OCaml cryptokit and Java PBEWithMD5AndDES
By gildor on Friday, September 18 2009, 17:11 - Permalink
During one of my project I need to interact with Java cryptographic extension. Some data has been encrypted using PBEWithMD5AndDES. I need to access it from OCaml.
I take a look at available cryptographic extension in the Debian project for OCaml: cryptgps and cryptokit. I choose cryptokit, because its author is well known: Xavier Leroy.
This article was my starting point. Of course, I keep in mind that the reference is there and that there is a good article covering it.
Here is the result in OCaml:
let decrypt passphrase salt ?(iterationCount=41) str = let key, iv = let rec hash_aux iter str = if iter > 0 then (* Rehash string *) hash_aux (iter - 1) (hash_string (Hash.md5 ()) str) else (* Key = first 8 bytes of the MD5 hash *) String.sub str 0 8, (* IV = last 8 bytes of the MD5 hash *) String.sub str 8 8 in (* Hash n times combination of passphrase and salt, return key and iv *) hash_aux iterationCount (passphrase ^ salt) in transform_string (Cipher.des ~pad:Padding.length ~iv:iv key Cipher.Decrypt) str
The only missing information was the pad algorithm to use (Padding.length). For this piece of information, I need to browse the RSA documentation and test a little bit.
Rewriting PBEWithMD5andDES is quite straightforward with cryptokit and OCaml. It takes 25 lines with C# and OCaml (only counting LoC, no comment, no empty constructor or declaration in C#). I was thinking that this task will require 2 or 3 days, but it has been done in 4 hours...
Many thanks to cryptokit ;-)