.DECRYPT_MODE, skeySpec);

byte[] decrypted = cipher.doFinal(encrypted);

return decrypted;
}
catch (Exception e) {
return null;
}
}
   <<Less
About | Sitemap | Contact