I am writing a program to recieve customers cookies from a customer. However
This info going to be saved on client macine as encrypted.
I just need to know we need to bother encrypt data if the cokkies is set on an SSL browser location
or should we still encrypt.
Customer info will be used to decide what customer will see on website
[nobr]Here is sample code from almanac but does not work
Cipher ecipher=null;
Cipher dcipher=null;
Base64 base64=null;
String encoded="";
byte[] enc=null;
// Check to see whether there is a provider that can do TripleDES
// encryption. If not, explicitly install the SunJCE provider.
try {
// Generate a temporary key. In practice, you would save this key.
// See also e464 Encrypting with DES Using a Pass Phrase.
SecretKey key = KeyGenerator.getInstance("TripleDES").generateKey();
// Create encrypter/decrypter class
ecipher = Cipher.getInstance("TripleDES");
dcipher = Cipher.getInstance("TripleDES");
ecipher.init(Cipher.ENCRYPT_MODE, key);
dcipher.init(Cipher.DECRYPT_MODE, key);
} catch (Exception e) {
}
try {
// Encode the string into bytes using utf-8
byte[] utf8 = "this is to be encrypted".getBytes("UTF8");
// Encrypt
enc = ecipher.doFinal(utf8);
base64=new Base64();
// Encode bytes to base64 to get a string
encoded=base64.encodeBase64(enc).toString();
out.print(encoded);
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (java.io.IOException e) {
}
try {
// Decode base64 to get bytes
base64=new Base64();
byte[] dec = base64.decode(enc.toString().getBytes());
out.print("<br>"+dec);
// Decrypt
byte[] utf8 = dcipher.doFinal(dec);
// Decode using utf-8
//out.print("<br>start<br>"+utf8);
} catch (Exception e) {
e.printStackTrace();
}
Message was edited by:
Preaching[/nobr]
I did some work for a BIG credit card company. All pages involving customer data were accessed thought https and some customer information was passed back and forth between the client and the server using an encrypted Cookie.
The https was to stop third parties seeing customer data such as credit card statements and the encryption of the cookie was to stop the client modifying the cookie so as to be able to get information about other customers.
> I did some work for a BIG credit card company. All
> pages involving customer data were accessed thought
> https and some customer information was passed back
> and forth between the client and the server using an
> encrypted Cookie.
>
> The https was to stop third parties seeing customer
> data such as credit card statements and the
> encryption of the cookie was to stop the client
> modifying the cookie so as to be able to get
> information about other customers.
This is very similar to what I want to do can you please help with decryption?
> When i decrypt I? do not get back the string below
> that has been encrypted. I get a padding error. I ill
> post error when i get to my development unit
>
> this is to be encrypted
Given the code you have published, it is not possible for you to tell that you have a BadPaddingException since you swallow all exceptions. Publish the real code that you are using.
hello ,Encryption will definately work. Because Even though the cookies are getting stored on client, user cant decrypt them as he/she doesnt have decryption key. But server side programs can definately identify the user or access those cookies. DES is the good choice. Java API available on net.
Regards
Nikhil
