Doing ColdFusion 3DES Encryption in Java (well, Groovy.)
Last night on his blog, Sean Corfield asked if anyone knew how to write raw Java / Groovy that'd give equivalent output from ColdFusion's encrypt() and decrypt() functions when using 3DES / TripleDES / DESede (many names, same thing?) encryption and hex encoding.
I wanted to see if I could knock this out before the West-coast Broadchoicers were awake so that they'd have a day that wasn't blocked by encryption woes.
It turns out that when you use ColdFusion encryption with "hex" as your encoding option, ColdFusion performs two different conversions:
First, GenerateSecretKey() returns the secret key from the underlying javax crypto library as a Base64 string, even when you state "hex". Sensible, really, as there's no reason to support different encodings at this point.
Next, when you encrypt a string, it not only encrypts it but converts it to the desired encoding - in Sean's case, hex.
The attached zip includes a Groovy script solves the problem, performing all of the necessary conversion and encryption. It also includes a ColdFusion script. Running both shows them taking the same input and producing the same output. (For the curious types: both use a key that I generated locally, not a "real" key string!)
It relies on the Xerces library. I'm using the xerces-2.6.2.jar that comes in Hibernate's /lib, but it's available on its own at xerces.apache.org.
Seriously TripleDESEncryptionLikeColdFusion? I thought I was the only one to write functions, methods, classes with names that long.
The more I see and hear of groovy the more I like what I see. I am really going to have find something interesting to do with it and set about it.