• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

RC4 Encryption Issue

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hey All,

Java newbie here with a question on my RC4 encryption script i am trying to create in jsp. I took a Action Script 3 class that does RC4 encryption and was trying to port it over for jsp. Finally getting an output but it is not the correct output. Hoping someone can take a look at my code to see if they can help me figure out where my issue may be.



Right now my output is 5D226586D839826D9F081B . Let me know if adding the RC4 action script class on here would help also.
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oi! What is this code doing in a JSP?

/facepalm

In any case -- nothing to do with JSP per se, so this has been moved to the Security forum.
 
Jeremy Severson
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for moving this to the appropriate forum.

I know the code is not implemented correctly but as I stated I am a full blown newbie at JSP/Java. I am just figuring out how to create a servlet which I will be moving this to once I have it working out.
 
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Better idea yet: work on the RC4 part completely separately from the web side of things. Get that working, then integrate.
 
Ranch Hand
Posts: 781
Netbeans IDE Ubuntu Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is no need for any of that code since RC4 is available in the JCE under the name ARCFOUR.
 
Bear Bibeault
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

James Sabre wrote:There is no need for any of that code since RC4 is available in the JCE under the name ARCFOUR.


I think a lot of people aren't already familiar with the JCE -- perhaps you could post a small example?
 
David Newton
Author
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Agreed--I see a lot of people attempting to encrypt things. Most people can't, and it's wasted effort since there are several well-known ways to get *good* encryption in Java.

(Not that the above code does or doesn't work--I haven't looked at it--just echoing Bear's point.)
 
James Sabre
Ranch Hand
Posts: 781
Netbeans IDE Ubuntu Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Bear Bibeault wrote:

James Sabre wrote:There is no need for any of that code since RC4 is available in the JCE under the name ARCFOUR.


I think a lot of people aren't already familiar with the JCE -- perhaps you could post a small example?



The OP needs to spend some time learning about security, modern cryptography and the JCE and by posting a small example would not help with that at all. There is nothing in the original post to indicate that the OP is mandated to use RC4 (though I could be wrong) and since he is trying to transcribe some "Action Script" I suspect that he just happened to find the RC4 "Action Script" in a Web search and decided to use that.

The only reasons I can think of that one would use RC4 in preference to AES is if one were trying to match some existing ciphertext or if one was mandated to use it as part of a college/university project. If the OP is trying to match some existing ciphertext then the major difficulty will be in making sure he has the correct block mode, IV, key and padding and a simple example would not address this. If this is a college/university project then my posting code could defeat the object of the assignment/project.

By saying that the RC4 is available in the JCE I hoped this would either prompt the OP to use Google or, more likely, for him to post a follow up question.




 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Wow, my head hurts from looking at crypto code inside a JSP. Please, get it out of there.

Now, on to the basic problem. You are using Java String. That won't work. RC4 and most other modern cihpers operate on octets. An octet is a 8 bit unit, essentially the same as a C-language unsigned byte. Sadly for us Java folk, Java does not have an Unsigned Byte object. So if you naively use Byte instead, you get some code that works and some that does not. If the leading bit is on, Java will interpret that as making the value negative. Unsigned bytes have values from 0 to 255, not -127 to 128.

If you are careful, you can make it wok.

Or you can use the Google Guava library, that has an unsigned byte object.

Also, why are you using RC4? The real RC4 is proprietary, and the ARCFOUR has questionable origins. Do you really need a stream cipher? You seem to be using it in places that a block cipher would be better.
 
Jeremy Severson
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry to take so long to get back here to post on the reply's but I was away from my computer till now. I actually ended up figuring out my issue. I went through the code section by section comparing my action script class with the output of the jsp and everything was the same till I got to the part were I am doing the RC4. Turns out I had to set i & j to 0 before I started doing the RC4 encryption. Once I did that the output was just fine then.

The reason for this encryption is so I can create a url link with encrypted url variables that goes to flash app that we created. The client originally was handling the link on their site and all I had to worry about was decrypting in the flash app. But we recently got the work from them to redo and host a section of their site which was cool except for the whole having to do it in java thing since we knew nothing of java.

Here is the working code.



Again thanks to everyone for the helpful input. Now I just need to figure out how to get this into a servlet. Wish me luck.
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic