• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

how to cnecrypt password and stored in database

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

currently I'm working on encryption and decryption password using RSA algorithm.

I did on some sample programs to encrypt and decrypt with RSA but not stored in DB.

How can I get correct password from DB using RSA.

Please provide me some sample code for RSA algorithm.

[ UD: We prefer to UseTheForumNotEmail. That way everybody can get the benefit of seeing the discussion. ]


Thanks,
Sai.
[ July 07, 2008: Message edited by: Ulf Dittmer ]
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not sure what you're asking. You said you've done RSA already. What difference does it make for the cryptography whether the password is stored in a DB or not?

Or are you asking how to store something in a DB? In that case, be aware that something encrypted is not text - it's binary. So you can't use a char or varchar field, unless you convert it to text first (using something like base-64 encoding).

Finally, the common approach to storing passwords in a database is not to encrypt them, but to hash (or digest) them. That way they can't be recovered by someone who gains access to the DB.
[ July 07, 2008: Message edited by: Ulf Dittmer ]
 
praseedha sai
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

Thanks for your early reply. Yes, I want to store my password in database.

while retriving from the database it'll come from the decrypt mode and compare with current password. if both are equals then it will goes to the next page.

but initially I want to encrypt a string and stored in database and decrypt it.


please find my code here.

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;

import javax.crypto.Cipher;


public class EncryptionRsa {

String userName ="Hello";
String password = "hello123";
byte [] encPassword = null;
String decPassword = null;
String pass = null;
byte[] ciphertextBytes = null;
byte[] textBytes = null;

public void encryptPass(String userName, String password, PublicKey pubKey) {
try {
password = userName+password;
Cipher encCipher = Cipher.getInstance("RSA");
encCipher.init(Cipher.ENCRYPT_MODE, pubKey);
encPassword = encCipher.doFinal(password.getBytes());
System.out.println("Encrypt Password: "+encPassword);
} catch(Exception e) {
e.printStackTrace();
}
}

public void decryptPass(String userName, String password, PrivateKey priKey) {
try {
textBytes ="hari".getBytes();
Cipher decCipher = Cipher.getInstance("RSA");
decCipher.init(Cipher.ENCRYPT_MODE, priKey);
textBytes = decCipher.doFinal(pass.getBytes());
System.out.println("Decrypt Password: "+decPassword);

} catch(Exception e) {
e.printStackTrace();
}
}

public KeyPair getPrivateKey() throws NoSuchAlgorithmException {
KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
KeyPair keypair = keygen.generateKeyPair();
PublicKey publicKey = keypair.getPublic();
PrivateKey privatekey = keypair.getPrivate();
return new KeyPair(publicKey, privatekey);
}

public static void main(String[] args) throws Exception {
EncryptionRsa encryptionRsa = new EncryptionRsa();
KeyPair kp=encryptionRsa.getPrivateKey();
encryptionRsa.encryptPass("Hello", "hari", kp.getPublic());
encryptionRsa.decryptPass("Hello", "hari", kp.getPrivate());
}

}

Please reply ASAP.

Thanks in advance.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So this is really a question about storing binary data in a DB, not about encryption. I'll move it to the JDBC forum.

Also, please UseCodeTags when posting code of any length. It's unnecessarily hard to read.
 
Ranch Hand
Posts: 242
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As Ulf mentioned, the preferred approach to store the passwords in db is to store the hash (message digest) so that one cannot findout the password if there is any security breach.

Having said that, if you still want to encrypt and store, you can follow these steps.

1. Generate a Private Key and store that in a KeyStore with a password (you shouldn't generate the keypair on demand and use it encrypt. If you do, you will not be able to decrypt as the key you generate next time will be different)

2. Write a class to read the private key, encrypt and decrypt set of bytes.

4. Encrypt the password you want to store using step 2 class and convert into Base64 string (so that you can easily store in the db)

5. Store the base64 encrypted string into the db using Jdbc into a varchar column.
 
author
Posts: 4335
39
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First off, if you're writing your own RSA algorithm you're sort of 're-inventing the wheel' The way modern password encryption is done is to rely on the databases built in method to do the encryption. Most have a command similar to password(value) that you can store in a table such as "INSERT INTO Users (username,pass) VALUES (?,password(?))". Most databases have a number of varieties of password functions for all different encryptions.

Also, decrypting a password is discouraged. You can determined whether the stored value for the password (call it x) is equal to the hashed value of the entered password, such as "SELECT 1 FROM users WHERE username = ? and pass = password(?)". In this way you can verify a user login without ever decrypting and thereby exposing the user's password.
[ July 07, 2008: Message edited by: Scott Selikoff ]
 
reply
    Bookmark Topic Watch Topic
  • New Topic