openssl des-ede3-cbc does not match with Java one

garcia.narbona@xxxxxxxxx (David García) · Wed, 25 Nov 2015 11:14:48 +0100

Viktor, you pointed me to the right way. I was missing the -nopad flag in
the openssl command.

I don't need to do the padding through the cipher algorithm because I do
the 0 padding manually before executing the ciphering.

Now it matches. This is the command I am using (for this manual example I
am providing an already multiple of 8 string, so I have removed the first
char of the input string for testing):

echo -n 05863330 | openssl enc -e -des-ede3-cbc -K
'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -iv 00000000 -nopad |
openssl enc -base64

Thanks Viktor.

2015-11-25 10:39 GMT+01:00 Viktor Dukhovni <openssl-users at dukhovni.org>:

> On Wed, Nov 25, 2015 at 09:18:15AM +0100, David Garc?a wrote:
>
> > H6cr2yN8oWV6AUY/JlknQw==
>
> Decrypting in ECB mode you get:
>
>     $ echo H6cr2yN8oWV6AUY/JlknQw== |
>         openssl base64 -d |
>         openssl enc -d -des-ede3 -K
> 'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -nopad |
>         hexdump -ve '/1 "%02x"'; echo
>     30303538363333332fa02cdc247ba662
>
> > but is not exactly the same result I get for the same input in my Java
> and
> > PHP examples. In those ones I get:
> >
> > H6cr2yN8oWUVY3a6/Vaaow==
>
> Decrypting in ECB mode you get:
>
>     $ echo H6cr2yN8oWUVY3a6/Vaaow== |
>         openssl base64 -d |
>         openssl enc -d -des-ede3 -K
> 'b2aec78eb50e05f2a60b9efa20b82c903e6cad4f3bd2027b' -nopad |
>         hexdump -ve '/1 "%02x"'; echo
>     30303538363333332fa72bdb237ca165
>
> The initial 8-byte blocks are identical, but the trailing blocks
> differ subtly.  The hexdump of the OpenSSL ciphertext is:
>
>     $ echo H6cr2yN8oWV6AUY/JlknQw== |
>         openssl base64 -d |
>         hexdump -ve '/1 "%02x"'; echo
>     1fa72bdb237ca1657a01463f26592743
>
> If you XOR the common first block of ciphertext into each of the
> second decrypted blocks you get:
>
>     $ perl -le '
>         for ( (0x2fa02cdc247ba662, 0x2fa72bdb237ca165) ) {
>             printf "%016x\n", ($_ ^ 0x1fa72bdb237ca165)
>         }'
>     3007070707070707
>     3000000000000000
>
> What you see is the effect of PKCS#5 padding in the case of OpenSSL,
> and zero-padding (which is not reversible and not suitable for
> encrypting ciphertext that is a not a multiple of 8 bytes in length)
> in Java.  You've failed to configure the correct padding mode.
>
> --
>         Viktor.
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>

-- 
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151125/258a1b3c/attachment.html>