aspose file tools*
The moose likes Security and the fly likes Java Security related question- Please Help Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Java Security related question- Please Help" Watch "Java Security related question- Please Help" New topic
Author

Java Security related question- Please Help

Seshan Parameswaran
Greenhorn

Joined: Nov 13, 2000
Posts: 10
Hi,
I am trying to implement security via java encryption for my application. I already went through all the posts listed in the intermediate and advanced sections related to security before trying it out. I followed the installation instructions carefully for JCE and did the required modifications to the java.security and java.policy files. But when I compile my code still I am getting
java.security.NoSuchAlgorithmException: Algorithm DES not available
at javax.crypto.SunJCE_b.a(DashoA6275)
at javax.crypto.KeyGenerator.getInstance(DashoA6275)
at samples.DesEncrypterTest.main(DesEncrypterTest.java:28)
The code is the following
package samples;
/**
* Title:
* Description:
* Copyright: Copyright (c) 2002
* Company:
* @author
* @version 1.0
*/
import javax.crypto.*;
import javax.crypto.spec.*;
import sun.misc.BASE64Encoder;
import sun.misc.BASE64Decoder;
public class DesEncrypterTest {
public DesEncrypterTest() {
}
public static void main(String[] args) {
try
{
// Generate a temporary key. In practice, you would save this key.
// See also e464 Encrypting with DES Using a Pass Phrase.
SecretKey key = KeyGenerator.getInstance("DES").generateKey();
// Create encrypter/decrypter class
DesEncrypter encrypter = new DesEncrypter(key);
byte[] keyBytes = key.getEncoded();
System.out.println("Generated key using Bytes :" + keyBytes.toString());
System.out.println("Generated key using the the getFormat Method :" + key.getFormat());
System.out.println("Generated key using the the toString Method :" + key.toString());
// Encrypt
String userName = encrypter.encrypt("dpyusinta01");
String password = encrypter.encrypt("dctmbase");
System.out.println("Encrypted User Name is :" + userName);
System.out.println("Encrypted Password is :" + password);
// Decrypt
String user = encrypter.decrypt(userName);
String passwd = encrypter.decrypt(password);
System.out.println("Decrypted User Name is :" + userName);
System.out.println("Decrypted password is :" + passwd);
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
Any help would be deeply appreciated
Thanks
Seshan
Peter den Haan
author
Ranch Hand

Joined: Apr 20, 2000
Posts: 3252
Your code is fine. I suspect you have not followed the installation instructions as closely as you wanted to, in particular the security.provider.N sections in the java.security file.
Is it an option to go to J2SE 1.4? JCE and JSSE have become part of the platform as of 1.4, so that removes all installation hassles.
- Peter
Cindy Glass
"The Hood"
Sheriff

Joined: Sep 29, 2000
Posts: 8521
Anand,
Please change your name to be compliant with JavaRanch's naming policy.
Your displayed name should be 2 separate names with more than 1 letter each. We really would prefer that you use your REAL name.
You can change your name: here.
Thanks,
Cindy


"JavaRanch, where the deer and the Certified play" - David O'Meara
Seshan Parameswaran
Greenhorn

Joined: Nov 13, 2000
Posts: 10
Hi Peter,
Thanks a lot for your reply. I followed the instructions closely and made the required entries in the java.security and java.policy files as per required insturctions. I am sending the Security and Policy Entries. I would appreciate if you could please let me know whether they are ok.
Security File
--------------
#
# This is the "master security properties file".
#
# In this file, various security properties are set for use by
# java.security classes. This is where users can statically register
# Cryptography Package Providers ("providers" for short). The term
# "provider" refers to a package or set of packages that supply a
# concrete implementation of a subset of the cryptography aspects of
# the Java Security API. A provider may, for example, implement one or
# more digital signature algorithms or message digest algorithms.
#
# Each provider must implement a subclass of the Provider class.
# To register a provider in this master security properties file,
# specify the Provider subclass name and priority in the format
#
# security.provider.<n>=<className>
#
# This declares a provider, and specifies its preference
# order n. The preference order is the order in which providers are
# searched for requested algorithms (when no specific provider is
# requested). The order is 1-based; 1 is the most preferred, followed
# by 2, and so on.
#
# <className> must specify the subclass of the Provider class whose
# constructor sets the values of various properties that are required
# for the Java Security API to look up the algorithms or other
# facilities implemented by the provider.
#
# There must be at least one provider specification in java.security.
# There is a default provider that comes standard with the JDK. It
# is called the "SUN" provider, and its Provider subclass
# named Sun appears in the sun.security.provider package. Thus, the
# "SUN" provider is registered via the following:
#
# security.provider.1=sun.security.provider.Sun
#
# (The number 1 is used for the default provider.)
#
# Note: Statically registered Provider subclasses are instantiated
# when the system is initialized. Providers can be dynamically
# registered instead by calls to either the addProvider or
# insertProviderAt method in the Security class.
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.crypto.provider.SunJCE
security.provider.3=com.sun.rsajca.Provider
#
# Class to instantiate as the system Policy. This is the name of the class
# that will be used as the Policy object.
#
policy.provider=sun.security.provider.PolicyFile
# The default is to have a single system-wide policy file,
# and a policy file in the user's home directory.
policy.url.1=file:${java.home}/lib/security/java.policy
policy.url.2=file:${user.home}/.java.policy
# whether or not we expand properties in the policy file
# if this is set to false, properties (${...}) will not be expanded in policy
# files.
policy.expandProperties=true
# whether or not we allow an extra policy to be passed on the command line
# with -Djava.security.policy=somefile. Comment out this line to disable
# this feature.
policy.allowSystemProperty=true
# whether or not we look into the IdentityScope for trusted Identities
# when encountering a 1.1 signed JAR file. If the identity is found
# and is trusted, we grant it AllPermission.
policy.ignoreIdentityScope=false
#
# Default keystore type.
#
keystore.type=jks
#
# Class to instantiate as the system scope:
#
system.scope=sun.security.provider.IdentityDatabase
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageAccess unless the
# corresponding RuntimePermission ("accessClassInPackage."+package) has
# been granted.
package.access=sun.
#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when
# passed to checkPackageDefinition unless the
# corresponding RuntimePermission ("defineClassInPackage."+package) has
# been granted.
#
# by default, no packages are restricted for definition, and none of
# the class loaders supplied with the JDK call checkPackageDefinition.
#
#package.definition=
---------------------
Policy File
------------------------
/* AUTOMATICALLY GENERATED ON Tue Jan 07 23:10:26 EST 2003*/
/* DO NOT EDIT */
grant codeBase "file:%JAVA_HOME%/jre/lib/ext/*" {
permission java.security.AllPermission;
};
grant {
permission java.lang.RuntimePermission "stopThread";
permission java.net.SocketPermission "localhost:1024-", "listen";
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
};
grant codeBase "file:%JAVA_HOME%/jre/lib/ext/sunjce_provider.jar" {
permission java.io.FilePermission "%JAVA_HOME%/jre/lib/ext/jce1_2_2.jar", "read";
};
---------------------------------------------
As a note, if you notice I have change $java_home to %JAVA_HOME% in the policy file, since I am trying it out in Windows. It did not work with both of them anyway.
Thanks a lot once again for your help
Cindy Glass
"The Hood"
Sheriff

Joined: Sep 29, 2000
Posts: 8521
Moving to the Security forum.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java Security related question- Please Help
 
Similar Threads
Encryption: Runtime Exception when run as JavaBean
Problem Urgent: Crypto using jsp - javabean
InvalidKeyException
Encrypting data using my own key
How to create SecretKey for AES 128 Encryption based on user's password??