File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes I/O and Streams and the fly likes Ciphering a Serailized Object Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » I/O and Streams
Bookmark "Ciphering a Serailized Object" Watch "Ciphering a Serailized Object" New topic

Ciphering a Serailized Object

Muhammad Farag

Joined: Mar 15, 2007
Posts: 12
hi guys i`m making a project , i will paint the all picture for you.
i have to create a server that send a serialized object to another client but this stream must be encrypted using a Cipher class but i just cant do this ... i will send a test code only but You will get the idea from it

all repliers are thanked in advance.

Rob Spoor

Joined: Oct 27, 2005
Posts: 20279

If you're using sockets to transfer the data, yYou could do this by using a custom Socket and ServerSocket:

I found this approach on, and it can be used with any type of FilterInputStream and FilterOutputStream; their example showed sending data using GZip compression.

If you're using RMI, you can use the same classes as above, and use a custom subclass of java.rmi.server.RMISocketFactory that returns instances of these classes for the abstract methods. Then you can pass an instance of this socket factory to the constructor of java.rmi.server.UnicastRemoteObject, or when calling java.rmi.registry.LocateRegistry's createRegistry or getRegistry methods.

How To Ask Questions How To Answer Questions
Rob Spoor

Joined: Oct 27, 2005
Posts: 20279

One correction to the above code.

A cipher is either initialized to encrypt or decrypt, not both. Therefore, you'll need two ciphers - one for encrypting and one for decrypting. You'll use the decrypt cipher in getInputStream() since you'll decrypt the data you've read, and use the encrypt cipher in getOutputStream() since you'll encrypt the data you're going to send.

This even allows for asymmetric encryption: the ciphers used for encrypting and decrypting can be totally different. This way, if you send the same data back, it will look different for anyone intercepting the data packets. Just make sure that the socket's encrypt cipher matches the server socket's decrypt cipher and vice versa.

Of course using the same cipher (except one for encrypting, the other for decrypting) will make sure there will be no bugs due to incorrect linking of the ciphers.

You can also write a wrapper around the ciphers, that can both encrypt and decrypt, and then either return encryption and decryption ciphers, or methods to wrap an input stream into a CipherInputStream and an output stream into a CipherOutputStream.
I agree. Here's the link:
subject: Ciphering a Serailized Object
It's not a secret anymore!