3DES encryption/decryption works in Windows, throws IllegalBlockSizeException in Linux

Question

I recently tried to move a Flex/Java software solution from Windows to Linux (CentOS6 64bit) and I came across this problem.

To put it simply, I'm encrypting a short text in Flex/ActionScript (using com.hurlant libraries), algorithm is TripleDES with ECB and PKCS5Padding. The server is JBoss 5.1.0GA.

This encrypted text is then sent to a JMS destination.

On the receiving end of JMS there is a simple Java application which (using BouncyCastle) tries to decrypt the text.

All this works like a charm on Windows. On Linux I get this:

javax.crypto.IllegalBlockSizeException: last block incomplete in decryption
at org.bouncycastle.jce.provider.JCEBlockCipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(DashoA13*..)

I logged the Encrypted text when received by the Java app (encoded in Base64), and it is identical both on Linux and Windows. The key is obviously the same.

I believed it could have been a charset encoding problem, but even starting both JBoss and the Java app with -Dfile.encoding=UTF8 or -Dfile.encoding=windows-1252 option didn't work.

Here is the code used for encrypting (ActionScript):

var keyData:ByteArray = Hex.toArray(Hex.fromString("jgd8f3m8ybjhwlGhr4hihbp0"));
var pinData:ByteArray = Hex.toArray(Hex.fromString("12341234"));
var pad:IPad = new PKCS5;
var mode:ICipher = Crypto.getCipher("simple-3des-ecb", keyData, pad);
pad.setBlockSize(mode.getBlockSize());               
mode.encrypt(pinData);
var message:IMessage = new AsyncMessage();
message.body = Base64.encodeByteArray(pinData);

Here is the code used for decrypting (Java):

String userPin3DESEncrypted = new String(Base64.decodeBase64(userPin3DESBase64Encrypted.getBytes()));
byte [] keyByte = "jgd8f3m8ybjhwlGhr4hihbp0".getBytes();
SecretKeySpec secretKeySpec = new SecretKeySpec(keyByte, "DESEDE");
Cipher cipher = Cipher.getInstance("DESEDE/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
String userPinDecrypted = new String(cipher.doFinal(userPin3DESEncrypted.getBytes()));

As previously said, the content of userPin3DESBase64Encrypted is the same (the same Base64 string) on both Linux and Windows, so the issue shouldn't be on Flex/JBoss side...

Any ideas?

Thanks in advance to all who are going to bang their head on the desk as I already did many times...

Cheers

Luca

Answer 1

Creating String from Base64-decoded encrypted (i.e. binary) data is a wrong idea. Use byte[] for all binary data instead.

Answer 2

Here is the fully functional Java code:

byte[] userPin3DESEncrypted = Base64.decodeBase64(userPin3DESBase64Encrypted.getBytes());
byte [] keyByte = "jgd8f3m8ybjhwlGhr4hihbp0".getBytes();
SecretKeySpec secretKeySpec = new SecretKeySpec(keyByte, "DESEDE");
Cipher cipher = Cipher.getInstance("DESEDE/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
String userPinDecrypted = new String(cipher.doFinal(userPin3DESEncrypted));