This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes Security and the fly likes Encrypting Strings Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Encrypting Strings" Watch "Encrypting Strings" New topic

Encrypting Strings

Kamal Patel

Joined: Nov 05, 2003
Posts: 18
I am using the class below called TripleDesEncryption to encrypt a string. I have got this code of someone else and not sure how i works. I need to somehow generate a key (private I think) to encrypt my string. How do I do this - can the key be a file with any content, or do I have to use the Keygenerator class to produce this key, in the form of a byte array?
Below is my code - also, where do I put this key once I have created it?
Sorry for this basic security question, but it is the first time I am using this kind of stuff.
Thanks for your help in advance.
package com.db.websso.util;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.BadPaddingException;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.IvParameterSpec;
import sirrus.util.crypt.SecurityProviderLoader;
public class TripleDESEncryption {
private static final String TRIPLE_DES = "DESede";
private static final int TRIPLE_DES_SIZE = 24;
private static final int KEY_START = 0;
private static final int IV_SIZE = 8;
static {
public static String encrypt(byte[] key, String string) {
if(key == null || string == null) return null;
Cipher cipher = getCipher(Cipher.ENCRYPT_MODE, key);
byte[] ciphertext = new byte[0];
try {
ciphertext = cipher.doFinal(string.getBytes());
} catch (Exception e) {
return null;
return Base64.encode(ciphertext);
public static String decrypt(byte[] key, String string) {
if(string == null || key == null) return null;
byte[] input = Base64.decode(string);
if(input == null) return null;
Cipher cipher = getCipher(Cipher.DECRYPT_MODE, key);
byte[] plaintext = null;
try {
plaintext = cipher.doFinal(input);
} catch (Exception e) {
return null;
return new String(plaintext);

private static Cipher getCipher( int mode, byte[] key )
// Retrieve the key parts from the key record
byte [] keybytes = getKeyBytes( key );
byte [] ivbytes = getIvBytes( key );
Cipher cipher = Cipher.getInstance( TRIPLE_DES +
SecretKeySpec keySpec = new SecretKeySpec( keybytes, TRIPLE_DES );
IvParameterSpec ivSpec = new IvParameterSpec( ivbytes );
cipher.init( mode, keySpec, ivSpec );
return cipher;
catch( InvalidKeyException ike )
throw new RuntimeException( "Key was invalid: " + ike.toString() );
catch( GeneralSecurityException catchall )
throw new RuntimeException( catchall.toString() );
private static byte[] getKeyBytes( byte[] key )
byte[] keybytes;
keybytes = new byte[ TRIPLE_DES_SIZE ];
System.arraycopy( key, KEY_START, keybytes, 0, TRIPLE_DES_SIZE );
return keybytes;
private static byte[] getIvBytes( byte[] key )
byte[] ivbytes = new byte[ IV_SIZE ];
System.arraycopy( key, KEY_START + TRIPLE_DES_SIZE, ivbytes, 0,
return ivbytes;
I agree. Here's the link:
subject: Encrypting Strings
jQuery in Action, 3rd edition