File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Encryption tool that always encrypts a string in the same way Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Encryption tool that always encrypts a string in the same way" Watch "Encryption tool that always encrypts a string in the same way" New topic
Author

Encryption tool that always encrypts a string in the same way

Dan Arbo
Greenhorn

Joined: Jul 04, 2011
Posts: 22
Hi all,

I don't know much about encryption and I am trying - and failing - to do something very basic...
I need to encrypt a string ( it would be the user's email ) and I would like the encryption to always generate the same resulting string.

For passwords I am using Jasypt, it works fine.

I am also storing the user's email, and I am using that field for searches ( email / password combination is correct, scroll through the emails when user registers to see if the same email has already been used )

If the encryption always return a different string for the same email, I can't select just the record I want, by user email, and use Jasypt to verify the password.
The user base is still small and I could just have the result set of all the emails / passwords and check them one by one until I reach the right record, then verifying the password.
I am not sure if the same approach would work if the user base grows.

I have been searching a lot, but I haven't found any method to have String "email@email.com" consistently transformed into "abcdef".
Can anybody possibly direct me towards a tutorial which does that? I have seen quite a few, but none of them does what I would need. Or at least, maybe they do but only setting some properties I am not aware of.

Thank you very much in advance.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Using the same encryption algorithm with the same password transforms the same cleartext into the same crypttext every time. Are you maybe using a different password each time? Or adding a different salt to the cleartext before encryption? I'm not familiar with jasypt, so don't how it works under the hood.
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38016
    
  22
That’s too difficult a question for “beginning”, so I shall move it.
Dan Arbo
Greenhorn

Joined: Jul 04, 2011
Posts: 22
Tim, I added the keywords you mentioned in your reply ( many thanks btw ) and found the solution.

I was using Jasypt's basic text encryption. Anyone bumping into this thread, here are the different results:



which prints out ( including some non printable characters ):



So digester is the way to go.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
So digester is the way to go.

You're aware that a digest is not a cipher, and that you will consequently not be able to reverse (i.e., decrypt) the text?

If you're serious about using jasypt, I'd look into why encrypting the same text produces different results. That's not how encryption works, which suggests that there's more to using jasypt than what your code currently does.
Dan Arbo
Greenhorn

Joined: Jul 04, 2011
Posts: 22
You're aware that a digest is not a cipher, and that you will consequently not be able to reverse (i.e., decrypt) the text?
I am now, thanks Tim!

I have spent a lot of time searching why Jasypt does that, and if there any way to make it behave the way I wanted.

I do not have any reasons to use Jasypt except that it seemed easy to use and encryption is not "central" for my application, just useful.

I guess that the best option now is to look for a different tool. If anybody is aware of one that does what I need out of the box, feel free to suggest.
In the meantime I will look for something and post the solution when I found it
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
One thing to try would be to see if these two codes produce the same results:



Dan Arbo
Greenhorn

Joined: Jul 04, 2011
Posts: 22
One thing to try would be to see if these two codes produce the same results:
Not even remotely...



gives



The same behaviour is repeated across all the tutorials I have come across, and they've been quite a few.

I believe that at this point scrambling the string containing the email is the best option for me, otherwise the gain would be greatly outweighed by the pain... Got enough of that in my life having had to use hibernate, spring and gwt in the past
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
OK, then it's really time to read the jasypt documentation before you encrypt something that you can't later decrypt :-)
Tammo Tran
Greenhorn

Joined: Nov 22, 2013
Posts: 1
Apply a ZeroSaltGenerator to produce consistent results

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Encryption tool that always encrypts a string in the same way
 
Similar Threads
Encrypted Password for Oracle JDBC
Store JDBC connection password
BadPaddingException using AES
Where to locate secret key?
JASYPT library usage for where clause