Discussion:
Random data at the end of a decrypted file
(too old to reply)
c***@gmail.com
2008-03-12 14:30:23 UTC
Permalink
Hi,

I have a system which takes text based report files and uses the
BouncyCastle java API to encrypt the reports before they are sent out
via FTP. In one case, the person receiving the file is finding extra
data at the end of the file once it is decrypted. The file seems to
encrypt and decrypt fine, there's just some random data showing up at
the end of the decrypted file.

The problem is rare, but causes a lot of problems when it does happen.
I've tried a few different things including ASCII armoring the file
and not signing the file and neither of those fixed the problem. So
I'm wondering if anyone has any ideas on why this might be happening.

Thanks for any help anyone can provide.
Unruh
2008-03-12 16:11:05 UTC
Permalink
Post by c***@gmail.com
Hi,
I have a system which takes text based report files and uses the
BouncyCastle java API to encrypt the reports before they are sent out
via FTP. In one case, the person receiving the file is finding extra
data at the end of the file once it is decrypted. The file seems to
encrypt and decrypt fine, there's just some random data showing up at
the end of the decrypted file.
The problem is rare, but causes a lot of problems when it does happen.
I've tried a few different things including ASCII armoring the file
and not signing the file and neither of those fixed the problem. So
I'm wondering if anyone has any ideas on why this might be happening.
Thanks for any help anyone can provide.
You do not say how much extra data. 1 byte? 1000GB?
It may be padding to make the file a fixed multiple of 64 bits or 128 bits
long, but that would imply only a few characters.
No idea what BouncyCastle is or how it works. Why you trust your private
stuff to it, I also do not know, but that is your concern.
Unc
2008-03-13 20:22:45 UTC
Permalink
Post by Unruh
You do not say how much extra data. 1 byte? 1000GB?
It may be padding to make the file a fixed multiple of 64 bits or 128 bits
long, but that would imply only a few characters.
No idea what BouncyCastle is or how it works. Why you trust your private
stuff to it, I also do not know, but that is your concern.
The size of the reports range from 1KB to about 2MB. The files aren't
extremely large.

BouncyCastle is an API for RSA, public/private key encryption. As far
as trusting it goes, it's pgp encryption, so...I trust it as much as
gnupg and pgp desktop software. If you have other suggestions for
encrypting pgp using java let me know. I'm open to alternatives seeing
as this could be the source of the problem.
Unruh
2008-03-13 20:57:27 UTC
Permalink
Post by Unc
Post by Unruh
You do not say how much extra data. 1 byte? 1000GB?
It may be padding to make the file a fixed multiple of 64 bits or 128 bits
long, but that would imply only a few characters.
No idea what BouncyCastle is or how it works. Why you trust your private
stuff to it, I also do not know, but that is your concern.
The size of the reports range from 1KB to about 2MB. The files aren't
extremely large.
No, how long is the string of random characters inserted at the end of the file?
Post by Unc
BouncyCastle is an API for RSA, public/private key encryption. As far
as trusting it goes, it's pgp encryption, so...I trust it as much as
gnupg and pgp desktop software. If you have other suggestions for
encrypting pgp using java let me know. I'm open to alternatives seeing
as this could be the source of the problem.
Unc
2008-03-17 14:31:48 UTC
Permalink
Post by Unruh
Post by Unc
Post by Unruh
You do not say how much extra data. 1 byte? 1000GB?
It may be padding to make the file a fixed multiple of 64 bits or 128 bits
long, but that would imply only a few characters.
No idea what BouncyCastle is or how it works. Why you trust your private
stuff to it, I also do not know, but that is your concern.
The size of the reports range from 1KB to about 2MB. The files aren't
extremely large.
No, how long is the string of random characters inserted at the end of the file?
Post by Unc
BouncyCastle is an API for RSA, public/private key encryption. As far
as trusting it goes, it's pgp encryption, so...I trust it as much as
gnupg and pgp desktop software. If you have other suggestions for
encrypting pgp using java let me know. I'm open to alternatives seeing
as this could be the source of the problem.
Sorry, it took so long to reply I wanted to actually count how long
the string of characters was on a couple different reports. The random
character string is not very long... one report had about 59 extra
characters at the end and another had 63.
Unruh
2008-03-17 15:37:40 UTC
Permalink
Post by Unc
Post by Unruh
Post by Unc
Post by Unruh
You do not say how much extra data. 1 byte? 1000GB?
It may be padding to make the file a fixed multiple of 64 bits or 128 bits
long, but that would imply only a few characters.
No idea what BouncyCastle is or how it works. Why you trust your private
stuff to it, I also do not know, but that is your concern.
The size of the reports range from 1KB to about 2MB. The files aren't
extremely large.
No, how long is the string of random characters inserted at the end of the file?
Post by Unc
BouncyCastle is an API for RSA, public/private key encryption. As far
as trusting it goes, it's pgp encryption, so...I trust it as much as
gnupg and pgp desktop software. If you have other suggestions for
encrypting pgp using java let me know. I'm open to alternatives seeing
as this could be the source of the problem.
Sorry, it took so long to reply I wanted to actually count how long
the string of characters was on a couple different reports. The random
character string is not very long... one report had about 59 extra
characters at the end and another had 63.
That is too long for buffering. However, if bouncy Castle really uses only
RSA then it is an idiotic program. The standard use is to use RSA to
encrypt a private key for a symmetric cypher( which one?) and then encrypt
the actual text with that cypher.
If it actually uses RSA throughout, then those might be buffering (with a
512 bit key).
Note why in the world would you trust it. Just because it uses some of the
same elements as pgp does not make it pgp.
I would write to the writers of the program and ask them why it extends
your files with junk.

Loading...