Hi, 

We have a problem with a particular Encryption class being run on a
Linux Box
with this java environment-

	Linux-J2SDK 1.4.1 installation
	java version "1.4.1"
	Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-b21)
	Java HotSpot(TM) Client VM (build 1.4.1-b21, mixed mode)

This is the Exception being thrown-

java.security.InvalidKeyException: Wrong key size
        at javax.crypto.spec.DESedeKeySpec.<init>(DashoA6275)
        at javax.crypto.spec.DESedeKeySpec.<init>(DashoA6275)
        at com.scm.security.Encryption.getKeyFromFile(Unknown Source)
        at com.scm.security.Encryption.getSecKey(Unknown Source)
        at com.scm.security.Encryption.getEncryptedData(Unknown
Source)
        
Here's the piece of code where we have hard coded the 24 byte key to a
value common to Encryption and Decryption-
        
byte [] dk = "III�|�*;;;٭2?��Iz��kL�".getBytes();
			
// Generating/setting the decryption key.
try 
{
	SecretKeyFactory keyFactory =
SecretKeyFactory.getInstance(algorithm);
	DESedeKeySpec dkSpec = new DESedeKeySpec(dk);
	secKey = keyFactory.generateSecret(dkSpec);
	return secKey;
}
catch(Exception e) 
{
	System.out.println("Unable to set the secret key.");
	e.printStackTrace();
}

What went wrong? We are not able to simulate the problem on jdk1.4.2
for Windows. Could the answer lie with the version mismatch?

-Megha Vishwanath
[vmegha@vsnl.com]
[meghav@world2web.com]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Megha Vishwanath wrote:

[snip]
> byte [] dk = "III�|�*;;;٭2?��Iz��kL�".getBytes();
[snip]

Hi,
This is a really bad idea. You're storing a binary key in a String.
Some of these characters (at least as they show up in my newsreader)
are extended characters, high in the Unicode character set. There are
certainly twenty-four *characters*, but they probably encode to a lot
more *bytes* than that; this will *almost always* be true when
storing a random binary key. If you're storing a key, you need to use
a byte array at all times. If it's being written to a file, write it
with an OutputStream's write() method, and read it back in later with
an InputStream's read() method. If you're hardcoding it in your
source, write it in this form:

byte[] dk = {0x08, 0x09, 0x0A, 0x0B, ...};

encoding each byte in hexadecimal.

Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBG+wFgxSrXuMbw1YRAsXGAJ9vlNoc9GfGOFsBo1t4sYrGqU+O3ACggavO
/4UqPtfJqLZcVW3L6gF//hA=
=tJZt
-----END PGP SIGNATURE-----

Megha Vishwanath wrote:
> Hi, 
> 
> We have a problem with a particular Encryption class being run on a
> Linux Box
> with this java environment-
> 
> 	Linux-J2SDK 1.4.1 installation
> 	java version "1.4.1"
> 	Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-b21)
> 	Java HotSpot(TM) Client VM (build 1.4.1-b21, mixed mode)
> 
> This is the Exception being thrown-
> 
> java.security.InvalidKeyException: Wrong key size
>         at javax.crypto.spec.DESedeKeySpec.<init>(DashoA6275)
>         at javax.crypto.spec.DESedeKeySpec.<init>(DashoA6275)
>         at com.scm.security.Encryption.getKeyFromFile(Unknown Source)
>         at com.scm.security.Encryption.getSecKey(Unknown Source)
>         at com.scm.security.Encryption.getEncryptedData(Unknown
> Source)

   If it's telling you "Wrong key size", you should at least dump out 
the size of the key you're giving it.

> Here's the piece of code where we have hard coded the 24 byte key to a
> value common to Encryption and Decryption-
>         
> byte [] dk = "III�|�*;;;٭2?��Iz��kL�".getBytes();

   This looks like sophistry. Note: The bytes that you get depend 
strongly on what the default encoding is. I don't know why you would 
want to store raw binary data in an object of type String, but if you 
insist, then at least use the deprecated but deterministic method 
getBytes(int srcBegin, int srcEnd, byte dst[], int dstBegin), which 
gives you a result which is independent of the default character encoding.

> // Generating/setting the decryption key.
> try 
> {
> 	SecretKeyFactory keyFactory =
> SecretKeyFactory.getInstance(algorithm);
> 	DESedeKeySpec dkSpec = new DESedeKeySpec(dk);
> 	secKey = keyFactory.generateSecret(dkSpec);
> 	return secKey;
> }
> catch(Exception e) 
> {
> 	System.out.println("Unable to set the secret key.");

         System.out.println("from a "+dk.length+"-byte array");

> 	e.printStackTrace();
> }
> 
> What went wrong? We are not able to simulate the problem on jdk1.4.2
> for Windows. Could the answer lie with the version mismatch?

--Mike Amling

Thanx Chris, Put the key in a file. It worked