• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Need Help in Encryption

 
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
In My J2EE Web Application i stored my Database UserId and Password in the properties file.Since the properties file can be editable and the UserId and Password is stored as plain text everybody in our team and others are able to read those Userid and Password from the properties file.
What i want is how to encrypt the UserId and Password and i need to store that encrypted Userid and Password in the properties file.while retrieving the data from the properties file i need to decrypt the values.
I know that i have to use some crytography techniques.Can any one of you tell me how to do this?
Thanks,
Kumaar.S
 
Author
Posts: 6055
8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's exactly what you need to do. So use JCE and get your favorite crypto algorithm. IIRC with property files you simply cam read and write the Strings directly under the property name. So now, instead of writing the password String, write the String which is the output of the encryption function on the password. You'll then have an encrypted password in the file.
--Mark
 
Kumaran Sowrirajan
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Mark
Nice to hear the Immediate Reply.Thanks...
But
I am doing the simple program to encrypt and decrypt the string.but while i compiling i am getting these errors.
Program :-
import javax.crypto.cipher;
import javax.crypto.KeyGenerator;
import java.security.Key;
import java.security.Security;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyEception;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.BadPaddingException;
public class encryptTest
{
public static void main(String args[])
{
String password = "HelloWorld";
try
{
KeyGenerator kg = KeyGenerator.getInstance("DES");
Key key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES");
byte[] plain_password = password.getBytes();
String str_plain_password = new String(plain_password);
System.out.println("Plain Password = " + str_plain_password);
cipher.init(Cipher.ENCRYPT_MODE,key);
byte[] encrypted_password = cipher.doFinal(plain_password);
String str_encrypted_password = new String(encrypted_password);
System.out.println("Encrypted Password = " + str_encrypted_password);
cipher.init(Cipher.DECRYPT_CODE,key);
byte[] decrypted_password = cipher.doFinal(encrypted_password);
String str_decrypted_password = new String(decrypted_password);
System.out.println("Decrypted Password = " + str_decrypted_password);
}
catch(NoSuchAlgorithmException nsae)
{
System.out.println("No Such Algorithm Exception " + nsae.getMessage());
}
catch(NoSuchPaddingException nspe)
{
System.out.println("No Such Padding Exception " + nspe.getMessage());
}
catch(InvalidKeyException ike)
{
System.out.println("Invalid Key Exception " + ike.getMessage());
}
catch(IllegalStateException ise)
{
System.out.println("Illegal State Exception " + ise.getMessage());
}
catch(IllegalBlockSizeException ibse)
{
System.out.println("Illegal Block Size Exception " + ibse.getMessage());
}
catch(BadPaddingException bpe)
{
System.out.println("Bad Padding Exception " + bpe.getMessage());
}
}
}

Error :- import javax.crypto.cipher; ^ encryptTest.java:2: Class javax.crypto.KeyGenerator not found in import.
import javax.crypto.KeyGenerator; ^ encryptTest.java:6: Class java.security.InvalidKeyEception not found in import.
import java.security.InvalidKeyEception; ^ encryptTest.java:7: Class javax.crypto.NoSuchPaddingException not found in import.
import javax.crypto.NoSuchPaddingException; ^ encryptTest.java:8: Class javax.crypto.IllegalBlockSizeException not found in import.
import javax.crypto.IllegalBlockSizeException; ^ encryptTest.java:9: Class javax.crypto.BadPaddingException not found in import.
import javax.crypto.BadPaddingException;
I think this is mainly because of ClassPath problem.Can you please tell me what i need to do to rectify this error?
Thanks
Kumaar.S
[ January 27, 2003: Message edited by: Kumaran Sowrirajan ]
 
Mark Herschberg
Author
Posts: 6055
8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes it looks like a classpath problem. My guess is that you didn't specify a provider. The JCE is simply an interface, you need to get the actual implamentation code from a JCE provider.
(I wouldn't have thought that it would cause that type of error, but this is a very common mistake for people new to the JCE to make, and it seems reasonably plausable for your problem.)
--Mark
 
Kumaran Sowrirajan
Ranch Hand
Posts: 36
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Mark
I know that JDK1.4 is come with default provider which is provided by Sun.am i correct?
In %JAVA_HOME%/jre/lib/security/java.security automatically this providers are included.
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
Can you please tell me how to specify the provider in this program?
To rectify the class path error what are all the jar file i need to include and where to include and what are all the other things i need to do apart from adding provider.
I would like to know how can i find out whether my J2EE App Server having this providers?
Thanks,
Kumaar.S
 
Ranch Hand
Posts: 46
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am not sure of JDK1.4 but with 1.3 you need to supply the JCE1.2 jar in the classpath in order to solve the problem. However it seems that with 1.4 the javax.crypto package is already available.
Regarding your application server's providers please check the JDKDIR/jre/lib/security/java.security file where JDKDIR is the directory of the JDK of you app server.
 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
//TRY THIS CODE
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.BadPaddingException;


/**********************************************************************
* @FileName: EncryptXML.java
* @author: chetan
* @version:
* @Creation Date: Dec 8, 2005
* @Last Modified By:
*******************************************************************/

public class EncryptXML
{
public static void main(String args[])
{
String password = "HelloWorld";
try
{
KeyGenerator kg = KeyGenerator.getInstance("DES");
Key key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES");
byte[] plain_password = password.getBytes();
String str_plain_password = new String(plain_password);
System.out.println("Plain Password = " + str_plain_password);
cipher.init(Cipher.ENCRYPT_MODE,key);
byte[] encrypted_password = cipher.doFinal(plain_password);
String str_encrypted_password = new String(encrypted_password);
System.out.println("Encrypted Password = " + str_encrypted_password);
cipher.init(Cipher.DECRYPT_MODE,key);
byte[] decrypted_password = cipher.doFinal(encrypted_password);
String str_decrypted_password = new String(decrypted_password);
System.out.println("Decrypted Password = " + str_decrypted_password);
}
catch(NoSuchAlgorithmException nsae)
{
System.out.println("No Such Algorithm Exception " + nsae.getMessage());
}
catch(NoSuchPaddingException nspe)
{
System.out.println("No Such Padding Exception " + nspe.getMessage());
}
catch(InvalidKeyException ike)
{
System.out.println("Invalid Key Exception " + ike.getMessage());
}
catch(IllegalStateException ise)
{
System.out.println("Illegal State Exception " + ise.getMessage());
}
catch(IllegalBlockSizeException ibse)
{
System.out.println("Illegal Block Size Exception " + ibse.getMessage());
}
catch(BadPaddingException bpe)
{
System.out.println("Bad Padding Exception " + bpe.getMessage());
}
}

}
 
chetan anurag
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
USE JDK 1.5
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Check out the Core Security Patterns book from Sun press. It has a bunch of stuff on encrypting and storing passwords. It also provides a ton of source code and examples along with patterns and best practices for how and when to encrypt, etc. I got it off Amazon.

-Jeff

Originally posted by Kumaran Sowrirajan:
Hi

In My J2EE Web Application i stored my Database UserId and Password in the properties file.Since the properties file can be editable and the UserId and Password is stored as plain text everybody in our team and others are able to read those Userid and Password from the properties file.

What i want is how to encrypt the UserId and Password and i need to store that encrypted Userid and Password in the properties file.while retrieving the data from the properties file i need to decrypt the values.

I know that i have to use some crytography techniques.Can any one of you tell me how to do this?

Thanks,
Kumaar.S


[ December 14, 2005: Message edited by: Jeff Richards ]
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic