Tuesday, February 24, 2009

How the ATM system works.

After publishing some complex java codes, I thought to put a bit general post this time. It’s about how a normal Automated Teller Machine (ATM) works. Actually this is the place where all the data encryption and decryption processes are used .We all use ATMs regularly, without having any idea about how it works. I think this post will give you a very little idea about how it works.

As you can see, an ATM can be placed anywhere (Inside or outside the bank) but the ATM controlling system (Host system) should be inside a bank. HSM (Hardware Security Module) is the tool which is used to fulfill all the encryption and decryption needs of the ATM system.

When an ATM user goes to an ATM machine and insert his card with the correct PIN, It will trigger a separate set of actions in the host system. Then host system asks for the support of HSM to verify the PIN. The PAN (Personal Account Number) and security data related to the particular ATM card will be sending to HSM encrypted under an unique key called as LMK. After that HSM generates a new PIN based on the received information. Meanwhile the actual PIN is directly sent to the HSM by ATM. So finally, by comparing the actual PIN with newly generated PIN, the verification decision will be taken and send it to Host System by HSM.


Wednesday, December 31, 2008

How a double length key used with DESede (Triple DES) algorithm.


In Triple DES encryption algorithm, the encryption process is very simple but it’s very hard to reverse the process. That is why the triple DES encryption algorithm becomes as one of the most powerful encryption algorithm in modern programming world.

When we use a triple length key with triple DES encryption algorithm, the data part which is to be encrypted is being encrypted with the first 8 bytes of the key. And then, that result will be decrypted by second 8 bytes of the key. Finally, that decrypted result is again encrypted by third 8 bytes portion of the key. That’s what happened in triple DES with triple length key.

Using a single length key that means a key which is 8 bytes long, with triple DES algorithm is no use. Because the same 8 byte portion will be used to encryption and decryption purposes of the algorithm. So encryption and decryption with the same 8 bytes will give you the original data which you were submitted to the algorithm, and after another encryption round it will give a simple result. And it will be the same result which you can get after encrypting the data by the single key. So there is no point of using the triple DES algorithm.   

But if we use a double length key, there is something to be processed, but that process will be little different from using the algorithm with triple length key. Because there are no third 8 bytes portion in the key for final encryption stage. So we have to use another method.

I concatenated the double length keys first 8 bytes portion with the double length key and make a new triple length key. So by that triple length key we can do our encryption function without any trouble. And the result of this algorithm was checked by me and it was correct.

Try this method, you'll defenetly get great results.


Wednesday, December 24, 2008

Byte value and Hex String value converter.

This java coding is a simple one which anyone can use to try the previously posted encryption and decryption program. The Convertor class has two methods. First one is convertHexToByte () method and the second one is convertByteToHex () method.

                This is not a standard type of a method, but it has a special algorithm for conversion. I know that anybody can convert a Hex String by using java.lang.String.getBytes () method to return an array of byte values, but it has the same length of the String. But that type of a method will not be useful with encryption / decryption processes. So we can use my method for that purpose.

                The convertByteToHex () method is also has a special algorithm. It will return good results when using with the convertHexToByte () method. And you can add a decimalization table to the result if you want so.

/**

 * @author Sashika Nimantha Perera

 */

public class Convertor {

    public static byte[] convertHexToByte(String sHexString)

                    {

                        if(sHexString == null) return null;

                        sHexString = sHexString.trim().toUpperCase();

                        if((sHexString.length() % 2) > 0) return null;

                        int iLengthInBytes = sHexString.length()/2;

                        byte[] abMessage = new byte[iLengthInBytes];

 

                        for (int i = 0; i <>

                          {

                            String sOneByte = sHexString.substring(i*2, i*2 + 2);

                            Integer I = Integer.valueOf(sOneByte, 16);

                            byte b = I.byteValue();

                            abMessage[i] = b;

                          }

                        System.out.println(" convertHexToByte: length in bytes: " + abMessage.length);

                        return abMessage;

        }

 

 

    public  static String convertByteToHex(byte [] bByteArray){

                                                String sResult="";

 

                                for(int i=0; i

                          {

                             sResult = sResult + byteConvert(Integer.toHexString(bByteArray[i]));

                             //System.out.println(sResult);

              }

 

                                                return sResult;

                                }

 

                private static String byteConvert(String x){

                                                                if (x.length() == 1)

                                                                   {

                                                                       x = "0" + x;

                                                                   }

                                                                else if (x.length() == 8)

                                                                   {

                                                                       x = x.substring((x.length()-2), x.length());

                                                                   }

                                                                //            Decimalization Table

                                                                    //x = x.replace('a','1');

                                                                    //x = x.replace('b','2');

                                                                    //x = x.replace('c','3');

                                                                    //x = x.replace('d','4');

                                                                    //x = x.replace('e','5');

                                                                    //x = x.replace('f','6');

                                                // remove the comments if the result want a decimalization table support.

                                                                return x;

                                                                                }

 

}

Thursday, December 11, 2008

Simple key encryption/decryption java example

In my internship period, i was assign to a Software Security Module development project. And it has to be developed in java. So in the middle of the development i had to face lot's of programming problems. But finally, i've managed to complete my project. So i thought to share my java programming experiences on using java.Crypto class with people who are in all around the world.

Key encryption/decryption class in java.

The unique feature of this class is the doEncrypt method of this class returns a byte array which has the same length of encrypted key.And the doDecrypt method will decrypt the resulted values of doEncrypt method into it's clear values.Try this, it's very simple.  


import javax.crypto.*;
import javax.crypto.spec.*;

/**
 *
 * @author Sashika Nimantha Perera
 */
public class Crypto {
    
    public static byte[] doEncrypt(byte[] baKey,byte[] baFormattedDataBlock){
        byte encrypted[] = new byte[1];
SecretKey key = null;
Cipher c = null;
        
        // for 8 byte long key
        if(baKey.length == 8){
            // return that Warning in host command manual "02 : Warning PVK not single length"
            try{
                SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
                // as parameters we can give only algorithm and the provider
                c = Cipher.getInstance("DES/ECB/NoPadding");
                DESKeySpec ks = new DESKeySpec(baKey);

                key = skf.generateSecret(ks);

                c.init(Cipher.ENCRYPT_MODE, key);

                encrypted = c.doFinal(baFormattedDataBlock);
                                      
                }catch(Exception e){
                System.out.println(e.toString());
                }
         
        // for 16 byte long key    
        }else if(baKey.length==16){
            byte[] bArrayForDouble = new byte[24];
            System.arraycopy(baKey,0,bArrayForDouble,0,16);
            System.arraycopy(baKey,0,bArrayForDouble,16,8);
            try{
                SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede");
                // as parameters we can give only algorithm and the provider
                c = Cipher.getInstance("DESede/ECB/NoPadding");
                DESedeKeySpec ks = new DESedeKeySpec(bArrayForDouble);

                key = skf.generateSecret(ks);

                c.init(Cipher.ENCRYPT_MODE, key);

                encrypted = c.doFinal(baFormattedDataBlock);
                
                }catch(Exception e){
                    System.out.println(e.toString());
                }
         
        //for 24 Byte long key    
        }else if (baKey.length==24){
            try{
                SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede");
                // as parameters we can give only algorithm and the provider
                c = Cipher.getInstance("DESede/ECB/NoPadding");
                DESedeKeySpec ks = new DESedeKeySpec(baKey);

                key = skf.generateSecret(ks);

                c.init(Cipher.ENCRYPT_MODE, key);

                encrypted = c.doFinal(baFormattedDataBlock);
                
            }catch(Exception e){
                System.out.println(e.toString());
            }
        }
        return encrypted;
    }
    
    
    public static byte[] doDecrypt(byte[] baKey, byte[] baFormattedDataBlock){
        byte decrypted[] = new byte[1];
SecretKey key = null;
Cipher c = null;
        
        // for 8 byte long key
        if(baKey.length == 8){
            // return that Warning in host command manual "02 : Warning PVK not single length"
            try{
                SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
                // as parameters we can give only algorithm and the provider
                c = Cipher.getInstance("DES/ECB/NoPadding");
                DESKeySpec ks = new DESKeySpec(baKey);

                key = skf.generateSecret(ks);
                c.init(Cipher.DECRYPT_MODE, key);
                        
                decrypted = c.doFinal(baFormattedDataBlock);
                
                }catch(Exception e){
                    System.out.println("Exception in De8 " + e.toString());
                }
            
        // for 16 byte long key    
        }else if(baKey.length==16){
            byte[] bArrayForDouble = new byte[24];
            System.arraycopy(baKey,0,bArrayForDouble,0,16);
            System.arraycopy(baKey,0,bArrayForDouble,16,8);
            
            try{
                SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede");
                // as parameters we can give only algorithm and the provider
                c = Cipher.getInstance("DESede/ECB/NoPadding");
                DESedeKeySpec ks = new DESedeKeySpec(bArrayForDouble);

                key = skf.generateSecret(ks);

                c.init(Cipher.DECRYPT_MODE, key);

                decrypted = c.doFinal(baFormattedDataBlock);
                        
                }catch(Exception e){
                    System.out.println( e.toString());
                }
        
        //for 24 Byte long key    
        }else if (baKey.length==24){
            try{
                SecretKeyFactory skf = SecretKeyFactory.getInstance("DESede");
                // as parameters we can give only algorithm and the provider
                c = Cipher.getInstance("DESede/ECB/NoPadding");
                DESedeKeySpec ks = new DESedeKeySpec(baKey);

                key = skf.generateSecret(ks);

                c.init(Cipher.DECRYPT_MODE, key);

                decrypted = c.doFinal(baFormattedDataBlock);
                
                }catch(Exception e){
                    System.out.println( e.toString());
                }
        }
        
        return decrypted;
    }
}