aspose file tools*
The moose likes Servlets and the fly likes Encryption and Decryption Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Encryption and Decryption" Watch "Encryption and Decryption" New topic
Author

Encryption and Decryption

Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
HeLLo Sir;-)
I am developing a web application in which login page has username and password to be entered by user, after clicking on submit button, the user password has to be encrypted in javascript and at server side it is received in servlet where i have to decryt it...
right now i have used hex_hmac_md5(key, userpass); to encrypt in javascript which uses a key also now the question is how to decrypt in sevlet...

Please provide me some help tutorials url's to solve it... as early as possible...
Thanks...
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

MD5 is a hashing function - you are not supposed to decrypt them.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
Thanks for your reply SiR...
Then which is the better way to encrypt password in javascript and decrypt in servlet... and store in database.>>>???
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Why are you encrypting in JavaScript? To me it seems easier to hash the credentials in Java and compare with a stored, hashed value.
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
Actually sir what i need is
-encrypt the password using server generated key in login.jsp
-on clicking submit button servlet is called
-in servlet get encrypted password and decrypt it using same key and store in data base.
Please help me how to do it.....
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42913
    
  68
So you're trying to guard against attacks during transit? That's what SSL is for.
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
but i dont know anything about SSL please help me...
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Sounds like a good time to start learning. Not sure which Servlet container you are using, but here is how you do it in Tomcat.
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
thanks it helped me a lot to understand SSL, i had modified my apache and followed all the steps now project is working fine but it is showing one warning in explorer url bar...
as: Certificate is not from Authorized user.
Tay Thotheolh
Ranch Hand

Joined: Aug 07, 2008
Posts: 84
What warning is it ? Is it an invalid certificate or something like that ?
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
web pages are working fine but the iexplorer is just showing one msg as Certificate is not form authorized userr
when i clicked on help it gone to some CA certificate settings and i have just added some certificate again same msg.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42913
    
  68
That's probably because it's a self-signed (and thus untrusted) certificate. It shouldn't happen once you upgrade to a certificate from a trusted authority like Thawte or Verisign.
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
how to get certificate from CA.....
my project is tested in IBM AppScan in that it given modification that use SSL for login...
whether with self signed SSL it will not show any errors.... or CA certificate is compulsory for IBM AppScan tool....?
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Most likely you need to buy one from a commercial CA. See the names Ulf mentioned before.
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
OK... i will checkout those CA....
Thanks to ALL...


and give me some information about encryption in javascript(login.jsp) and decryption in servlet...
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Just a side note: MD5 is obsolete. It should not be used for any new code. Use SHA1 or SHA256. The replacements are as easy to use, but they are much stronger.
Suleman Kandagal
Greenhorn

Joined: Dec 13, 2010
Posts: 13
Ok SiR Thank you very much...
Thanks to ALL
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Encryption and Decryption