Writing Encrypted Strings

Hello,

I'm hoping someone can let me know if I'm on the right track here... I have a properties file that is loaded into memory. Under certain circumstances, I wish to encrypt the values for some properties in the Properties object now in memory and subsequently write the data back out to the properties file from whence it came. This worked great if I simply called store() on the Properties object. I could encrypt and decrypt to my heart's content. Of course, calling "store()" doesn't preserve any of the comments in my properties file so I set about writing some code (see below) that would

A.) preserve comments
B.) write the encrypted data for properties that have been encrypted.

Here's that code...
private void writeFilePreserveComments(String path) { //the properties have already been loaded from the filesystem and now //reside in memory. we need to write the new values out. we need to read //the existing file in line by line and when we come across our //encrypted property write THAT new value out otherwise, just rewrite the //existing line out. BufferedReader in = null; BufferedWriter out = null; //get the input stream for our file //this will be read in line by line File inFile = new File(path); File outFile = new File(path + ".new"); try { in = new BufferedReader(new FileReader(inFile)); //this will be used to write the data back out out = new BufferedWriter(new FileWriter(outFile)); String line = null; while ((line = in.readLine()) != null) { //read the line in and check if it corresponds to a //property that we have encrypted. if (line.length() <= 0) { out.newLine(); } line = checkLineForEncryptedProperty(line); out.write(line); out.newLine(); } } catch (IOException io) { logger.debug("Error while writing DRMConfig.properties: " + io.getMessage()); } finally { try { in.close(); out.close(); logger.debug("renaming..."); inFile.delete(); boolean b = outFile.renameTo(new File(path)); logger.debug("rename successfull: " + b); } catch (IOException ioe) { logger.error("Error closing input/output streams: " + ioe.getMessage()); } } } //checks if the current String contains a newly encrypted //property if it does, it returns a new line with the encrypted property //value, if not it just returns the line it was passed. private String checkLineForEncryptedProperty(String line) { String newLine = line; for (Iterator i = this.propertiesToEncrypt.iterator(); i.hasNext() :wink: { String property = (String)i.next(); if (newLine.indexOf(property) != -1) { logger.debug("Line has property... " + property); String[] propAndValue = newLine.split("=", -1); //logger.debug(newLine); //this should ALWAYS RESULT in an array of length 2 //for the line we're interested in. if (propAndValue.length != 2) { logger.debug("split unsuccessful. size !=2"); break; } else { logger.debug("split line."); newLine = propAndValue[0] + "=" + (String)properties.getProperty(property); } } } return newLine; }

So before a line is written out, that line is checked to see if it is the key/value pair corresponding to a property that is now encrypted in memory. If it is, that value is gotten from the Properties object and concatenated on to the property and returned to be written out. Here's the result...

my.prop.uname=$b122r73w$M#�g0��O�^��, my.prop.up=$b122r73w$�Fu[V my.prop.dbu=$b122r73w$�9{+ZVzb\?��o��o��j6����N�\ my.prop.dbp=$b122r73w$ R���;�

The leading $b122r73w$ is just a flag to determine if the property has been encrypted. The actual "encrypted" value follows that String and is, as you can see, garbage.

So my question here is threefold...

A.) Why does the store() method of the Properties object write encrypted data properly and my code doesn't?
B.) What is actually being written out through my code? I see the same garbage in a println or logger.debug statement so I can only assume that the OutputStream I am using isn't cutting it... but what is it doing to the encrypted value?
C.) Should I be using a CipherOutputStream to write my encrypted value?

If I do use a CipherOutputStream... will it allow me to write unencrypted Strings?

Thanks in advance for any guidance.

--BW

FileWriter(outFile));
A Writer expects to output Unicode characters in a particular encoding and is probably changing your encrypted bytes. You should use a FileOutputStream.
Bill

Thanks for the reply Bill. You're of course correct - I should be dealing with the raw bytes and writing them out. I modified my code to use a FileOutputStream instead as you suggested, but to no avail... I get the same garbage on output. So, thinking that perhaps there was some issue with properties.getProperty("myEncryptedProperty"), I decided instead to:

A.)Read a line of text in from the FileReader and parse it it into
the property name and the current unencrypted property value
B.) Write out the property name as bytes
C.) Write the result of encrypting the property value.

So essentially I'm doing the encryption twice - once to set the property value in memory and the second to just write it out to the file. I was confident that this would work and I could go back and refactor the code later. It didn't! I get the same garbage... BUT if I just call properties.store() it works great. There's got to be something else more insidious at work here... It may have to do with this - from the Properties class javadoc...

Then every entry in this Properties table is written out, one per line. For each entry the key string is written, then an ASCII =, then the associated element string. Each character of the key and element strings is examined to see whether it should be rendered as an escape sequence. The ASCII characters \, tab, form feed, newline, and carriage return are written as \\, \t, \f \n, and \r, respectively. Characters less than \u0020 and characters greater than \u007E are written as \uxxxx for the appropriate hexadecimal value xxxx. For the key, all space characters are written with a preceding \ character. For the element, leading space characters, but not embedded or trailing space characters, are written with a preceding \ character. The key and element characters #, !, =, and : are written with a preceding backslash to ensure that they are properly loaded.

The result of the store call (which just uses a regular FileOutputStream:
e.g new BufferedOutputStream(new FileOutputStream(new File(path+".store"))) is a bunch of hexadecimal values, which CAN be decrypted properly

my.property.uname=$b122r73w$M\#\u00E0\u007Fg0\u00C7\u00DC\u001BO\u00D7^\u0010\u00F3\u2039, my.property.dbu=$b122r73w$\u0013\u00B79{+ZVzb\\\u0004\uFFFD\u00AA\u00BDo\u00B7\u00B7o\u00E6\u00C6j\u001C6\u00A4\u00CA\u02C6\u00B9N\u00A4\u001F\\\u0013 my.property.dbp=$b122r73w$R\u00B5\u00BB\u00B5;\u00C3\u0000\u00CD\u00A5\u00CEG\u2026\u00EE\u2122?\u00B7o\u00E6\u00C6j\u001C6\u00A4\u00CA\u02C6\u00B9N\u00A4\u001F\\\u0013

The result of the new code is still garbage e.g.
com.axeda.drm.actuate.report.unameM#�g0��O�^��,

And here's the new code...
try { in = new BufferedReader(new FileReader(inFile)); //this will be used to write the data back out //out = new BufferedWriter(new FileWriter(outFile)); out = new BufferedOutputStream(new FileOutputStream(outFile)); String line = null; while ((line = in.readLine()) != null) { //read the line in and check if it corresponds to a //property that we have encrypted. if (line.length() <= 0) { out.write(new String("\n").getBytes()); } if (checkLineForEncryptedProperty(line)) { //byte[] propName = parseBeginning(line); //byte[] all = { parseBeginning(line), parseEnd(line) }; out.write(parseBeginning(line)); // byte[] propValue = ; out.write(parseEnd(line)); } else { out.write(new String("\n").getBytes()); out.write(line.getBytes()); } . . . . . . private byte[] parseBeginning(String line) { String[] propAndValue = line.split("=", -1); return propAndValue[0].getBytes(); } private byte[] parseEnd(String line) { String[] propAndValue = line.split("=", -1); AESService service = null; byte[] bytes = null; try { service = AESPool.getService(); bytes = service.encrypt(propAndValue[1].getBytes()); } catch (GeneralSecurityException gse) { logger.debug("propblem in parseEnd()" + gse.getMessage()); //throw new EncryptionException(gse.getMessage()); } finally { AESPool.releaseService(service); } return bytes; }

Thanks for continued help - I'm really confused about what the problem could with JUST writing out bytes...

--BW

Just a little more info on this... if code the following...
byte[] propValue = parseEnd(line); byte[] decrypt = service.decrypt(propValue); logger.debug("ENC STRING: " + new String(propValue)); logger.debug("DEC STRING: " + new String(decrypt));
I get the following output...
ENC STRING: M#α⌂g0╟▄←O╫^►≤�, DEC STRING: bwainwright ENC STRING: ♥�Fu♥[V k�╞≡(�φ╪ DEC STRING: $PASS$ ENC STRING: ‼╖9{+ZVzb\♦?�╜o╖╖o�╞j∟6�╩�╣N�▼\‼ DEC STRING: $DB_USER$ ENC STRING: R╡╗╡;├ ═�╬G�ε�?╖o�╞j∟6�╩�╣N�▼\‼ DEC STRING: $DB_PASS$

Looks good right? The output to the file is still junk however - it seems that some of these encrypted characters aren't recognized by the filesystem (Windows 2000)? What it appears the store method is doing is converting these characters to their respective unicode escaped values? I'm gonna try doing the same thing, but if anyone has some ideas let me know...

BufferedReader(new FileReader(inFile));
A FileReader interprets the input stream as characters in a particular encoding so it has the same problem as FileWriter.
Note that the Properties class load and store methods all use Reader and Writer with the built in assumption of character conversion.
Why not encode your encrypted bytes using base64 - that way you end up with plain ASCII code - There are base64 tools in the Apache Commons project.
Bill

Hey Bill,

Good Idea. I wish I had thought of it. :-) -

A FileReader interprets the input stream as characters in a particular encoding so it has the same problem as FileWriter.

Certainly... but if my property value has been properly written as an ASCII String then I don't need to worry about the encoding. I simply need to read it in line by line. Nes pas? Anyway, here's the completed and functioning code for anyone who's looking...

//this checks a line in My.properties to determine if //that line pertains to a property that is set to be encrypted. private boolean checkLineForEncryptedProperty(String line) { String newLine = "\n" + line; boolean val = false; for (Iterator i = this.propertiesToEncrypt.iterator(); i.hasNext() :wink: { String property = (String)i.next(); if (newLine.indexOf(property) != -1) { String[] propAndValue = newLine.split("=", -1); //this should ALWAYS RESULT in an array of length 2 //for the line we're interested in. if (propAndValue.length != 2) { break; } else { val = true; } } } return val; } private String parseBeginning(String line) { String[] propAndValue = line.split("=", -1); return propAndValue[0]; } private String parseEnd(String line) { String[] propAndValue = line.split("=", -1); return propAndValue[1]; } private void writeFilePreserveComments(String path) { //the properties have already been loaded from the filesystem and now //reside in memory. we need to write the new values out. we need to read //the existing file in line by line and when we come across our //encrypted property write THAT new value out otherwise, just rewrite the //existing line out. BufferedReader in = null; BufferedOutputStream out = null; //get the input stream for our file //this will be read in line by line File inFile = new File(path); File outFile = new File(path + ".new"); try { in = new BufferedReader(new FileReader(inFile)); //this will be used to write the data back out //out = new BufferedWriter(new FileWriter(outFile)); out = new BufferedOutputStream(new FileOutputStream(outFile)); String line = null; while ((line = in.readLine()) != null) { //read the line in and check if it corresponds to a //property that we have encrypted. if (line.length() <= 0) { out.write(new String("").getBytes()); } if (checkLineForEncryptedProperty(line)) { String propName = parseBeginning(line); //write out as UTF-8 encoded strings - //this shoudl be finalized someplace and not hardcoded out.write(propName.getBytes("UTF8")); out.write(new String("=").getBytes("UTF8")); //this has been stored in our properties object //either encrypted or not String newPropValue = (String)properties.getProperty(propName); out.write(newPropValue.getBytes("UTF8")); out.write(new String("\n").getBytes("UTF8")); } else { out.write(line.getBytes("UTF8")); out.write(new String("\n").getBytes("UTF8")); } } } catch (UnsupportedEncodingException uee) { logger.debug("Encoding unsupported " + uee.getMessage()); } catch (IOException io) { logger.debug("Error while writing DRMConfig.properties: " + io.getMessage()); } finally { try { in.close(); out.close(); inFile.delete(); boolean b = outFile.renameTo(new File(path)); } catch (IOException ioe) { logger.error("Error closing input/output streams: " + ioe.getMessage()); } } }

And without revealing too much... Here's the appropriate code from the encryption and decryption methods... using the Base64 encoding

DECRYPT.... //the value has been written as a base64encoded string byte[] decryptBytes = new sun.misc.BASE64Decoder().decodeBuffer(value); //bytes were encrypted as utf-8 byte[] utf8Bytes = service.decrypt(decryptBytes); String decryptValue = new String(utf8Bytes, "UTF8"); ------------------- ENCRYPT.... String value = (String)properties.getProperty(property); if (value == null) { throw new Exception("Error encrypting property: " + property + ". The property value is not set."); } else { byte[] utf8 = value.getBytes("UTF8"); byte[] encrypted = service.encrypt(utf8); String encryptedValue = new sun.misc.BASE64Encoder().encode(encrypted); //set our property as a base64 encoded string properties.setProperty(property, encryptedValue);

The new output to my properties file looks as I want it to...
my.uname=TSPgf2cwx9wbT9deEPOLLA== my.password=A5FGdQNbVgBrq8bwKJXt2A== my.dbu=E7c5eytaVnpiXASBqr1vt7dv5sZqHDakyoi5TqQfXBM= my.dbp=IFK1u7U7wwDNpc5Hhe6ZP7dv5sZqHDakyoi5TqQfXBM=

Hope this helps anyone looking to do the same. Thanks again Bill for all the great suggestions!

--bw