Converting String into SecretKey
Hi there,,
I'm having probs with decrypting my encrytped data.In fact I have encrypted the data on the client side and have sent the encrypted data and the key to the server database.On the server side I wanna retrieve the key and decrypt the encrypted data with the help of it but I'm finding no way to retrieve it as a key,,moreover while trying to cast the retreived string (having converted it to an Object),,I get the ClassCastException,,
SecretKey key=(SecretKey) myRetrievedKeyObject;
Hope somebody can help me out with this,,,sample code highly welcomed....
thanks...
# 1
Do I understand you right. You are sending both the encrypted data and the key with which to decrypt it from the client to the server. If so, you do realize that this means you have in effect sent the data unencrypted since ANYONE can decrypt the data.
P.S. Since you don't show any of the encryption code from the client side it is almost impossible to say how to decrypt it on the server side.
# 2
Yes sabre you are right,,but then how do I retain the key value to be used on the server side?Of course Server wud be inaccessible to the client,,,can I make it an FTP server?
# 3
Here's the class I'm using for encryption and decryption..
import java.security.*;
import java.io.*;
import java.util.StringTokenizer;
import javax.crypto.*;
import sun.misc.*;
import java.sql.*;
public class DesEncrypter {
Cipher ecipher;
Cipher dcipher;
DesEncrypter(SecretKey key) {
try {
ecipher = Cipher.getInstance("DES");
dcipher = Cipher.getInstance("DES");
ecipher.init(Cipher.ENCRYPT_MODE, key);
dcipher.init(Cipher.DECRYPT_MODE, key);
} catch (javax.crypto.NoSuchPaddingException e) {
} catch (java.security.NoSuchAlgorithmException e) {
} catch (java.security.InvalidKeyException e) {
}
}
public String encrypt(String str) {
try {
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");
// Encrypt
byte[] enc = ecipher.doFinal(utf8);
// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (java.io.IOException e) {
}
return null;
}
public String decrypt(String str) {
try {
// Decode base64 to get bytes
byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);
// Decrypt
byte[] utf8 = dcipher.doFinal(dec);
// Decode using utf-8
return new String(utf8, "UTF8");
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (java.io.IOException e) {
}
return null;
}
}
hope you can guide me...
# 4
> Yes sabre you are right,,but then how do I retain the
> key value to be used on the server side?Of course
> Server wud be inaccessible to the client,,,can I make
> it an FTP server?
If you are sending the key and the encrypted data over an open channel then you have absolutely no security at all since anyone can decrypt the data.
Since I don't have a specification of what you are trying to do I can offer little advice but some of your options are -
1) Use Secure Sockets.
2) Share a symetric key by manually placing a copy of the key on both the client and server.
3) Use public key encryption (a poor man's Secure Sockets) by encrypting the data with the server's public key so only the server can decrypt it.
I would suggest that you hire a security consultant if the data you are encrypting is at all sensitive (it normally is if you want to encrypt it!).
# 5
> Here's the class I'm using for encryption and
> decryption..
>
<snip>
> hope you can guide me...
Please don't handle exceptions like this! If anything goes wrong then you will have no idea what and where and if the rest of you exception handling is the same you may never know there was a problem.
# 6
Thanks a lot Sabre for your kind help,,I'm gonna do it one of the ways you have suggested,,I'll let you know if ever I came across any probs...thanks again...
# 7
Sabre, Im trying to convert the decrypt id(guess its string) to secretkey to further decrypt file. Can you please help me by sending some sample code. Appreciate your quick replyThanks,Ravi
# 8
> Sabre,
> Im trying to convert the decrypt id(guess its
> string) to secretkey to further decrypt file. Can
> you please help me by sending some sample code.
> Appreciate your quick reply
>
I no longer post full code samples as people abuse them. Since I have no idea what a "decrypt id" is I cannot help anyway.
P.S. Stick to your own thread - don't hijack a thread that has little or nothing to do with your problem.
