This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
SSL is for securing network connections; it doesn't sound like that's what you intend to do
DES is obsolete and should be considered insecure; use TripleDES or AES instead (it actually looks as if you meant TripleDES, not DES)
SHA is a hash (or digest), sometimes called one-way encryption (in which the encrypted text is not recoverable)
SHA-1 is obsolete and should not be used at this point; consider using SHA-2 instead (also known as SHA-256/SHA-384/SHA-512)
If you told us what, exactly, you intend to you we might be able to give more targeted advice. In particular, how do the 3 parts of your question fit together?
Joined: Jun 23, 2010
Our current application is on Websphere 5.0. Third Party users on some other network fires an https request to a Proxy server sitting on other network.
The proxy server receives encrypted and digitally signed data over https and sends http request ( decrypted + signed data) to our application.
Our application unsigns the data and processes it. Before sending the response back to Proxy server over http, our application creates a signed data and does a direct HTTP Post to Proxy server.
THe proxy server encryptes the signed data and sends to Third Party users.
Now the requirement is the Proxy server would be removed. and all the functionality needs to be maintained within our application :
- SSL Encryption / decryption
- URL mapping and DNS mapping
We need an approach to set this up without modifying the application.