Message-Id: <199903221938.LAA02975@laguna.eng.sun.com>
Date: Mon, 22 Mar 1999 11:38:12 -0800 (PST)
From: Jan Luehe <Jan.Luehe@eng.sun.com>
Subject: Re: JCE 1.2 Cipher class initialization problem
To: java-security@java.sun.com, richcar@cs.utexas.edu
Rich:
> Attached is some info on a bug report concerning JCE 1.2. I figured you
> might want to hear about it directly.
What you are seeing is the expected behaviour, and it
is documented both in the JCE 1.2 API user guide
(see API_users_guide.html#CipherClass, sections "Initializing
a Cipher Object" and "Managing Algorithm Parameters") and
the javadocs for javax.crypto.Cipher.
API_users_guide.html#CipherClass, section "Initializing a
Cipher Object", has the following information:
"If a Cipher object that requires parameters (e.g., an initialization
vector) is initialized for encryption, and no parameters are supplied
to the init method, the underlying cipher implementation is supposed
to supply the required parameters itself, either by generating random
parameters or by using a default, provider-specific set of parameters.
However, if a Cipher object that requires parameters is initialized
for decryption, and no parameters are supplied to the init method, an
InvalidKeyException or InvalidAlgorithmParameterException exception
will be raised, depending on the init method that was used."
DES in CBC mode uses an initialization vector (IV) as its
parameter.
In encryption mode, the underlying cipher implementation
is supposed to generate the IV if the application does
not supply one.
However, if you use DES in CBC mode and initialize it for decryption,
without supplying the required IV, you'll get the exception
you are seeing. If the underlying implementation also
generated an IV in that case, the decryption would fail.
Jan