Encryption tool that always encrypts a string in the same way

Hi all,

I don't know much about encryption and I am trying - and failing - to do something very basic...
I need to encrypt a string ( it would be the user's email ) and I would like the encryption to always generate the same resulting string.

For passwords I am using Jasypt, it works fine.

I am also storing the user's email, and I am using that field for searches ( email / password combination is correct, scroll through the emails when user registers to see if the same email has already been used )

If the encryption always return a different string for the same email, I can't select just the record I want, by user email, and use Jasypt to verify the password.
The user base is still small and I could just have the result set of all the emails / passwords and check them one by one until I reach the right record, then verifying the password.
I am not sure if the same approach would work if the user base grows.

I have been searching a lot, but I haven't found any method to have String "email@email.com" consistently transformed into "abcdef".
Can anybody possibly direct me towards a tutorial which does that? I have seen quite a few, but none of them does what I would need. Or at least, maybe they do but only setting some properties I am not aware of.

Thank you very much in advance.

Using the same encryption algorithm with the same password transforms the same cleartext into the same crypttext every time. Are you maybe using a different password each time? Or adding a different salt to the cleartext before encryption? I'm not familiar with jasypt, so don't how it works under the hood.

That’s too difficult a question for “beginning”, so I shall move it.

Tim, I added the keywords you mentioned in your reply ( many thanks btw ) and found the solution.

I was using Jasypt's basic text encryption. Anyone bumping into this thread, here are the different results:

package temp; import org.jasypt.util.digest.Digester; import org.jasypt.util.text.BasicTextEncryptor; import org.jasypt.util.text.StrongTextEncryptor; public class Encryption { public static void main ( String [] args ) { String hello = "hello"; BasicTextEncryptor bte = new BasicTextEncryptor (); bte.setPassword ( "a" ); System.out.println ( "Basic text encryptor 1st go = " + bte.encrypt ( hello ) ); System.out.println ( "Basic text encryptor 2nd go = " + bte.encrypt ( hello ) ); StrongTextEncryptor ste = new StrongTextEncryptor (); ste.setPassword ( "a" ); System.out.println ( "Strong text encryptor 1st go = " + ste.encrypt ( hello ) ); System.out.println ( "Strong text encryptor 2nd go = " + ste.encrypt ( hello ) ); Digester digister = new Digester("SHA-1"); byte[] message = "hello".getBytes(); byte[] digest = digister.digest(message); System.out.println ("Digest 1st go = " + new String ( digest ) ); System.out.println ("Digest 2nd go = " + new String ( digest ) ); } }

which prints out ( including some non printable characters ):

Basic text encryptor 1st go = DSayuLjwDf+575M4u8asbQ== Basic text encryptor 2nd go = onF6acCoYTeyht8KgFnhJQ== Strong text encryptor 1st go = C9m/JlhQcKnPCz2qMCRlvg== Strong text encryptor 2nd go = OemO1R5Cy4RnEA2wSTEPmQ== Digest 1st go = ������ھ�;H,ٮ�CM Digest 2nd go = ������ھ�;H,ٮ�CM

So digester is the way to go.

So digester is the way to go.

You're aware that a digest is not a cipher, and that you will consequently not be able to reverse (i.e., decrypt) the text?

If you're serious about using jasypt, I'd look into why encrypting the same text produces different results. That's not how encryption works, which suggests that there's more to using jasypt than what your code currently does.

You're aware that a digest is not a cipher, and that you will consequently not be able to reverse (i.e., decrypt) the text?

I am now, thanks Tim!

I have spent a lot of time searching why Jasypt does that, and if there any way to make it behave the way I wanted.

I do not have any reasons to use Jasypt except that it seemed easy to use and encryption is not "central" for my application, just useful.

I guess that the best option now is to look for a different tool. If anybody is aware of one that does what I need out of the box, feel free to suggest.
In the meantime I will look for something and post the solution when I found it

One thing to try would be to see if these two codes produce the same results:

BasicTextEncryptor bte = new BasicTextEncryptor (); bte.setPassword ( "a" ); System.out.println ( "Basic text encryptor 1st go = " + bte.encrypt ( hello ) ); System.out.println ( "Basic text encryptor 2nd go = " + bte.encrypt ( hello ) );
BasicTextEncryptor bte = new BasicTextEncryptor (); bte.setPassword ( "a" ); System.out.println ( "Basic text encryptor 1st go = " + bte.encrypt ( hello ) ); BasicTextEncryptor bte2 = new BasicTextEncryptor (); bte2.setPassword ( "a" ); System.out.println ( "Basic text encryptor 2nd go = " + bte2.encrypt ( hello ) );

One thing to try would be to see if these two codes produce the same results:

Not even remotely...

String hello = "hello"; BasicTextEncryptor bte1 = new BasicTextEncryptor (); bte1.setPassword ( "a" ); System.out.println ( "bte1 1st go = " + bte1.encrypt ( hello ) ); System.out.println ( "bte1 2nd go = " + bte1.encrypt ( hello ) ); BasicTextEncryptor bte2 = new BasicTextEncryptor (); bte2.setPassword ( "a" ); System.out.println ( "bte2 = " + bte2.encrypt ( hello ) ); BasicTextEncryptor bte3 = new BasicTextEncryptor (); bte3.setPassword ( "a" ); System.out.println ( "bte3 = " + bte3.encrypt ( hello ) );

gives

bte1 1st go = pcO5hY+fxvv5EKR3MdResQ== bte1 2nd go = H03AB17tVsEmHqplf3Z+Iw== bte2 = FN/5N8+JDzGv1xblrfayNw== bte3 = v6dybbm25nQU3JO9ed35sA==

The same behaviour is repeated across all the tutorials I have come across, and they've been quite a few.

I believe that at this point scrambling the string containing the email is the best option for me, otherwise the gain would be greatly outweighed by the pain... Got enough of that in my life having had to use hibernate, spring and gwt in the past

OK, then it's really time to read the jasypt documentation before you encrypt something that you can't later decrypt :-)

Apply a ZeroSaltGenerator to produce consistent results

StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor ( ); encryptor.setProvider(new BouncyCastleProvider()); encryptor.setAlgorithm("PBEWITHSHA256AND128BITAES-CBC-BC"); encryptor.setPassword(secretKey); SaltGenerator saltGenerator = new ZeroSaltGenerator(); encryptor.setSaltGenerator(saltGenerator);