File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Problem in getting decrypted data from MySql Database Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Problem in getting decrypted data from MySql Database" Watch "Problem in getting decrypted data from MySql Database" New topic
Author

Problem in getting decrypted data from MySql Database

Craig Williams
Greenhorn

Joined: Apr 26, 2004
Posts: 9
I use DES algorithm to create a key and store it in a file which can be used for future encryption and decryption of the confidential data in our project.

I use doEncrypt() method to encyrpt the data and the encrypted data gets stored in table under a column of type VARCHAR(10) in MYSql database.
When i retrieve the data from that column i get a different value compared to the value that gets stored in that column, because of that i could not able to decrypt the encrypted text to the original content.
Following is the exception i got when decrypting

javax.crypto.IllegalBlockSizeException: Input length (with padding) not multiple of 8 bytes
at com.sun.crypto.provider.SunJCE_h.a(DashoA12275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA12275)
at javax.crypto.Cipher.doFinal(DashoA12275)
at com.tcs.retail.pos.encrypt.CryptographySvcImpl.doDeCrypt(CryptographySvcImpl.java:172)
at com.tcs.retail.pos.service.UserSvcImpl.loginUser(UserSvcImpl.java:276)
at com.tcs.retail.pos.service.UserSvcImpl.main(UserSvcImpl.java:756)

Help me on this to find out a suitable solution.


Following are the methods which does the following operations
process() - Stores the generated key into a file called "key.bin" using saveToFile()

doEncrypt() - takes in actual data that needs to be encrypted and it makes use of getDataFromFile() and getKey().

getDataFromFile() - retrieves the keydata from the filee "key.bin"

getKey() - converts the keydata to acutal key that can be used for encryption and decryption process.

doDeCrypt() - does the decryption process.

// this method wud be called only once for the very first(may be in constructor), when key needs to be stored in a file
private void process()
{
try {
KeyGenerator keyGen = KeyGenerator.getInstance("DES") ;
keyGen.init(56);
Key poKeyObj = keyGen.generateKey();
byte[] keyData = poKeyObj.getEncoded();
saveToFile(keyData);
} catch (Exception e) {
e.printStackTrace();
}
}

// Method to Save the keydata in a file
private void saveToFile(byte[] byteData)
{
FileOutputStream fos = null ;
try {
fos = new FileOutputStream(new File("key.bin") );
fos.write(byteData);
fos.flush();
fos.close();
} catch (Exception e) {
e.printStackTrace();
}
}

// Method to encrypt the actual data
public String doEncrypt(String data) {
byte[] keyData = null ;
SecretKey key = null ;
String psEncryptedData = "" ;
try {

// Getting the keydata from another method
keyData = getDataFromFile("key.bin");

// Converting the keydata to SecretKey
key = getKey(keyData);
Cipher encryptCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
encryptCipher.init(Cipher.ENCRYPT_MODE,key);
byte[] actualData = data.getBytes();
byte[] ciphertext = encryptCipher.doFinal(actualData);
psEncryptedData = new String(ciphertext);
} catch (Exception e) {
e.printStackTrace();
}
return psEncryptedData;
}

// Method to get the keydata from a file
private byte[] getDataFromFile(String fileName )
{
FileInputStream fis = null ;
byte[] keyData = null ;
try
{
fis = new FileInputStream(new File(fileName) );
int iLength = fis.available();
keyData = new byte[iLength];
fis.read(keyData);
fis.close();
}
catch(Exception e)
{
e.printStackTrace();
}
return keyData ;
}

// Method to convert keydata to actual key that can be used for encryption or decryption
private SecretKey getKey(byte[] encodedData ) throws Exception
{
SecretKey key = null ;
SecretKeyFactory secKeyFactory = null ;
DESKeySpec keySpec = null ;

secKeyFactory = SecretKeyFactory.getInstance("DES");
keySpec = new DESKeySpec(encodedData);
key = secKeyFactory.generateSecret(keySpec);
return key ;
}

// Method to decrypt the encrypted text
public String doDeCrypt(String data)
{
byte[] keyData = null ;
SecretKey key = null ;
String psActualData = "" ;
byte[] encryptedData = null ;
byte[] actualDataObj = null ;
try
{
// Get the keydata from a file
keyData = getDataFromFile("key.bin");
// convert the keydata to secretkey
key = getKey(keyData);
encryptedData = data.getBytes();
Cipher decryptCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
decryptCipher.init(Cipher.DECRYPT_MODE,key );
actualDataObj = decryptCipher.doFinal(encryptedData);
psActualData = new String(actualDataObj);

} catch (Exception e) {
e.printStackTrace();
}
return psActualData ;
}
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41524
    
  53
I'd say that this:

is the most likely the problem. Encoded text should not be converted to a string; keep it as byte[]. See this for details. That may also mean (I'm not sure) that VARCHAR is not an appropriate datatype in the DB.


Ping & DNS - my free Android networking tools app
Craig Williams
Greenhorn

Joined: Apr 26, 2004
Posts: 9
Thanks very much.
Also saw the link which you specified in your reply.
The problem is with the conversion of encrypted text to String.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Problem in getting decrypted data from MySql Database