Date: Tue, 9 Mar 1999 09:48:43 -0800 (PST)
From: Jan Luehe <Jan.Luehe@Eng>
Subject: Re: Previous mail
To: java-security@java.sun.com, Frank.Yellin@Eng
Frank:
> Strangely enough:
>
> Cipher cipher = Cipher.getInstance("DES/OFB8/NoPadding");
> cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key);
> AlgorithmParameters ap = cipher.getParameters();
> cipher.init(javax.crypto.Cipher.DECRYPT_MODE, key, ap);
> works fine, while
> cipher.init(javax.crypto.Cipher.DECRYPT_MODE, key);
> gives an error.
>
> So it'll initialize ENCRYPT_MODE using default algorithm parameters (I
> would presume), which I can then give to the DECRYPT_MODe.
In this case, it uses a random IV.
> But it won't initialize DECRYPT_MODE unless the parameters are expressly
> presented.
>
> Not nearly as bad as I originally thought, but still slightly quirky.
Why? Don't you have to use the same parameters for decryption
that were used for encryption? If parameters were required for
decryption, and you did not provide any, and I generated random
ones, decryption would fail, and we would get hundreds of emails
every day claiming that core functionality of the JCE did
not work.
Parameters are treated completed transparently
to the user. The user does not have to know if a particular
algorithm uses any parameters (for encryption). If no parameters
are passed, the underlying implementation will generate them.
Now the user only has to call Cipher.getParameters(), to determine
if any parameters were used, and pass the same object (if non-null)
to the decryption routine, without having to know which type
of parameters are hidden in the parameter object.
I would think that this makes life very easy for users, and
the feedback we have gotten so far supports this.
Jan