Re: Encrypting/Decrypting Password from a Config File
- From: "Oliver Wong" <owong@xxxxxxxxxxxxxx>
- Date: Wed, 02 Nov 2005 21:41:11 GMT
<michael.santamaria@xxxxxxxxx> wrote in message
news:1130960757.080256.197010@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hello,
> I am looking for a way to encrypt a password in a configuration file
> that is being read by a Java program. Currently, I read-in the
> password from the text file, but that leaves the password sitting right
> out in the open if someone were to look at the config file.
>
> I was thinking of building a simple class where user could type in
> their desired password, get an encrypted version of the password, then
> paste the encrypted version into the configuration text file. Then the
> application would read encrypted password, decrypt the password back
> into a string, and move on.
>
> I am having trouble with the string-->encrytped bytes-->string
> conversions.
>
> I am using the built-in java security classes to implement this code.
> Here is some sample test code:
>
> // Reads password from config file
> String password = ScriptConfig.getString( "password" );
>
> // Generate Key
> KeyGenerator kg = KeyGenerator.getInstance("DES");
> Key key = kg.generateKey();
>
> // Create Encryption cipher
> Cipher cipher = Cipher.getInstance( "DES" );
> cipher.init( Cipher.ENCRYPT_MODE, key );
>
> // Encrypt password
> byte[] encrypted = cipher.doFinal( password.getBytes() );
>
> // Create decryption cipher
> cipher.init( Cipher.DECRYPT_MODE, key );
> byte[] decrypted = cipher.doFinal( encrypted );
>
> // Convert byte[] to String
> String decryptedString = new String(decrypted);
>
> System.out.println("password: " + password);
> System.out.println("encrypted: " + encrypted);
> System.out.println("decrypted: " + decryptedString);
>
> // Read encrypted string from config file
> String encryptedPassword = ScriptConfig.getString( "encryptedPassword"
> );
>
> // Convert encryptedPassword string into byte[]
> byte[] encryptedPasswordBytes = new byte[1024];
> encryptedPasswordBytes = encryptedPassword.getBytes();
>
> // Decrypt encrypted password from config file
> byte[] decryptedPassword = cipher.doFinal( encryptedPasswordBytes );
>
> System.out.println("encryptedPassword: " + encryptedPassword);
> System.out.println("decryptedPassword: " + decryptedPassword);
>
>
> The config file has the following variables:
> password=password
> encryptedPassword=[B@2a4983
>
>
> When I run the code, I get the following output:
> password: passwd
> encrypted: [B@2a4983
> decrypted: passwd
> javax.crypto.IllegalBlockSizeException: Input length must be multiple
> of 8 when decrypting with padded cipher
> at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> at com.sun.crypto.provider.SunJCE_h.b(DashoA12275)
> at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA12275)
> at javax.crypto.Cipher.doFinal(DashoA12275)
> at com.sapient.fbi.uid.TestEncryption.main(TestEncryption.java:48)
>
If you actually included an SSCCE, I could find out which line is line
48, and it'd be easier for me to help you.
SSCCE: http://www.physci.org/codes/sscce.jsp
My guess is it has something to do with not padding the results
correctly. As the message implies, the decryption algorithm expects the
length to be a multile of 8, and "[B@2a4983" is of length 9.
- Oliver
.
- References:
- Encrypting/Decrypting Password from a Config File
- From: michael . santamaria
- Encrypting/Decrypting Password from a Config File
- Prev by Date: Re: Find All public static main methods
- Next by Date: Re: using a JSP to do a file read
- Previous by thread: Encrypting/Decrypting Password from a Config File
- Next by thread: Re: Encrypting/Decrypting Password from a Config File
- Index(es):
Relevant Pages
|
|
