• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Basic use of JCE (Java Cryptography Extension)

 
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm perusing the JCE JavaDocs and intro docs and I'm a little lost. (I'm using JDK 1.5.0_17 by the way)

All I want to do is take a couple of strings and encrypt them with a simple password or key (symmetric) and store them as ASCII/UTF-8 in a text file. And then unencrypt in the code.

Context: I work in the retail space and there's a bunch of retail stores that will have store servers with configuration files for Java programs. Some of these config files will have lines that say,

ldap_password=password

I would rather it say something like,

ldap_password=3s9vj93DShjDSSG939f0

Where the 'key' or 'password' to unlock the encryption is just hard-coded in the JAR file that contains the application. Granted, someone can decompile the JAR, but this level of security is acceptable for our purposes.

Is there a simple way to just say, convertStringToGobblygook(s, key) and then the reverse?

It looks like I can use Cipher, CipherInputStream and CipherOutputStream wrapped over a StringReader/Writer or whatever. But even then, I'm getting confused as to the exact parameters to feed to the Cipher class.

Note that I don't need a fancy 1024-bit RSA blah-blah-blah encryption. Just something moderately better than, say, using ObjectOutputStream.

Help?


 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Examples of using DES and AES are linked in the http://faq.javaranch.com/java/SecurityFaq#encryption page.
 
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It can be a bit confusing.

The steps need are rather stright forward, you need to create a key, this will be used to initialise the cypher algorthmn.
I tend to use AES as my algorithmn (it is symmetric), I usual use 32 BYTE Hex Strings, this could be hard code within the code I guess.

Use something like apache codec to convert the key (hex String) to a byte array.

Then create a SecretKeySpec using the byte array and the Algorthimn name.

This can then be used to create a Cipher object (with the mode of operation encryption/decryption).

Once you have your Cipher object you can use cipher.doFinal(string.getBytes()); where string is what you wish to encrypt.

This will return you a ByteArray which is encrypted.

Dont dump this out to a string, you are much better off converting it to a HexString, again using apache codec.

Hope that helps.
 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A common bug in the use of JCE is that Jave loves Unicode strings, and nearly all cryptography uses byte arrays. (Technically octet arrays, which are unsigned).

Make sure that all your code is using byte[], never use String.
 
reply
    Bookmark Topic Watch Topic
  • New Topic