Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

help needed to implement encryption and decryption

 
Bala Raju Mandala
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I need to develope a application. The requirement is i need to develope a program, which will be used by N number of users. Who will encrypt there files using a public key and move them to a common location in a server.

A Server side program will decrypt them using private key.

Can you please help me designing this. I am confused by readign JCE.

What are providers, do i need to install them everywhere where the program encrypting files. I mean do i need to modify security policy or i have any dynamic loading perocess.

Do we have any algorithems in java, which will have public key and private key facility. Without modifying any files at user side.
 
Set Cruz
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
"What are providers?"
Read this from the Security FAQs
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't need to install anything, nor modify security policies, nor load anything dynamically. As long as a JRE (1.4 or newer) is available, nothing else needs to be added.

Here's a complete example of how to use JCE, demonstrating encryption and decryption. Note that it uses the DES algorithm, which is kind of obsolete. Either TripleDES or AES would be better choices.
 
Bala Raju Mandala
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Set Cruz and Ulf Dittmer, thank you for your reply.

Dittmer can i implement RSA here. I mean as i am giving the key to user, he can decrypt others information also. So i need a public and private key mechanisem.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, JCE supports RSA; see here.

My first name is Ulf, by the way. If you prefer addressing me by my last name, the polite thing to do is to prefix it with "Mr". First name is fine, though.
 
Bala Raju Mandala
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am sorry. I will call you as Ulf.


Thank you again for your help.
[ August 07, 2008: Message edited by: Bala Raju Mandala ]
 
Bala Raju Mandala
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ulf,

We required Providers to implement RSA. But i don't want to change java.security file in user meshine. Is we have any alternative so that we can skip modifing files in user meshine?

I just want to give a pack of files, it will have a .class file and if possible some jars also. i am planning to use batch file to set class path and run java file.

Please suggest some ideas.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There's no need to add providers via the policy files. You can do that programmatically using
 
Bala Raju Mandala
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ulf,

My requirement is to send >50 MB files. Is RSA is a good algorithem to implement for encrypting and decrypting that considerable large files?
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, RSA is kind of slow. Check out TripleDES or AES instead.
 
Henry Wong
author
Marshal
Pie
Posts: 21123
78
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:
No, RSA is kind of slow. Check out TripleDES or AES instead.


A common trick used by routers/VPNs, which gives speed to the safety of public/private key is to... Generate a random key. Use the public key to encrypt it as the beginning of the file (packet). Encrypt the rest of the file (data) with DES (or 3DES, AES, etc.).

On the other side... Decrypt the generated key using the private key. Decrypt the rest of the file using the generated key. etc.

There is also a fancy protocol to constantly change the symetric key every few seconds, but that may be overkill here.

Henry
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Bala Raju Mandala:
My requirement is to send >50 MB files. Is RSA is a good algorithem to implement for encrypting and decrypting that considerable large files?

What Ulf said. RSA is totally inappropriate for your use. RSA can only encipher or decipher blocks that are exactly the same size as the key. So if you have a 1024 bit key, you can only work with 1024 bit long blocks.

And RSA is really slow. It would take forever to do 50Meg.

Normal practice is to generate a random number, called a session key, say 256 bits long. Use RSA to send it securely between Alice and Bob. Then use AES, Blowfish, or some other fast algorithm, keyed by the 256 bit secret, to protect your 50Meg of data.
 
Bala Raju Mandala
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Henry and Pat thank you verymuch for your reply.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic