Java Security

Hiya,

I need to encrypt both strings and objects, but I want to use the same encryption methods so that the code isn't too spread out. The encryption of the object using SealedObject works fine.

The problem here is that the encrypted string needs to be stored as a tag in an xml file... But encrypting a string using the cipher class like so:


//have installed provider(SunJCE), all jars are on the cp,
//sKeySpec has been set, and input is a parameter String
Cipher cipher = Cipher.getInstance("Blowfish/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, sKeySpec);
cipherObj = new SealedObject(input, cipher);

returns a byte array[eg: ������ ] which won't work with xml.


I have tried encrypting the contents of the tag as a SealedObject

<encryptedStr>javax.crypto.SealedObject@6f9f1d</encryptedStr>

But when this tag is retrieved decrypted it causes a ClassCastException java.lang.String when it executes the following line of code:

SealedObject sealedObj = (SealedObject)input;

If its encrypted as a sealed object I can store & retrieve it from my xml no probs, but if I use this method for encryption then I also have to decrypt it using SealedObject, which I obviously cant do as its a string.

So I guess I need advice on how to encrypt a string which will be xml friendly...?

This code in question is using JCE 1.2.2 extension, with all the relevant jars on the classpath...

thanks in advance guys:)