sadhna singh

Greenhorn
+ Follow
since May 29, 2007
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by sadhna singh

Thanks Richard for helping me.

Its working now. and i am getting same result as tool.
I copied the JCE jar files in JDK and JRE both.
10 years ago
Thanks Richard for trying.
may i know what you are getting as result when run the code at your end???

10 years ago
May be not installed correctly.
I have done below step to do so-

1- http://www.oracle.com/technetwork/java/javasebusiness/downloads/java-archive-downloads-java-plat-419418.html#jce_policy-6-oth-JPR
Downloaded the version 6
2- Unzip the downloaded zip
3- Copy local_policy.jar and US_export_policy.jar to the $JAVA_HOME/jre/lib/security (Note: these jars were already there so did overwrite them)

I thought IDE will help to do minor imports n fixes. Anyways i have fixed n edited my second code.no more compilation error.
Can we now talk on real problem?
10 years ago
Thanks again Richard.
I have installed the Unlimited Strength jars in JRE before posting this question here.

your suggestions are welcomed. but i posted here and need help in solving my problem here.
Agree on all suggestion but real problem is as below so cant change algo or ECB .

a) The industry standard for block encryption is AES and not Blowfish. One never gets sacked for using the industry standard so unless you re trying to match some legacy system then re-think your use of Blowfish.

I agree but unfortunately ,I can not change as client is using it at there end for encryption. they use webnet77 tool and send us the encrypted code and key.
we decrypt at our end. So i am forced to get same output as that tool.


b) Your code by default uses ECB block mode and one should never use ECB since it is generally considered insecure in that it allows splicing of cipher text and allows an observer to detect that two bits of ciphertext come from the same cleartext. This applies to any block cipher including AES and Blowfish. One should use one of the feedback block modes such as CBC with a random IV.

Client send us the Key, mode ECB and encoding HEX.


10 years ago
Thanks Richard.
If i do get bytes for key using KEY.getBytes("ASCII");
it fails as illegal key size.

java.security.InvalidKeyException: Illegal key size or default parameters
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)

P.S- On another note there is no redundancy in code. same method called thrice with different key bytes to show how its giving different result.

complete Java Code here---

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;

public class Test{

public static void main(String[] args) throws Exception {
final String KEY = "92514c2df6e22f079acabedce08f8ac3";
final String PLAIN_TEXT = "sangasong@song.com";
byte[] keyBytes = KEY.getBytes("ASCII");

try {

byte[] encrypted = encrypt(keyBytes, PLAIN_TEXT);
System.out.println( "Encrypted hex: " + Hex.encodeHexString(encrypted));

} catch (GeneralSecurityException e) {
e.printStackTrace();
}
}
private static byte[] encrypt(byte[] key, String plainText) throws GeneralSecurityException {

SecretKey secret_key = new SecretKeySpec(key, "Blowfish");

Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, secret_key);

return cipher.doFinal(plainText.getBytes());
}
}
10 years ago
I am trying to get same result as tool webnet77.
http://webnet77.com/cgi-bin/helpers/blowfish.pl

I am using info for tool-

ALGORITM = "Blowfish";
HEX KEY = "92514c2df6e22f079acabedce08f8ac3";
PLAIN_TEXT = "sangasong@song.com"
Tool returns-
CD3A08381467823D4013960E75E465F0B00C5E3BAEFBECBB

I tried with java code with value -

final String ALGORITM = "Blowfish";
final String KEY = "92514c2df6e22f079acabedce08f8ac3";
final String PLAIN_TEXT = "sangasong@song.com";
byte[] decodedHex = DatatypeConverter.parseHexBinary(KEY);
byte[] keyInBase64 = Base64.decodeBase64(decodedHex);
String meth = hexToString(KEY);

MessageDigest sha = MessageDigest.getInstance("SHA-1");
Key skey = new javax.crypto.spec.SecretKeySpec(raw, "AES");

try {
byte[] encrypted = encrypt(decodedHex, PLAIN_TEXT);
System.out.println( "Encrypted hex: " + Hex.encodeHexString(encrypted));

byte[] encrypted1 = encrypt(keyInBase64, PLAIN_TEXT);
System.out.println( "Encrypted byte64: " + Hex.encodeHexString(encrypted1));

byte[] encrypted2 = encrypt(meth.getBytes(), PLAIN_TEXT);
System.out.println( "Encrypted method: " + Hex.encodeHexString(encrypted2));

} catch (GeneralSecurityException e) {
e.printStackTrace();
}

private static byte[] encrypt(byte[] key, String plainText) throws GeneralSecurityException {

SecretKey secret_key = new SecretKeySpec(key, "Blowfish");

Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, secret_key);

return cipher.doFinal(plainText.getBytes());
}

Result -

Encrypted hex: 525bd4bd786a545fe7786b0076b3bbc2127425f0ea58c29d
Encrypted byte64: 1a2abceed959cef8f5b2dcb668069c1580d736dda0832703
Encrypted method: 2c87b7682091053ad1bdf945368f959b5edf064b58499e18

Please help to get result same as tool.

thanks a lot.
10 years ago
Hi everyone,
need more for preparation of SCJP for my students.most of the test on web are copied and same.
I have bought the whiz labs test and looking for more new tests.

How is the test at Skill-guru site ?
Anyone tried the tests ?

http://www.skill-guru.com/test/12/scjp-5-mock-test AND http://www.skill-guru.com/test/67/scjp-6-mock-practice-test

Is the paid test worth it ?

thanks
Sadhna
Jaya,
It will be great if you will get some java experience.only clearing SCJP wont help much.you can go for some practical java/j2ee course and do certification then easily can switch.
if you have a practical exposure to java language it would be helpful to clear the exam.

thanks n best wishes
sadhna
Voodoo exams are not like actual SCJP exam overall.
few are hard ,few v easy and most based on 1.4
go for marcus green three mocks and take a avg of all.you will score that in real exam.believe me.

Best of luck
Sadhna
I think you should go for 1.5
few features are new n few changed so not much extra affords needed if already prepared for 1.4
best of luck.

Sadhna
Rajesh,
Take some certification training ,dont go for general courses of NIIT.
May be join some online training.

Sadhna
I wud suggest to go for SCWCD first.
Best wishes
its close to the real exam.
Manak,
As per my experience,Certification book by kathy & Bert is the best book and sufficient for the exam preparation.Along with the book ,javaranch SCJP Forum and other mock exams will be of great help.

If you have time also refer khalid mogul book.
Thats good enough.

Best of Luck
Sadhna
very Best of luck.
surely you will score good.

Sadhna