Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Newbie question about PBE

843810Apr 13 2004 — edited Apr 14 2004
Hi,
I want to use Password Based Encription to encript a string (clien-side) and the decrypt the string (server-side).

Is it mandatory to store the key used for encryption on a KeyStore or can I re-create the key (using the same passaword) server-side ?

My code is: 
public static String encrypt(String testoDaCifrare) {
    	
    	byte[] criptedPassword64 = null;
    	
    	try {
    	
	    	byte[] salt = "mysaltop".getBytes();
	        int count = 20;
	        PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
	        PBEKeySpec pbeKeySpec = new PBEKeySpec("password".toCharArray());
	        SecretKeyFactory keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
	        SecretKey secretKey = keyFac.generateSecret(pbeKeySpec);
	
	        byte[] testoDaCifrareByte = testoDaCifrare.getBytes("UTF-8");
	        Cipher desCipher;
	        desCipher = Cipher.getInstance("PBEWithMD5AndDES");
	        desCipher.init(Cipher.ENCRYPT_MODE, secretKey, pbeParamSpec);
	        byte[] ciphertext = desCipher.doFinal(testoDaCifrare.getBytes());
	        criptedPassword64= Base64.encodeBase64(ciphertext);
        
    	} catch (Exception e ) {
    		e.printStackTrace();
    		System.out.println(e);
    	}
    	
    	return new String(criptedPassword64);
    	
    }
    
    public static String decrypt(String testoDaDecifrare) {
    	byte[] cleartextDecripted = null;
    	String ris = null;
    	try {
	    	byte[] salt = "mysaltop".getBytes();
	        int count = 20;
	        PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
	        PBEKeySpec pbeKeySpec = new PBEKeySpec("password".toCharArray());
	        SecretKeyFactory keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
	        SecretKey secretKey = keyFac.generateSecret(pbeKeySpec);
	        byte[] decriptedPassword64 = Base64.decodeBase64(testoDaDecifrare.getBytes());	
	        Cipher desCipher;
	        desCipher = Cipher.getInstance("PBEWithMD5AndDES");
	        desCipher.init(Cipher.DECRYPT_MODE, secretKey, pbeParamSpec);
	        cleartextDecripted= desCipher.doFinal(decriptedPassword64);
    	} catch (Exception e) {
    		e.printStackTrace();
    	}
    	try {
			ris = new String(cleartextDecripted, "UTF-8");
		} catch (UnsupportedEncodingException e1) {
			e1.printStackTrace();
		}
		return ris;
    }
Can I invoke encrypt() client-side and then decrypt server-side ?

Thanx.

--
Fabio
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on May 12 2004
Added on Apr 13 2004
#cryptography
1 comment
143 views