aspose file tools*
The moose likes Security and the fly likes RC4 cypher in Java, decypher in JavaScript. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "RC4 cypher in Java, decypher in JavaScript." Watch "RC4 cypher in Java, decypher in JavaScript." New topic
Author

RC4 cypher in Java, decypher in JavaScript.

Thiago Primerano
Greenhorn

Joined: Jan 26, 2003
Posts: 3
Hello,

I need to encrypt with Symmetric Cryptography (RC4) a text in a Java program, after, decrypt this in a JavaScript function. Have Anybody a solution ?

Thanks.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42919
    
  68
En/decryption in Java is generally done using the JCE API. You can find some links and example code about it in the http://faq.javaranch.com/java/SecurityFaq. The two sides wouldn't by any chance be communicating over HTTP, would they? Because in that case one might just use SSL and be done with it.
Thiago Primerano
Greenhorn

Joined: Jan 26, 2003
Posts: 3
Hello Ulf, thanks for reply.
In my case, i need to generate a encrypted text and send via Email (an attached html document).
When de final user receive this file, i won't kwon if user is connected. The solution (i think) is a decrypt via javascript, this function will be send in the attached html.

Have anybody a same problem ?

Tks again.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42919
    
  68
This sounds like a really convoluted way to go about sending encrypted text via emails. There are standards for sending encrypted emails; check out PGP and GPG.
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
Originally posted by Ulf Dittmer:
There are standards for sending encrypted emails; check out PGP and GPG.


Has anyone written these in Java ? and what about the Criptix package I found while working a similar question for my own project ? Code you ( anyone - poster, me or otherwise ) can understand is safer than code one does not understand.




"The differential equations that describe dynamic interactions of power generators are similar to that of the gravitational interplay among celestial bodies, which is chaotic in nature."
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42919
    
  68
Originally posted by Nicholas Jordan:
Code you ( anyone - poster, me or otherwise ) can understand is safer than code one does not understand.

The safety of code has nothing to do with the fact whether one is able to understand it. Especially with cryptography code I would advise NOT to write it oneself; it's very easy to get wrong and lose all safety. That's what the BouncyCastle and Cryptix libraries are for (if one wishes to avoid the Sun JCE providers).
Nicholas Jordan
Ranch Hand

Joined: Sep 17, 2006
Posts: 1282
Originally posted by Ulf Dittmer:

The safety of code has nothing to do with the fact whether one is able to understand it. Especially with cryptography code I would advise NOT to write it oneself; it's very easy to get wrong and lose all safety. That's what the BouncyCastle and Cryptix libraries are for (if one wishes to avoid the Sun JCE providers).


I understand your point, and the poster should note it carefully: Encryption Software to Avoid, I just obtained two contemporary texts on crypto and both of them, along with Bruce Schneier say the same thing.

Do you know of any beginner texts / tutorials on how to use any of the three libraries ? I have extensive experience trying to do things with people who are not trained and I understand your point exquisitely, there are risks involved that cannot be understated. Still, with that in mind I needed a public key / private key pair for my design and did not need a turtle shell beyond defeating attacks on a simple inventory system that I am already doing myself - in my head without pencil and paper methods - and am stuck using non-crypto strength locks and keys because all the code I have found so far wraps everything is AES and Certificates ... neither of which is of any use in my current design needs.

I recently wrote several thousand lines of classes during recent holidays and yet nothing on simple public key private key pair beyond obtaining a nifty signature for my emails using putty. RC4 is not unbreakable.
[ December 23, 2007: Message edited by: Nicholas Jordan ]
Rus Prince
Greenhorn

Joined: Jan 30, 2004
Posts: 2
Here you go:

http://java.ittoolbox.com/code/archive/413/
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: RC4 cypher in Java, decypher in JavaScript.