Cipher transformation that outputs non-padded plaintext final partial block

I have written some Java code to read from and write to an existing data format that encrypts its data using a known symmetric key. It appears to be using the "AES/ECB/NoPadding" transformation / algorithm for all blocks, except for the final block, if the final block is a partial block. Any partial final block is just written out plaintext. When I use an "AES/ECB/NoPadding" Cipher in a CipherInputStream or a CipherOutputStream to read from or write to such a byte stream, respectively, everything works fine, except that any partial final block is omitted, as is expected from what I know of the behavior of "AES/ECB/NoPadding".
(FYI, all of these questions relate to the Oracle JDK 7u2. For classes whose source is not included with this JDK, e.g., com.sun.crypto.provider.AESCipher, I looked at the source from the OpenJDK 7u2. I only looked at the default crypto provider included in the JDK, which I assume is the SunJCE, but I may be wrong.)
1) Is there any other transformation that will properly decrypt / encrypt all the full blocks, but read / write, respectively, a partial final block as plaintext? (I assume not, but I also assume that it won't hurt to ask)
2) Is there any way to obtain the buffered partial final block's data from Cipher? I can get the length of the leftover data from getOutputSize(0), but I haven't found a way to get the content. (I assume that this is done intentionally, to keep the Cipher-related classes as secure as possible)
If I knew the length of the input, I could just determine the index of the end of the last full block, but I'd like this code to work with any arbitrary InputStream, and there's no way to know the length of an InputStream (without reading until you receive a -1, of course).
I will probably wind up using a wrapping InputStream / OutputStream that always buffers the last partial block read from / written to it, respectively, until it's received a -1 from a read, or a flush call, respectively, but I wanted to avoid this if I could possibly use the crypto API more effectively.
As an aside, I investigated exposing a partial final block's data by creating a wrapper class for one or more of the crypto classes. This appears difficult since many of these classes are final. Some other non-final crypto classes have final methods that use non-exposed private members, so those might be difficult, if not impossible, to wrap properly. The best plan that I devised is to create a CipherSpi subclass that wraps around a Cipher, and then use a Cipher subclass that wraps around both the wrapping CipherSpi subclass and the original Cipher. This appears convoluted, so I haven't yet thoroughly investigated its feasibility.
I don't think that I can plug in a new mode or padding implementation to the existing SunJCE classes, since com.sun.crypto.provider.CipherCore seems to limit the potential implementations to those of which it is already aware.
Please let me know if I've overlooked or misunderstood anything (this is the first time that I've used the crypto API).
Thanks.

Ross wrote:
It's an existing data format from a huge company. I can't change it, so I cannot switch to CBC or any other mode that is not compatible with ECB for all but a partial final block. If the existing data format is not binary then you have another problem. Ciphertext is binary and storing binary in a 'char' or 'varchar' column is likely to corrupt the ciphertext and in order to reversibly convert it to ASCII or one of the other character encodings then you are going to have to encode it as Base64 (approx 33% inflation), Hex (100% inflation) or ASCII85 (approx 25% inflation).
I'm just trying to read and write from it. I don't care about security, since the data is on my computer, and it's not sensitive data (at all; it's data about music files). I don't understand this. If it's not sensitive then why are you considering encrypting it? Seems to me to be a pointless requirement!
I will never transmit the data anywhere, and, even if someone got hold of the data, I wouldn't care in the slightest.Again, why encrypt it then?
>
You're definitely right about it being a major security bug, though, so thanks for the recommendation. I just want a nice programmatic interface to read and write the data. I understand why the crypto API would want to make it difficult to obtain partial final block info, but was just wondering if there is any easy way to obtain it anyway. You could use one of the stream ciphers or one of the techniques that turns a block cipher into a stream cipher resulting in one byte per byte. To make it secure you will still need to use a random IV (or something similar) so there will still be an inflation. You can normally get away with just 8 bytes for the IV. The output is still binary bytes and will need to be encoded (Base64, Hex or ASCII85) if you are going to try to store it in a 'char' or 'varchar' which will result in further inflation.
I just wrote the cyclic buffer & associated input & output streams, so I'll probably just use those since I probably won't be able to extricate the partial final block from the crypto classes.I don't understand this.
Note - pretty much every time one encrypts data one ends up with ciphertext longer than the cleartext. This is fundamental to encryption and is nothing particularly to do with Java. One can often use compression of the original cleartext prior to encryption but this does not guarantee to result in smaller ciphertext than cleartext.
Note 1 - it seems to me that all you are trying to do is obfuscate the data so why not just use a simple insecure substitution cipher? This way you end up with ciphertext of the same length as the cleartext and using the same character set so nothing in the database structure has to change.

Similar Messages

  • SAx Output non XML Compliant (Part 2)

    This is the question I asked before:
    http://forum.java.sun.com/thread.jsp?forum=34&thread=471553&tstart=0&trange=15
    my doubt is: what happens when the & character appears in the input data? I.e. not written by me in the XSLT styleSheet.
    Is there anything I can put in the stylesheet so the special characters appear escaped?
    And if not, is there any class that will escape all the special characters so I can use it in the Contenthandler?
    I know I could write one such class, but it seems such a common problem that I'm sure there must be a standard one out there.
    Cheers!

    I am using a Transformer and getting the output with a Contenthandler. But the output I get hasn't got the special characters converted. I don't know if it is meant to be this way or it is because I'm using a SAXResult or what.
    I find it very strange because if I tell my Transformer that the output is XML one would think that it would leave the special characters escaped.

  • I tried downloading Final Cut ProX but my computer said that "this computer cant download Final Cut ProX" and i dont know why?

    i tried downloading Final Cut ProX but my computer said that "this computer cant download Final Cut ProX" and i dont know why?

    Is your iMac still really on OS X 10.2 Jaguar?
    Could you supply more accurate info about your Mac.
    What Mac do you have?
    To find out info about your system,
    Click on the Apple symbol in the upper left of the OS X main menu bar. A drop down menu appears.
    Click About this Mac. A smaller popup window appears. This gives you basic info like what version of OS X your iMac is running, the speed of your iMac's CPU and how much RAM is installed.
    Click on the button that says More Info.
    A larger window appears giving you a complete overview of your iMac's hardware specs.
    Highlight all of this info and copy/paste all of this into another reply to this post, editing out your iMac's serial number before actually posting the reply.
    This will tell us everything about your iMac so we may begin to help with your iMac issues.
    Final Cut Pro X System Requirements.
    OS X v10.9.2 or later
    4GB of RAM (8GB recommended for 4K)
    OpenCL-capable graphics cardor Intel HD Graphics 3000 or later
    256MB of VRAM (1GB recommended for 4K)
    3.5GB of disk space

  • Folders that having non-ascii chars are not displaying on MAC using JFileChooser

    On MAC OS X 10.8.2, I have latest Java 1.7.25 installed. When I run my simple java program which allows me to browse the files and folders of my native file system using JFileChooser, It does not show the folders that having non-ascii char in there name. According this link, this bug had been reported for Java 7 update 6. It was fixed in 7 Update 10. But I am getting this issue in Java 1.7.21 and Java 1.7.25.
    Sample Code-
    {code}
    public class Encoding {
    public static void main(String[] arg) {
    try {
    //NOTE : Here at desktop there is a folder DKF}æßj having spacial char in its name. That is not showing in file chooser as well as while is trying to read for FILE type, it is not identify by Dir as well as File - getting File Not Found Exception
    UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());
    } catch (IllegalAccessException ex) {
    Logger.getLogger(Encoding.class.getName()).log(Level.SEVERE, null, ex);
    } catch (UnsupportedLookAndFeelException ex) {
    Logger.getLogger(Encoding.class.getName()).log(Level.SEVERE, null, ex);
    } catch (ClassNotFoundException ex) {
    Logger.getLogger(Encoding.class.getName()).log(Level.SEVERE, null, ex);
    } catch (InstantiationException ex) {
    Logger.getLogger(Encoding.class.getName()).log(Level.SEVERE, null, ex);
    JFileChooser chooser = new JFileChooser(".");
    chooser.showOpenDialog(null);
    {code}

    Hi,
    Did you try this link - osx - File.list() retrieves file names with NON-ASCII characters incorrectly on Mac OS X when using Java 7 from Oracle -…
    set the LANG environment variable. It's a GUI application that I want to deploy as an Mac OS X application, and doing so, the LSEnvironment setting
    <key>LSEnvironment</key> <dict> <key>LANG</key> <string>en_US.UTF-8</string> </dict>

  • I am using a code based typesetting program (not WYSISYG) that outputs PDFs. I am producing 100 plus pages that have multiple graphics on each page. I need to know how to format a PDF command that I can incllude in my programming that will tag my graphics

    I am using a code based typesetting program (not WYSISYG) that outputs PDFs. I am producing 100 plus pages that have multiple graphics on each page. I need to know how to format a PDF command that I can incllude in my programming that will tag my graphics with "Alternative Text".
    I know that with a Microsoft product graphics can be tagged before a PDF is made. I need to know how to do this with my programming.

    The Acrobat SDK might be a starting point.
    From there, perhaps a plug-in (built with C+).
    Perhaps with a licensed release of a PDF Library (this could be $$).
    The viable and cost effective alternative is use the tried and true.
    Authoring in an appropriate authoring application with appropriate tag management.
    Example:  Adobe InDesign; Adobe FrameMaker or MS Word with PDFMaker (comes with install of Acrobat).
    This way you place "Alternative Text" when mastering content in the authoring file.
    Going the route and with some look-see (research) you may find programmatic approaches to placing the alt txt in the authoring file.
    Note: as discussed in the Matterhorn Protocols there is no programmatic method that provides a fully accessible PDF (specifically, that is an ISO 14289-1, PDF/UA-1 compliant PDF).
    Regardless, here you have a sub-forum for discussions on Acrobat usage.
    Consequently discussions on/of 3rd party software is rather out of scope eh.
    Be well...

  • Regex with strings that contain non-latin chars

    I am having difficulty with a regex when testing for words that contain non-latin characters (specifcally Japanese, I haven't tested other scripts).
    My code:
    keyword = StringUtil.trim(keyword);
    //if(keywords.indexOf(keyword) == -1)
    regex = new RegExp("\\b"+keyword+"\\s*;","i");
    if(!regex.test(keywords))
    {Alert.show('"'+keywords+'" does not contain "'+keyword+'"'); keywords += keyword + "; ";}
    Where keyword is
    日本国
    and keywords is
    Chion-in; 知恩院; Lily Pond; Bridge; 納骨堂; Nōkotsu-dō; Asia; Japan; 日本国; Nihon-koku; Kansai region; 関西地方; Kansai-chihō; Kyoto Prefecture; 京都府; Kyōto-fu; Kyoto; Higashiyama-ku; 東山区; Places;
    When the function is run, it will alert that keywords does not contain keyword, even though it does:
    "Chion-in; 知恩院; Lily Pond; Bridge; 納骨堂; Nōkotsu-dō; Asia; Japan; 日本国; Nihon-koku; Kansai region; 関西地方; Kansai-chihō; Kyoto Prefecture; 京都府; Kyōto-fu; Kyoto; Higashiyama-ku; 東山区; Places; " does not contain "日本国"
    Previously I was using indexOf, which doesn't have this problem, but I can't use that since it doesn't match the whole word.
    Is this a problem with my regex, is there a modifier I need to add to enable unicode support or something?
    Thanks
    Dave

    ogre11 wrote:
    > I need to use refind to deal with strings containing
    accented characters like
    > ?itt? l?su, but it doesn't seem to find them. Also when
    using it with cyrillic
    > characters , it won't find individual characters, but if
    I test for [\w] it'll
    > work.
    works fine for me using unicode data:
    <cfprocessingdirective pageencoding="utf-8">
    <cfscript>
    t="Tá mé in ann gloine a ithe;
    Nà chuireann sé isteach nó amach
    orm";
    s="á";
    writeoutput("search:=#t#<br>for:=#s#<br>found
    at:=#reFind(s,t,1,false)#");
    </cfscript>
    what's the encoding for your data?

  • Capturing the output of a jsp page and save that output in a WORD .doc file

    Hi,
    This is Naveen. I got stuck up with a problem/doubt. URGENT ! URGENT !
    My doubt is how to capture the output of a jsp page(the content is dynamic generated) and save that output to a MS-Word doc file.
    I know that therez an option of using Servlets Filters, but this concept is supported by Servlet 2.3 spec. and not earlier. And we are working on previous spec. and our web-servers also supports the prev. version and not the 2.3 version.
    If incase, therez a third-party utility for free usage, suggestions are appreciated.
    Hope most of them came across this kind of functional requirement. If anyone of them succeeded in this, please express ur bitter experience if any, faced during the coding.
    Thanks in Advance for help.
    Naveen

    You can set the MIME content type as .doc and try to open the Page.
    res.setContentType("application/vnd.ms-excel"); to generate the Page output as Excel
    res.setContentType("application/vnd.ms-word"); to generate the Page output as MS Word doc
    Hope this helps..

  • Apps that use non-public APIs will be rejected

    Hi guys
    Just reading the iOS guidelines before I get too deep into making the native version of a web app.
    I was wondering what:
    Apps that use non-public APIs will be rejected
    means when submitting an app made in AIR - does it mean you can't use your own custom classes?
    Cheers

    If you mean custom AS3 classes, yes you can use those. What you can't do is create an ANE that calls into the private frameworks of iOS itself.

  • How to Create report in Material Master that outputs stock

    Hi,
         How to Create report in Material Master that outputs stock, grouped by Material Type and Plant. The output shows Material No, Storage location, Unit of Measure and Description in addition to group totals. Data was extracted from MARA, MARC, MARD, MAKT,MKPF,
         MSEG and T001W.and what are the fields to be used.

    hi,
    check the transaction MMBE or MC.9..
    for mmbe the program is RMMMBESTN.
    check the logic in the program.

  • How to make report output non editable

    Hi can any body give me sample code on how to make the report output non editable.
    thanks in advance
    kp

    Hi
    What are you meaning?
    U don't want to allow to change the data in the selection-screen?
    If it's so:
    AT SELECTION-SCREEN OUTPUT.
       LOOP AT SCREEN.
          SCREEN-INPUT = 0.
          MODIFY SCREEN.
      ENDLOOP.
    If you need to change only certain fields:
    PARAMETERS: P1 ......,
                P2 ...... MODIF ID AAA.
    SELECT-OPTIONS: SO_1 FOR .....,
                    SO_2 FOR ..... MODIF ID AAA.
    AT SELECTION-SCREEN OUTPUT.
       LOOP AT SCREEN.
          CHECK SCREEN-GROUP1 = 'AAA'.
          SCREEN-INPUT = 0.
          MODIFY SCREEN.
      ENDLOOP.
    Max

  • XmError: 7000 ODI XML Transformation That Can Be Executed Within a BPEL Pro

    Hi iam sudhakar
    iam using xml file as source and target and one csv file at the source through demo given in oracle site
    facing problem loading data in taget xml file
    source xml file contains
    client_id,
    address
    and othercolums
    csv file source contains
    client_id
    new_address
    row_id
    target xml(same as source) file is
    client_id
    address
    and othe rcolums
    iam just joining xml source and file as left outer join
    problem is unable recive the data from file to the target xml file and it not showing any errpors
    only xml data only storing in target xml file
    and
    set sql to sql
    sql to sql append
    filq to sql
    After that i have created variable the opened sql to sql append
    in detail tab
    ia have written create XMLFILE (NAME OF THE VARIABLE ) FROM SCHEMA geo
    Then I have created package
    i joined variable and interface then excuted
    In operator it showing errors
    Sunopsis.jdbx.xml....
    pls send the solution how to do
    ODI XML Transformation That Can Be Executed Within a BPEL Pro
    thanks
    user11366851

    I tried According to ur suggestion ,it is not working
    Actually Iam doing Second demos in oracle data integrator in oracle site
    http://www.oracle.com/technology/obe/fusion_middleware/odi/ODIxml_BPEL/ODIxml_BPEL.htm
    In this demo iam facing problem with coalesce function it is used in target data shore(address column)
    pls tell the steps from starting onwards.......
    thanks and regards
    user11366851

  • Group messaging not working with groups that contain non iphone users

    I have an Iphone 5 and for some reason I can't send/receive group messages with groups that contain non Iphone users.  Basically I recieve single text messages/imessage from each person who responds to the group message.  This is incredibly annoying.

    Hello, megbu36. 
    Thank you for visiting Apple Support Communities.
    Check to make sure that group messaging is enabled.  Go to Settings > Messages and turn on Group messaging.
    iOS: Understanding group messaging
    http://support.apple.com/kb/HT5760
    Cheers,
    Jason H.

  • Batch rename files that have non consecutive numbers?

    I have a folder with about 100 image files that have non consecutive numbers. Is there a way to rename them all to add something after the numbers (and before file type extension) without changing the numbers?
    Example: If I select 111019.003.dng and 111019.007.dng, is there a way to batch rename to 111019.003_tk.dng and 111019.007_tk.dng?
    Of course, simply batch renaming w/ a sequence number would change them to 111019.003_tk.dng and 111019.004_tk.dng. Which is no good.
    I realize the easiest way around this is to name them correctly the first time, but I am not the photographer.
    Hope this makes sense, and thanks.

    You can bulk rename in Bridge IE:-

  • Can Java be started in a directory that contains non ascii char

    I installed a product developed using Java in a folder whose name contains non-ascii chars, such as Japanese chars or german chars.
    This will cause error said: unable initialise java virtual machine, error code -1
    Some one said Java doesn't like being started in a directory that contains non ascii characters. There appears to be no way of passing it unicode parameters.
    Is there anyone once hit the similiar issue or know the root cause of such problem?
    Thanks

    Yes you can use your web start application console. To enter data which is required for your application it is better idea to use java application which runs in console mode althou you may try to run console of windows and then read data from its input stream.

  • I'm getting a error that says NONE when I'm trying to reset up Adobe Photoshop Element. How do I fix it?

    I'm getting a error that says NONE when I'm trying to reset up Adobe Photoshop Element. How do I fix it? I already have the program but updated my computer from Vista to windows 7, and it didn't transfer over. What do I do?

    Sorry, but I'm not clear when you get the message NONE.
    Which version of Photoshop Elements do you have?
    Have you installed Photoshop Elements on your Windows 7 system?
    What are you doing when you get the message NONE?
    Brian

Maybe you are looking for