• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Share encryption key which can be used in Java and .Net

 
Ranch Hand
Posts: 51
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have to write a Login module which will accept encrypted password, but the service which will invoke this is in .Net. How do I generate they key and share with the consumer/ .Net developer. So the encryption and decryption will be seamless.
 
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your requirement is not clear to me.

1) Does the .NET side already exist or are you going to write it?
2) It is relatively easy to create a shared secret between two parties using Diffe-Hellman key exchange (http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange ). The difficulty is in proving that each end of the connection is who they say they are. What are the requirements for this authentication?
3) Encrypting passwords is usually not a good idea but much depends on why you are doing it. Why are you encrypting the password? What is the purpose of the password?

The industry standard for secure communication between two parties is SSL/TLS ( http://en.wikipedia.org/wiki/Transport_Layer_Security ) which provides for both secure communication and authentication. SSL/TLS is available for both Java and .NET . Data transfer through an SSL/TLS channel is encrypted so there is normally no need for explicit encryption of the password.
 
Debopam Poddar
Ranch Hand
Posts: 51
jQuery Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My requirement is .Net program will encrypt the String and Java program will decrypt the encrypted String. How to achieve this?
 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Debopam Poddar wrote:My requirement is .Net program will encrypt the String and Java program will decrypt the encrypted String. How to achieve this?



Your original post indicated that this String is actually a password and I am uncomfortable with the implications. The code to perform simple encryption is straight forwards in both .NET and Java but as you are obviously aware the problem is in sharing the keys. It is not sufficient to just share keys though this can easily be achieved using DH. Since you feel the need to encrypt the password the implication is that the channel along which the information is being sent can be observed by a third party. This in turn implies that it could be possible for a malicious third party to intercept the channel and perform a man-in-the-middle attack.The leads to the more difficult problem of each side authenticating the other and DH alone does not address this.

On the surface it seems likely that SSL/TLS will solve your problem since it has mechanisms for both authentication and key exchange built in. BUT - the devil is in the detail and you have given no detail.

Of course one side could just simply write the key to a floppy, CD or memory stick and deliver it by hand to the other side.

 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic