• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Rob Spoor
  • Bear Bibeault
Saloon Keepers:
  • Jesse Silverman
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Al Hobbs
  • salvin francis

Signing the Data

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am new to Java Development. This is a basic question but need your help.

I am working on a web application. I have a login form with login name and password fields. I was told that i need to sign/encrypt the password.
I have no idea about signing/encrypting the data. Could anyone please tell me what exactly is it and How to achieve this?

Thanks in advance,
Kumar.
 
Sukumar Gaade
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Could anyone please help me out!
 
author
Posts: 23909
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I have no idea about signing/encrypting the data. Could anyone please tell me what exactly is it and How to achieve this?



Although, you do use encryption for signing, technically, when you are signing data, you are not protecting it... but a little backgroud.

Encryption is the technique to take the data and convert it to a form which can't be used. This new form needs to be decrypted before it can be used (or even understood). Encryption techniques uses a key to encrypt and decypt. The keys can be symmetic or asymmetric. (asymmetric is used here, so let's only discuss that)

Asymmetic keys means that the keys used to decrypt is not the same key that is used to encrypt. If one of the keys is used to encrypt, the other key is used to decypt -- interestingly any key is used to encrypt or decrypt. These keys are generated in pairs and with one key, you can't figure out the other key (another interesting property).

Anyway, one of the two keys is chosen as the public key and given to everyone. The other key is the private key, and is given to no one.

So,... How does a service use it to sign data? To sign data, the service simply needs to encrypt the data with the private key (sometimes some extra data is also added before encrypt). This doesn't protect the data -- since anyone can get the public key and decrypt it.

However, this data is signed -- why? Because only the service can use the private key. If you take the signed data, decrypt it with the public key, and the data is valid (likely using the extra data), you can conclude that it was signed (encrypted) by the service, since only the service has the private key.

Henry

 
Henry Wong
author
Posts: 23909
142
jQuery Eclipse IDE Firefox Browser VI Editor C++ Chrome Java Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


And BTW, there are quite a few libraries that can help you achieve this. Beginning with version 1.4, Java has such a library built into the core -- google for "JCE reference guide" for more information.

Henry
 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
PT_BR Tutorial
 
reply
    Bookmark Topic Watch Topic
  • New Topic