Win a copy of Production-Ready Serverless (Operational Best Practices) this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • paul wheaton
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Ron McLeod
  • Tim Moores
  • salvin francis
  • Carey Brown
  • Tim Holloway
  • Frits Walraven
  • Vijitha Kumara

Length of Encrypted String Longer than Original String... Help  RSS feed

Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Sirs et Madames,
I am trying to create a Java application which takes a userID and then encrypts it. The code am using is just something I picked up off the net, I have NO experience with encryption. The problem is that even though the string to be encrypted should (and always will be) 10 characters long, the result is always 24 characters. Considering that the encrypted result will be transformed into a barcode, that creates a rather large barcode, unsuitable for my needs. Am sure there must be a way whereby I encrypt a 10 character string and get back a ten character encrypted version? The code I have is as below:

From what I understand, a triple DES key has to be a 24 byte array. What are the alternatives so that the encrypted version I get back is of the same number of characters (or less, if possible) than the original text?

Also, I am not sure as to how well suited this solution is to my problem. Will different Java Virtual Machines produce different keys, meaning that multiple installations will not be able to reproduce the same encryption given the same keyString?

Is there a simpler solution, considering that the only thing I desire is that the USER_ID is obfuscated to the human eye (doctors, nurses, prying eyes cannot tell WHO these blood results belong to, only the system can). In which case is there not a simple(r) obfuscation algorithm I could use?

Thanks in advance,
Saloon Keeper
Posts: 5327
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For something as sensitive as medical data, onfiscation won't do - you must use encryption. Make sure you understand all the legal requirements of handling medical data.

Encryption algorithms work the same across JVMs. As long as you're using the same key, it should work on whichever JVM the code runs on.

Is there an actual problem with handling 24 characters? Since you're using base-64 on the result, it will always be longer than what you started with.

Lastly, Triple-DES has fallen out of favor as it's kind of dated. Consider using AES instead:
On top of spaghetti all covered in cheese, there was this tiny ad:
global solutions you can do at home or in your backyard
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!