• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Encryption and Decryption

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HeLLo Sir;-)
I am developing a web application in which login page has username and password to be entered by user, after clicking on submit button, the user password has to be encrypted in javascript and at server side it is received in servlet where i have to decryt it...
right now i have used hex_hmac_md5(key, userpass); to encrypt in javascript which uses a key also now the question is how to decrypt in sevlet...

Please provide me some help tutorials url's to solve it... as early as possible...
Thanks...
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
MD5 is a hashing function - you are not supposed to decrypt them.
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your reply SiR...
Then which is the better way to encrypt password in javascript and decrypt in servlet... and store in database.>>>???
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why are you encrypting in JavaScript? To me it seems easier to hash the credentials in Java and compare with a stored, hashed value.
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Actually sir what i need is
-encrypt the password using server generated key in login.jsp
-on clicking submit button servlet is called
-in servlet get encrypted password and decrypt it using same key and store in data base.
Please help me how to do it.....
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
So you're trying to guard against attacks during transit? That's what SSL is for.
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
but i dont know anything about SSL please help me...
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sounds like a good time to start learning. Not sure which Servlet container you are using, but here is how you do it in Tomcat.
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks it helped me a lot to understand SSL, i had modified my apache and followed all the steps now project is working fine but it is showing one warning in explorer url bar...
as: Certificate is not from Authorized user.
 
Ranch Hand
Posts: 84
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What warning is it ? Is it an invalid certificate or something like that ?
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
web pages are working fine but the iexplorer is just showing one msg as Certificate is not form authorized userr
when i clicked on help it gone to some CA certificate settings and i have just added some certificate again same msg.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's probably because it's a self-signed (and thus untrusted) certificate. It shouldn't happen once you upgrade to a certificate from a trusted authority like Thawte or Verisign.
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
how to get certificate from CA.....
my project is tested in IBM AppScan in that it given modification that use SSL for login...
whether with self signed SSL it will not show any errors.... or CA certificate is compulsory for IBM AppScan tool....?
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Most likely you need to buy one from a commercial CA. See the names Ulf mentioned before.
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK... i will checkout those CA....
Thanks to ALL...


and give me some information about encryption in javascript(login.jsp) and decryption in servlet...
 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Just a side note: MD5 is obsolete. It should not be used for any new code. Use SHA1 or SHA256. The replacements are as easy to use, but they are much stronger.
 
Suleman Kandagal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok SiR Thank you very much...
Thanks to ALL
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic