I'd guess that it uses AES as encryption method, but in case of doubt you need to find the documentation and/or the source code of the encryption library to find out.

Crypt::CBC supports PKCS#5 padding, so that's what you should try to use.

Hmm, I'm not sure, see PKCS #5: Password-Based Cryptography Standard. It's not clear to me what the Java implementation uses though. For key derivation MD2, MD5, SHA-1 or some pseudo random function is used. As an encryption scheme, DES or RC2 is used, or again a key derivation function, e.g. a HMAC-SHA variant (from appendix B, draft PKCS #5 v2.1 ). By combining some perl modules from Gisle Aas it should be possible to duplicate the StandardPBEStringEncryptor class behavior. But it starts by finding out what exactly this class implements, so far I have not been able to find it.

Then I found does-it-implement-or-include-cryptographic-algorithms?. So it seems to use whatever the Java Cryptographic Extension (JCE) provides. And at a first glance it looks like "it depends", like on the java version used?

Cheers

Harry

I went through the jasypt source code. Apparently, StandardPBEStringEncryptor inherits from StandardPBEByteEncryptor .. and that class has the defaults set.


String DEFAULT_ALGORITHM = "PBEWithMD5AndDES";
int DEFAULT_KEY_OBTENTION_ITERATIONS = 1000;
int DEFAULT_SALT_SIZE_BYTES = 8;


Here's the source for StandardPBEByteEncryptor:
http://jasypt.cvs.sourceforge.net/viewvc/jasypt/jasypt/src/main/java/org/jasypt/encryption/pbe/StandardPBEByteEncryptor.java?revision=1.23&view=markup
Now to find Perl's equivalent for this algorithm :)