aspose file tools*
The moose likes JDBC and the fly likes how to cnecrypt password and stored in database Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "how to cnecrypt password and stored in database" Watch "how to cnecrypt password and stored in database" New topic
Author

how to cnecrypt password and stored in database

praseedha sai
Greenhorn

Joined: Dec 19, 2007
Posts: 19
Hi,

currently I'm working on encryption and decryption password using RSA algorithm.

I did on some sample programs to encrypt and decrypt with RSA but not stored in DB.

How can I get correct password from DB using RSA.

Please provide me some sample code for RSA algorithm.

[ UD: We prefer to UseTheForumNotEmail. That way everybody can get the benefit of seeing the discussion. ]


Thanks,
Sai.
[ July 07, 2008: Message edited by: Ulf Dittmer ]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42596
    
  65
I'm not sure what you're asking. You said you've done RSA already. What difference does it make for the cryptography whether the password is stored in a DB or not?

Or are you asking how to store something in a DB? In that case, be aware that something encrypted is not text - it's binary. So you can't use a char or varchar field, unless you convert it to text first (using something like base-64 encoding).

Finally, the common approach to storing passwords in a database is not to encrypt them, but to hash (or digest) them. That way they can't be recovered by someone who gains access to the DB.
[ July 07, 2008: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
praseedha sai
Greenhorn

Joined: Dec 19, 2007
Posts: 19
Hi,

Thanks for your early reply. Yes, I want to store my password in database.

while retriving from the database it'll come from the decrypt mode and compare with current password. if both are equals then it will goes to the next page.

but initially I want to encrypt a string and stored in database and decrypt it.


please find my code here.

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;

import javax.crypto.Cipher;


public class EncryptionRsa {

String userName ="Hello";
String password = "hello123";
byte [] encPassword = null;
String decPassword = null;
String pass = null;
byte[] ciphertextBytes = null;
byte[] textBytes = null;

public void encryptPass(String userName, String password, PublicKey pubKey) {
try {
password = userName+password;
Cipher encCipher = Cipher.getInstance("RSA");
encCipher.init(Cipher.ENCRYPT_MODE, pubKey);
encPassword = encCipher.doFinal(password.getBytes());
System.out.println("Encrypt Password: "+encPassword);
} catch(Exception e) {
e.printStackTrace();
}
}

public void decryptPass(String userName, String password, PrivateKey priKey) {
try {
textBytes ="hari".getBytes();
Cipher decCipher = Cipher.getInstance("RSA");
decCipher.init(Cipher.ENCRYPT_MODE, priKey);
textBytes = decCipher.doFinal(pass.getBytes());
System.out.println("Decrypt Password: "+decPassword);

} catch(Exception e) {
e.printStackTrace();
}
}

public KeyPair getPrivateKey() throws NoSuchAlgorithmException {
KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
KeyPair keypair = keygen.generateKeyPair();
PublicKey publicKey = keypair.getPublic();
PrivateKey privatekey = keypair.getPrivate();
return new KeyPair(publicKey, privatekey);
}

public static void main(String[] args) throws Exception {
EncryptionRsa encryptionRsa = new EncryptionRsa();
KeyPair kp=encryptionRsa.getPrivateKey();
encryptionRsa.encryptPass("Hello", "hari", kp.getPublic());
encryptionRsa.decryptPass("Hello", "hari", kp.getPrivate());
}

}

Please reply ASAP.

Thanks in advance.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42596
    
  65
So this is really a question about storing binary data in a DB, not about encryption. I'll move it to the JDBC forum.

Also, please UseCodeTags when posting code of any length. It's unnecessarily hard to read.
Santhosh Kumar
Ranch Hand

Joined: Nov 07, 2000
Posts: 242
As Ulf mentioned, the preferred approach to store the passwords in db is to store the hash (message digest) so that one cannot findout the password if there is any security breach.

Having said that, if you still want to encrypt and store, you can follow these steps.

1. Generate a Private Key and store that in a KeyStore with a password (you shouldn't generate the keypair on demand and use it encrypt. If you do, you will not be able to decrypt as the key you generate next time will be different)

2. Write a class to read the private key, encrypt and decrypt set of bytes.

4. Encrypt the password you want to store using step 2 class and convert into Base64 string (so that you can easily store in the db)

5. Store the base64 encrypted string into the db using Jdbc into a varchar column.
Scott Selikoff
author
Saloon Keeper

Joined: Oct 23, 2005
Posts: 3716
    
    5

First off, if you're writing your own RSA algorithm you're sort of 're-inventing the wheel' The way modern password encryption is done is to rely on the databases built in method to do the encryption. Most have a command similar to password(value) that you can store in a table such as "INSERT INTO Users (username,pass) VALUES (?,password(?))". Most databases have a number of varieties of password functions for all different encryptions.

Also, decrypting a password is discouraged. You can determined whether the stored value for the password (call it x) is equal to the hashed value of the entered password, such as "SELECT 1 FROM users WHERE username = ? and pass = password(?)". In this way you can verify a user login without ever decrypting and thereby exposing the user's password.
[ July 07, 2008: Message edited by: Scott Selikoff ]

My Blog: Down Home Country Coding with Scott Selikoff
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to cnecrypt password and stored in database