Cross-Language Encryption: Python/Java

[Daniel Orner]

Hello,

I'm working on a project that consists of a Java application on the
desktop, and a server with Python CGI code. I'm trying to find an
encryption algorithm, which would let me send encrypted information to
the server, to work identically in both Python and Java. (I.e. which
would let me encrypt data in Java, send it to the Python server, and
decrypt it there.) For various reasons, I don't want to use the built-in
Java encryption suite.
I've found implementations of Rijndael/AES for both Java and Python,
but the behavior is not identical (the strings that are produced are
different). I tried porting the Python rotormodule.c to Java, but my C
skills are not quite on the expert level, and I got bogged down trying
to figure out which C types corresponded to Java types (and its behavior
when casting and not casting, etc.).
Does anyone have a good idea about what my options might be here?
Truthfully I don't know a whole lot about encryption algorithms, so if
you can point me to something I can adapt without having to understand
all the niggling details, that would really be great.

Thanks very much for your time and attention,

--Daniel Orner

 

[John J. Lee]

I'm working on a project that consists of a Java application
on the desktop, and a server with Python CGI code. I'm trying to find
an encryption algorithm, which would let me send encrypted information
to the server, to work identically in both Python and
Java. (I.e. which would let me encrypt data in Java, send it to the
Python server, and decrypt it there.) For various reasons, I don't
want to use the built-in Java encryption suite.

[...]

Use Jython. Whether it makes sense to put Jython on server or client
probably depends on details that only you know.

Does anyone have a good idea about what my options might be
here? Truthfully I don't know a whole lot about encryption algorithms,
so if you can point me to something I can adapt without having to
understand all the niggling details, that would really be great.

[...]

Yeah, rolling your own encryption code is generally regarded to be a
bad idea.


John

 

[Ype Kingma]

I'm working on a project that consists of a Java application
on the desktop, and a server with Python CGI code. I'm trying to find
an encryption algorithm, which would let me send encrypted information
to the server, to work identically in both Python and
Java. (I.e. which would let me encrypt data in Java, send it to the
Python server, and decrypt it there.) For various reasons, I don't
want to use the built-in Java encryption suite.

[...]

Use Jython. Whether it makes sense to put Jython on server or client
probably depends on details that only you know.

Another option is a ssh tunnel from each client to your server. If this
is feasible in your environment, it has the big advantage that your code
won't even now that the communication is encrypted, only the client
would have to connect to the tunnel.

Perhaps someone else can comment on secure sockets. Java has them,
and I'd expect your server to know how to deal with them, too.

I'd also ask on a Zope list.

Good luck,
Ype

 

[Paul Rubin]

Does anyone have a good idea about what my options might be
here? Truthfully I don't know a whole lot about encryption algorithms,
so if you can point me to something I can adapt without having to
understand all the niggling details, that would really be great.

Use an SSL or SSH socket. Don't mess with application-level
encryption unless there's a good reason for it AND you know what
you're doing.

 

[Jon Willeke]

I've found implementations of Rijndael/AES for both Java and Python,
but the behavior is not identical (the strings that are produced are
different). I tried porting the Python rotormodule.c to Java, but my C
skills are not quite on the expert level, and I got bogged down trying
to figure out which C types corresponded to Java types (and its behavior
when casting and not casting, etc.).

If you're willing to spend the effort to port rotor, it's probably worth
the time to understand why the AES implementations don't agree. It's
most likely a mismatch in the padding scheme or the interpretation of
the key.

 

[=?ISO-8859-1?Q?Michael_Str=F6der?=]

I tried porting the Python rotormodule.c to Java,

From http://www.python.org/doc/current/lib/module-rotor.html:

"Deprecated since release 2.3. The encryption algorithm is insecure."

For encryption to be secure you really have to understand what you are doing!

Ciao, Michael.