wood burning stoves 2.0*
The moose likes Security and the fly likes Need Help in Encryption Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Need Help in Encryption" Watch "Need Help in Encryption" New topic
Author

Need Help in Encryption

Kumaran Sowrirajan
Ranch Hand

Joined: Oct 15, 2001
Posts: 36
Hi
In My J2EE Web Application i stored my Database UserId and Password in the properties file.Since the properties file can be editable and the UserId and Password is stored as plain text everybody in our team and others are able to read those Userid and Password from the properties file.
What i want is how to encrypt the UserId and Password and i need to store that encrypted Userid and Password in the properties file.while retrieving the data from the properties file i need to decrypt the values.
I know that i have to use some crytography techniques.Can any one of you tell me how to do this?
Thanks,
Kumaar.S
Mark Herschberg
Sheriff

Joined: Dec 04, 2000
Posts: 6037
That's exactly what you need to do. So use JCE and get your favorite crypto algorithm. IIRC with property files you simply cam read and write the Strings directly under the property name. So now, instead of writing the password String, write the String which is the output of the encryption function on the password. You'll then have an encrypted password in the file.
--Mark
Kumaran Sowrirajan
Ranch Hand

Joined: Oct 15, 2001
Posts: 36
Hi Mark
Nice to hear the Immediate Reply.Thanks...
But
I am doing the simple program to encrypt and decrypt the string.but while i compiling i am getting these errors.
Program :-
import javax.crypto.cipher;
import javax.crypto.KeyGenerator;
import java.security.Key;
import java.security.Security;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyEception;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.BadPaddingException;
public class encryptTest
{
public static void main(String args[])
{
String password = "HelloWorld";
try
{
KeyGenerator kg = KeyGenerator.getInstance("DES");
Key key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES");
byte[] plain_password = password.getBytes();
String str_plain_password = new String(plain_password);
System.out.println("Plain Password = " + str_plain_password);
cipher.init(Cipher.ENCRYPT_MODE,key);
byte[] encrypted_password = cipher.doFinal(plain_password);
String str_encrypted_password = new String(encrypted_password);
System.out.println("Encrypted Password = " + str_encrypted_password);
cipher.init(Cipher.DECRYPT_CODE,key);
byte[] decrypted_password = cipher.doFinal(encrypted_password);
String str_decrypted_password = new String(decrypted_password);
System.out.println("Decrypted Password = " + str_decrypted_password);
}
catch(NoSuchAlgorithmException nsae)
{
System.out.println("No Such Algorithm Exception " + nsae.getMessage());
}
catch(NoSuchPaddingException nspe)
{
System.out.println("No Such Padding Exception " + nspe.getMessage());
}
catch(InvalidKeyException ike)
{
System.out.println("Invalid Key Exception " + ike.getMessage());
}
catch(IllegalStateException ise)
{
System.out.println("Illegal State Exception " + ise.getMessage());
}
catch(IllegalBlockSizeException ibse)
{
System.out.println("Illegal Block Size Exception " + ibse.getMessage());
}
catch(BadPaddingException bpe)
{
System.out.println("Bad Padding Exception " + bpe.getMessage());
}
}
}

Error :- import javax.crypto.cipher; ^ encryptTest.java:2: Class javax.crypto.KeyGenerator not found in import.
import javax.crypto.KeyGenerator; ^ encryptTest.java:6: Class java.security.InvalidKeyEception not found in import.
import java.security.InvalidKeyEception; ^ encryptTest.java:7: Class javax.crypto.NoSuchPaddingException not found in import.
import javax.crypto.NoSuchPaddingException; ^ encryptTest.java:8: Class javax.crypto.IllegalBlockSizeException not found in import.
import javax.crypto.IllegalBlockSizeException; ^ encryptTest.java:9: Class javax.crypto.BadPaddingException not found in import.
import javax.crypto.BadPaddingException;
I think this is mainly because of ClassPath problem.Can you please tell me what i need to do to rectify this error?
Thanks
Kumaar.S
[ January 27, 2003: Message edited by: Kumaran Sowrirajan ]
Mark Herschberg
Sheriff

Joined: Dec 04, 2000
Posts: 6037
Yes it looks like a classpath problem. My guess is that you didn't specify a provider. The JCE is simply an interface, you need to get the actual implamentation code from a JCE provider.
(I wouldn't have thought that it would cause that type of error, but this is a very common mistake for people new to the JCE to make, and it seems reasonably plausable for your problem.)
--Mark
Kumaran Sowrirajan
Ranch Hand

Joined: Oct 15, 2001
Posts: 36
Hi Mark
I know that JDK1.4 is come with default provider which is provided by Sun.am i correct?
In %JAVA_HOME%/jre/lib/security/java.security automatically this providers are included.
security.provider.1=sun.security.provider.Sun
security.provider.2=com.sun.net.ssl.internal.ssl.Provider
security.provider.3=com.sun.rsajca.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
Can you please tell me how to specify the provider in this program?
To rectify the class path error what are all the jar file i need to include and where to include and what are all the other things i need to do apart from adding provider.
I would like to know how can i find out whether my J2EE App Server having this providers?
Thanks,
Kumaar.S
Pradeep Sahoo
Ranch Hand

Joined: Oct 13, 2002
Posts: 46
I am not sure of JDK1.4 but with 1.3 you need to supply the JCE1.2 jar in the classpath in order to solve the problem. However it seems that with 1.4 the javax.crypto package is already available.
Regarding your application server's providers please check the JDKDIR/jre/lib/security/java.security file where JDKDIR is the directory of the JDK of you app server.
chetan anurag
Greenhorn

Joined: Dec 08, 2005
Posts: 6
//TRY THIS CODE
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.BadPaddingException;


/**********************************************************************
* @FileName: EncryptXML.java
* @author: chetan
* @version:
* @Creation Date: Dec 8, 2005
* @Last Modified By:
*******************************************************************/

public class EncryptXML
{
public static void main(String args[])
{
String password = "HelloWorld";
try
{
KeyGenerator kg = KeyGenerator.getInstance("DES");
Key key = kg.generateKey();
Cipher cipher = Cipher.getInstance("DES");
byte[] plain_password = password.getBytes();
String str_plain_password = new String(plain_password);
System.out.println("Plain Password = " + str_plain_password);
cipher.init(Cipher.ENCRYPT_MODE,key);
byte[] encrypted_password = cipher.doFinal(plain_password);
String str_encrypted_password = new String(encrypted_password);
System.out.println("Encrypted Password = " + str_encrypted_password);
cipher.init(Cipher.DECRYPT_MODE,key);
byte[] decrypted_password = cipher.doFinal(encrypted_password);
String str_decrypted_password = new String(decrypted_password);
System.out.println("Decrypted Password = " + str_decrypted_password);
}
catch(NoSuchAlgorithmException nsae)
{
System.out.println("No Such Algorithm Exception " + nsae.getMessage());
}
catch(NoSuchPaddingException nspe)
{
System.out.println("No Such Padding Exception " + nspe.getMessage());
}
catch(InvalidKeyException ike)
{
System.out.println("Invalid Key Exception " + ike.getMessage());
}
catch(IllegalStateException ise)
{
System.out.println("Illegal State Exception " + ise.getMessage());
}
catch(IllegalBlockSizeException ibse)
{
System.out.println("Illegal Block Size Exception " + ibse.getMessage());
}
catch(BadPaddingException bpe)
{
System.out.println("Bad Padding Exception " + bpe.getMessage());
}
}

}


chetan
chetan anurag
Greenhorn

Joined: Dec 08, 2005
Posts: 6
USE JDK 1.5
Jeff Richards
Greenhorn

Joined: Dec 14, 2005
Posts: 2
Check out the Core Security Patterns book from Sun press. It has a bunch of stuff on encrypting and storing passwords. It also provides a ton of source code and examples along with patterns and best practices for how and when to encrypt, etc. I got it off Amazon.

-Jeff

Originally posted by Kumaran Sowrirajan:
Hi

In My J2EE Web Application i stored my Database UserId and Password in the properties file.Since the properties file can be editable and the UserId and Password is stored as plain text everybody in our team and others are able to read those Userid and Password from the properties file.

What i want is how to encrypt the UserId and Password and i need to store that encrypted Userid and Password in the properties file.while retrieving the data from the properties file i need to decrypt the values.

I know that i have to use some crytography techniques.Can any one of you tell me how to do this?

Thanks,
Kumaar.S

[ December 14, 2005: Message edited by: Jeff Richards ]
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Need Help in Encryption
 
Similar Threads
Using a one way hash for Password encryption
Authentification approach, please help.
How should i encrypt my password?
Oracle Transaction and Stored Procs
downloading files