Hi, I'm trying to use the Blowfish class from gnu.crypto.cipher to encrypt some text. Problem is, when I encrypt a piece of text and then decrypt the encrypted text, I sometimes wind up with junk. About 90% of the time it works perfectly, but 10% of the time there is random text mixed in with the decrypted text. For example:

bigbluehorsefrank was a dude

becomes:

bigbluehorsefranþeþ°dude


I might be making an obvious mistake since I'm a newbie to Blowfish and cryptography in general. The code is like so (edit: formatted as PHP even though it's Java because I think the formatting makes it easier to read):


import gnu.crypto.cipher.Blowfish;
import java.lang.reflect.Array;

public class EncryptionUtils {


public static String encrypt (String cookieValue) {

byte[] plainText;
byte[] encryptedText;
Blowfish blowfish = new Blowfish();

// create a key
String key = "zzforexamplekeytext";
byte[] keyBytes = key.getBytes();
Object keyObject = blowfish.makeKey(keyBytes, 8);

//make the length of the text a multiple of the block size
if ((cookieValue.length() % 8) != 0) {
while ((cookieValue.length() % 8) != 0) {
cookieValue += " ";
}
}

// initialize byte arrays for plain/encrypted text
plainText = cookieValue.getBytes();
encryptedText = new byte[cookieValue.length()];

// encrypt text in 8-byte chunks
for (int i=0; i<Array.getLength(plainText); i+=8) {
blowfish.encrypt(plainText, i, encryptedText, i, keyObject, 8);
}

String encryptedString = new String(encryptedText);
return encryptedString;
}



public static String decrypt (String cookieValue) {

byte[] encryptedText;
byte[] decryptedText;
Blowfish blowfish = new Blowfish();

//create the key
String key = "zzforexamplekeytext";
byte[] keyBytes = key.getBytes();
Object keyObject = blowfish.makeKey(keyBytes, 8);

//make the length of the string a multiple of
//the block size
if ((cookieValue.length() % 8) != 0) {
while ((cookieValue.length() % 8) != 0) {
cookieValue += " ";
}
}

//initialize byte arrays that will hold encrypted/decrypted
//text
encryptedText = cookieValue.getBytes();
decryptedText = new byte[cookieValue.length()];

//Iterate over the byte arrays by 8-byte blocks and decrypt.
for (int i=0; i<Array.getLength(encryptedText); i+=8) {
blowfish.decrypt(encryptedText, i, decryptedText, i, keyObject, 8);
}

String decryptedString = new String(decryptedText);
return decryptedString;
}

}

Breakthrough! It seems that the process of converting the encrypted bytearray to a String and then the String back into a bytearray for decryption compromises the data.

Now the question (which is probably easier to solve) is what's going wrong in the process of converting to a String and back?

// encrypted text is a byte array containing the results from the encryption algorithm:
// decrypting it gives the expected result while decrypting newEncryptedText returns some junk
String encryptedString = new String(encryptedText);
byte[] newEncryptedText = ct.getBytes(encryptedString);

SIDEBAR: The code from my original post probably works aside from the problem I mentioned in this post, but I discovered that the preferred way of using the crypto class is to use the CipherFactory Class. This URL gives a helpful example for anyone interested: http://www.gnu.org/software/gnu-crypto/manual/Cipher-Example.html#Cipher%20Example

I needed to Base64-encode the text before turning it into a string and vice-versa. GNU crypto even has a built-in Base64 class for that purpose: gnu.crypto.util.Base64.

Case closed!