Cryptography Tutorials - Herong's Tutorial Notes
Dr. Herong Yang, Version 4.00

DES Algorithm - Java JCE SUN Implementation

Part:   1  2  3 

(Continued from previous part...)

JceSunDesPaddingTest.java - JCE DES Padding Testing Program

Let's modify the above testing program to see how PKCS5Padding schema works.

/**
 * JceSunDesPaddingTest.java
 * Copyright (c) 2006 by Dr. Herong Yang, http://www.herongyang.com/
 */
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
class JceSunDesPaddingTest {
   public static void main(String[] a) {
      if (a.length<2) {
         System.out.println("Usage:");
         System.out.println("java JceSunDesPaddingTest 1/2/3"
            + " algorithm");
         return;
      }
      String test = a[0];
      String algorithm = a[1];
      try {
         byte[] theKey = null;
         byte[] theMsg = null; 
         byte[] theExp = null; 
         if (test.equals("1")) { 
            theKey = hexToBytes("133457799BBCDFF1");
            theMsg = hexToBytes("0123456789ABCDEF");
            theExp = hexToBytes("85E813540F0AB405");
         } else if (test.equals("2")) { 
            theKey = hexToBytes("38627974656B6579"); // "8bytekey"
            theMsg = hexToBytes("6D6573736167652E"); // "message."
            theExp = hexToBytes("7CF45E129445D451");
         } else if (test.equals("3")) { 
            theKey = hexToBytes("133457799BBCDFF1"); // = test 1
            theMsg = hexToBytes("0808080808080808"); // PKCS5Padding
            theExp = hexToBytes("FDF2E174492922F8");
         } else {
            System.out.println("Wrong option. For help enter:");
            System.out.println("java JceSunDesPaddingTest");
            return;
         }	
         KeySpec ks = new DESKeySpec(theKey);
         SecretKeyFactory kf 
            = SecretKeyFactory.getInstance("DES");
         SecretKey ky = kf.generateSecret(ks);
         Cipher cf = Cipher.getInstance(algorithm);
         cf.init(Cipher.ENCRYPT_MODE,ky);
         byte[] theCph = cf.doFinal(theMsg);
         System.out.println("Key     : "+bytesToHex(theKey));
         System.out.println("Message : "+bytesToHex(theMsg));
         System.out.println("Cipher  : "+bytesToHex(theCph));
         System.out.println("Expected: "+bytesToHex(theExp));
      } catch (Exception e) {
         e.printStackTrace();
         return;
      }
   }
   public static byte[] hexToBytes(String str) {
      if (str==null) {
         return null;
      } else if (str.length() < 2) {
         return null;
      } else {
         int len = str.length() / 2;
         byte[] buffer = new byte[len];
         for (int i=0; i<len; i++) {
             buffer[i] = (byte) Integer.parseInt(
                str.substring(i*2,i*2+2),16);
         }
         return buffer;
      }

   }
   public static String bytesToHex(byte[] data) {
      if (data==null) {
         return null;
      } else {
         int len = data.length;
         String str = "";
         for (int i=0; i<len; i++) {
            if ((data[i]&0xFF)<16) str = str + "0" 
               + java.lang.Integer.toHexString(data[i]&0xFF);
            else str = str
               + java.lang.Integer.toHexString(data[i]&0xFF);
         }
         return str.toUpperCase();
      }
   }            
}

Let's run this program with different options:

java JceSunDesPaddingTest 1 DES/ECB/NoPadding

Key     : 133457799BBCDFF1
Message : 0123456789ABCDEF
Cipher  : 85E813540F0AB405
Expected: 85E813540F0AB405

java JceSunDesPaddingTest 1 DES/ECB/PKCS5Padding

Key     : 133457799BBCDFF1
Message : 0123456789ABCDEF
Cipher  : 85E813540F0AB405FDF2E174492922F8
Expected: 85E813540F0AB405

java JceSunDesPaddingTest 1 DES

Key     : 133457799BBCDFF1
Message : 0123456789ABCDEF
Cipher  : 85E813540F0AB405FDF2E174492922F8
Expected: 85E813540F0AB405

java JceSunDesPaddingTest 3 DES/ECB/PKCS5Padding

Key     : 133457799BBCDFF1
Message : 0808080808080808
Cipher  : FDF2E174492922F8FDF2E174492922F8
Expected: FDF2E174492922F8

The results tells us that:

  • If the input block is 8-byte long, PKCS5Padding adds another a block of 8-byte.
  • The Cipher.getInstance("DES") method call is identical to Cipher.getInstance("DES/ECB/PKCS5Padding").
  • If the input block is 8-byte long, PKCS5Padding adds another a block of 8-byte with value of 0x08 for each padded byte.

Conclusion

  • Sun JDK JCE implementation of DES algorithm works as expected.
  • PKCS5Padding is a simple but clever way pad plaintext message be multiples of 64-bit blocks.
  • Sun implementation of PKCS5Padding works well.

Part:   1  2  3 

Dr. Herong Yang, updated in 2007
Cryptography Tutorials - Herong's Tutorial Notes - DES Algorithm - Java JCE SUN Implementation