Hi there, I'm trying to encrypt a string and store it in a database field, but the String rapresentation of the byte doesn't seems to be fine. 19:57:29,052 DEBUG [Encryptor] [byteToString] the String: �Ǘ����Ϗ�Y
And BTW, if you want to convert the binary byte array to a string with ASCII characters, you may want to run it through an encoder (either uuencode or base64).
Joined: Dec 23, 2005
Thanks for your reply. I'm don't really know java.security and I only need it to store a password in a database field, but the string must be encoded in an algorithm, then should be readable by containers in order to authentify the user login.
I usually let Mysql encode the string for me and even if it wasn't a good practice it was fine. Now,I want move on and let my app. do it. It doesn't look fine to me because as I said, Mysql stored a kind of string having alfa numeric chars and this one has ???.
Would you give some advice on what is best way to achieve what I want? Does anybody know any good tutorial on the web?
Joined: Mar 22, 2005
First of all, a digest is not an encryption. You will not be able to recover the cleartext of anything that has been digested. What you propose is still OK, just keep in mind that if you want to compare the digested password to second one, then you need to digest the second one, and then compare the digests. But that's standard procedure for storing passwords.
As Henry said, creating a String from the byte doesn't make sense. Just store it in the DB as it is (in a binary field, obviously). If for some reason you only have character fields, pass the byte through a base64-encoding, thus converting it to ASCII. The Jakarta Commons Codec library can do this.
hi, thanks for your help. I added the jakarta-commons-codec and changed my method:
now I only have alfa numeric chars iceXArQRoLicz4+OAVkPDA== however, i'm not sure yet to have done the right thing, (I'd like to know your opnion on my code above). Also, looking at the jakarta API I noticed methods such as md5Hex(byte data) which returns a a 32 character hex string. But I'd like to know what is the difference between. Thanks again.
now I only have alfa numeric chars iceXArQRoLicz4+OAVkPDA== however, i'm not sure yet to have done the right thing, (I'd like to know your opnion on my code above).
One way to tell if something might be base64 encoded is the equals sign. There should be *no* equals signs in the middle of the string, as base64 doesn't use it as part of the code. The equals sign(s) (at the end) is used by base64 to determine the padding needed to decode it back to binary. In other words, it looks fine to me.
BTW, you will not be decoding it -- as it will not be possible to reverse the message digest. Instead, when you challenge a user for the password, you will digest and base64 encode that, so that you can match the result in the database.
Anyway, I would recommend testing it with a few passwords. Some things to note are:
- The same password should yield the same base64 message digest. - Passwords that differ slightly, should have base64 message digest that differ drastically. - The generated base64 message digest should be the same size, regardless of the size of the password.
If these are the characteristics, you probably done it correctly.
Henry [ March 25, 2007: Message edited by: Henry Wong ]