Date: Fri, 24 Jul 1998 16:00:01 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: A JCE question
To: entezari@hotmail.com
Reza:
> I would like to thank Jan for his prompt reply to my previous question.
> I have a telnet server and client that are communicating with each other
> through sockets with the DES security for the strings
> that are sent over the net. I am using a cipher with doFinal method
> to encrypt and decrypt the data. In each side I am making a DES key
> using a password string that is asked from the user.
> The client and server work perfectly fine with each other
> They can send and receive strings for four or five times but after that
> they start to recieve garbage strings with out any change in inputs. Why
> they start to work unproperly after they send and receive data perfectly
> correct for few times?
> I appreciate your help in advance.
>
> Cheers,
> Reza Entezari
> Canada
>
> PS: Telnet client and server work correctly and the problem can only be
> from the encryption and decryption system.
Looking at your source code, I noticed a couple of things:
1. in TelnetServer.java:
while ( len != -1)
{
output = server_in.readLine();
socket_out.write( output.getBytes() );
len = socket_in.read( buffer );
System.out.println("Client said: " + toHexString( buffer ) );
}
The server does not encrypt its output before sending it to
the client (however, the client is expecting ciphertext!),
and does not decrypt the input read from the client
(however, the client is sending ciphertext!).
2. "buffer" is too small (only 8 bytes). You should make that
16 bytes, because each of your messages sent is 8 bytes + 8 padding
bytes (in its default mode that you are using, the DES cipher
from the "SunJCE" provider uses PKCS#5 padding!).
3. Use "socket_in.readFully()" instead of "socket_in.read()"
(in both the client and the server).
"socket_in" already is an instance of DataInputStream, so you can
use "readFully". Note that you have to change
InputStream socket_in = new DataInputStream(...)
to
DataInputStream socket_in = new DataInputStream(...)
"readFully" will ensure that you are reading all the bytes sent.
After making all those changes, your client/server programs work
just fine.
Jan