Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

string encrypt/decrypt API

 
FY Hsieh
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In JDK, what's the common and popular encrypt/decrypt API ?
 
Henry Wong
author
Marshal
Pie
Posts: 21212
81
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by FY Hsieh:
In JDK, what's the common and popular encrypt/decrypt API ?


As of Java 1.4, the cyptography API is included as part of the core. There are some good third party (and open source) solutions, but most programs just use the core libraries now.

Henry
[ November 29, 2006: Message edited by: Henry Wong ]
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JCE is already in place with JDK to take care of your encryption and decryption.But I do not think is has any direct function to do this.
You can use symetric approach if you need to encrypt/decrypt a string.Using the JCE you can create symetric key and then with the help of cipher and the key you can decrypt and you need to use the very same key for decryption.
 
FY Hsieh
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Rahul Bhattacharjee:
JCE is already in place with JDK to take care of your encryption and decryption.But I do not think is has any direct function to do this.
You can use symetric approach if you need to encrypt/decrypt a string.Using the JCE you can create symetric key and then with the help of cipher and the key you can decrypt and you need to use the very same key for decryption.


Thanks. what if the party that needs to decrypt resides on another server and needs to decrypt the string I pass from my server ? Do people usually pass the string along with the key over the network ?
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Do people usually pass the string along with the key over the network ?

That kind of defeats the purpose of encryption. I f you pass the ciphertext along with the key for decryption you might as well send the cleartext instead. Generally, the key is communicated to wherever it is needed by other channels.
 
FY Hsieh
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:

That kind of defeats the purpose of encryption. I f you pass the ciphertext along with the key for decryption you might as well send the cleartext instead. Generally, the key is communicated to wherever it is needed by other channels.


so, could you give some details on how to pass an encrypted string to another JVM (suppose they can use the same encryption algorithm or API) ?
 
FY Hsieh
Ranch Hand
Posts: 73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:

That kind of defeats the purpose of encryption. I f you pass the ciphertext along with the key for decryption you might as well send the cleartext instead. Generally, the key is communicated to wherever it is needed by other channels.


so, could you give some details on how to pass an encrypted string to another JVM (suppose they can use the same encryption algorithm or API) for it to be decrypted on the other end ?
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As Ulf mentioned ; by some other channed it should be made available to the JVM.

The key that you have used for encrypting , you can make a BAES64 encoded string out the key bytes.(key.getEncoded() would return you the raw bytes of the keys.)
Then put that encoded key string into a property file.You can now change the server code to look the property , decode using BASE64 , construct the key and use that for decrypting the cipher.
 
Tim LeMaster
Ranch Hand
Posts: 226
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If I need to send some encrypted text from one machine to another, I'd use the commonly accepted way to do this - SSL. You could do HTTPS or just your own plaintext protocol - think telnet - but stream it with SSL over the TCP layer.

You get mutual authentication if you want it. You get a stream cipher so you can send data of any size. Check out SSLSocket.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can copy the file containing the key to every machine where it's needed. Or does the key change so frequently that this isn't feasible?
 
Henry Wong
author
Marshal
Pie
Posts: 21212
81
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by FY Hsieh:

so, could you give some details on how to pass an encrypted string to another JVM (suppose they can use the same encryption algorithm or API) for it to be decrypted on the other end ?


If you use an encryption algorithm that uses asymetric keys, then this should be easy to accomplish.

Basically, the target machine will need to generate a keypair, then pass the public key of the pair (in clear text) to the source machine. The source machine will then encrypt the data using the public key, and send it to the target machine. The target machine can then decrypt the data using the private key.

Anyone that watches this transaction will have the encypted data and the public key. And since the data was encrypted with the public key, it isn't capable of decrypting it.

Henry
 
D Rog
Ranch Hand
Posts: 472
Linux Objective C Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Henry
Do you have any working examples of your approach? it looks very interesting for me, however I wouldn't like to start with pure idea.
 
Henry Wong
author
Marshal
Pie
Posts: 21212
81
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by D Rog:

Do you have any working examples of your approach? it looks very interesting for me, however I wouldn't like to start with pure idea.


I would hardly call this "my approach" -- as I didn't invent any of this stuff. I merely use it. But here are a couple of code snippets...

Here is how the target machine should generate the key pairs. Notice that you need to get the bytes for the public key -- so that you can send it over the network to the source machine.



At the source machine, you need to regenerated the public key (you have to know that the RSA algorithm uses X509 format for the public key). With the public key, you then encrypt the data that you want to send over to the target.



At the target machine, you need to decrypt the ciphertext back to the original clear text. This is done with the private key that was generated -- and that was *not* sent over.



Hope this helps,
Henry
[ December 08, 2006: Message edited by: Henry Wong ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic