• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

encrypt/decrypt

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello All,
I need a bit of help here. I want to encrypt a string on the server side and decrypt on the client side. Basically i want to encrypt the string on the server and set it as a cookie on the clinet side memory. I want to decrypt it in another browser window and delete it immidiatly.
Can it be done using java? Javascript solution is also helpful.
 
author
Posts: 3252
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Hunter Dash:
Hello All,
I need a bit of help here. I want to encrypt a string on the server side and decrypt on the client side. Basically i want to encrypt the string on the server and set it as a cookie on the clinet side memory. I want to decrypt it in another browser window and delete it immidiatly.
Can it be done using java? Javascript solution is also helpful.


Tricky, if you want to do it right.
The most obvious problem is that you will probably want to deliver the client code over the web. This rules out a "secret key" or "secret algorithm" approach since your decryption key and your software can be intercepted.
This leaves public key cryptography -- client code generates a private/public key pair and sends its public key to the server, which the server uses to encrypt the information. This is secure and proven technology.
But I don't think you would want to implement it in JavaScript
The easiest and probably best way to transfer data using public key cryptography is to use a secure web server (https).
If that's not possible and you need a Java solution, you might have a look at the Java Cryptography Extensions (JCE), Sun's cryptography framework. There are freeware implementations of those, e.g. Cryptix (http://www.cryptix.org). Your clients will need fairly powerful machines and, because you'd be using applets, download times will be slower than you might like.
Regards
- Peter

[This message has been edited by Peter den Haan (edited January 10, 2001).]
 
Hunter Dash
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the info Peter. Basically i am looking for a sample code to accomplish autologin mechanism. This is i what i want to acheive from the client broswer make a call to server to get the userid and password in encrypted format, decrypt on the browser and use the id and password to launch another site (new window) which requires id and password.

Look at the following servlet code. Hardcoding the userid and password, runnung this servlet will launch the amecanexpress site logged in.
Now i do not want to hardcode the user id and password in the code but want to make a call to a server and get them in encrypted format, decrypt them and launch the amex site.
Any pointers and sample code is greatly appreciated.
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.util.*;
/**
* Redirect the browser to the Amex welcome page.
*
* The process is as follows:
* <BR>
* <UL>
* <LI>Scrape the Amex login form to obtain a current hidden field. (I'm skipping
* this step for now. A hidden field obtained yesterday seems to work ok.)
* <LI>Send down a "autoload" form that logs in.
* <LI>
* </UL>
*/
public class AmexAutoLogin extends HttpServlet {
public void service(HttpServletRequest req, HttpServletResponse res) throws IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
Enumeration flds = req.getParameterNames();
out.print("<html>");
out.print("<BODY onLoad=doIt()>");
out.print("<form method=POST name=LOGINFORM action=\"https://www.americanexpress.com/en/expressnet/logon/LogLogon\">");
out.print("<INPUT TYPE=\"hidden\" NAME=\"UserID\" VALUE=\"abc123\">");
out.print("<INPUT TYPE=\"hidden\" NAME=\"Password\" VALUE=\"hunter\">");
out.print("<INPUT TYPE=\"hidden\" NAME=\"OKButton.x\" VALUE=\"Continue...\">");
out.print("<INPUT TYPE=\"hidden\" NAME=\"hidden\" VALUE=\" NCdBNNYhFndP2lyHCQUbtnZpMzBD02OZLZzoohuFDYcdk6LhucvDXzZB0X549 H7RkN6oIXusCZZk2e0dEoRlGZTRotisQfyPrpXI5ieUq6vXZcvDNw\">");
out.print("</form>");
out.print("<script>");
out.print("function doIt(){");
out.print(" var current_form=document.forms[\"LOGINFORM\"];");
out.print(" current_form.submit();");
out.print("");
out.print("}");
out.print("</script>");
out.print("</html>");
out.close();
}
}
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic