I am using DESEncryption.The problem is,currently i have hardcoded the key.I jus want to make the key dynamic.so i have decided to use password as the key.Since DES accepts only key with 32 bytes,password has to be padded up.Is there any API or function which i can make use of to generate a key based on the password supplied.
> I am using DESEncryption.The problem is,currently i
> have hardcoded the key.I jus want to make the key
> dynamic.so i have decided to use password as the
> key.Since DES accepts only key with 32 bytes,password
> has to be padded up.Is there any API or function
> which i can make use of to generate a key based on
> the password supplied.
DES actually only accepts a 56 bit key normally presented in 8 bytes with the least significant bit of each key byte being a parity bit which in the SunJCE provider is ignored.
Password/Passphrase Based Encryption (PBE) is available within the Java Cryptographic Extensions (JCE).
My standard example for PBE follows. It goes through each available PBE algorithm encrypting then decrypting a simple String. Rather than use one of the DES based algorithms I would use one of the AES based algorithms though for this you will have to use another provider such as BouncyCastle.
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.*;
import java.security.spec.*;
import sun.misc.*;
import java.util.*;
public class PBEEncryptDataString
{
static public class EncryptionException extends Exception
{
private EncryptionException(String text, Exception chain)
{
super(text, chain);
}
}
public PBEEncryptDataString(String algorithm, String provider, String passphrase, byte[] salt, int iterationCount, String characterEncoding) throws EncryptionException
{
assert(passphrase != null);
assert(passphrase.length() >= 6);
assert(salt != null);
assert(iterationCount > 6);
assert(characterEncoding != null);
try
{
PBEParameterSpec params = new PBEParameterSpec(salt, iterationCount);
KeySpec keySpec = new PBEKeySpec(passphrase.toCharArray());
SecretKey key = SecretKeyFactory.getInstance(algorithm, provider).generateSecret(keySpec);
this.characterEncoding = characterEncoding;
this.encryptCipher = Cipher.getInstance(algorithm, provider);
this.encryptCipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key, params);
this.decryptCipher = Cipher.getInstance(algorithm, provider);
this.decryptCipher.init(javax.crypto.Cipher.DECRYPT_MODE, key, params);
}
catch (Exception e)
{
throw new EncryptionException("Problem constucting " + this.getClass().getName(), e);
}
}
synchronized public byte[] encrypt(String dataString) throws EncryptionException
{
assert dataString != null;
try
{
byte[] dataStringBytes = dataString.getBytes(characterEncoding);
byte[] encryptedDataStringBytes = this.encryptCipher.doFinal(dataStringBytes);
return encryptedDataStringBytes;
}
catch (Exception e)
{
throw new EncryptionException("Problem encrypting string", e);
}
}
synchronized public String decrypt(byte[] encryptedDataStringBytes) throws EncryptionException
{
assert encryptedDataStringBytes != null;
try
{
byte[] dataStringBytes = this.decryptCipher.doFinal(encryptedDataStringBytes);
String recoveredDataString = new String(dataStringBytes, characterEncoding);
return recoveredDataString;
}
catch (Exception e)
{
throw new EncryptionException("Problem decrypting string", e);
}
}
private final String characterEncoding;
private final Cipher encryptCipher;
private final Cipher decryptCipher;
public static void main(String[] args) throws Exception
{
final byte[] salt = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,};// 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, };
final String passphrase = "The Passphrase - make if fairly long so that there is lots and lots of entropy";
final int iterationCount = 31;
for (Provider provider : java.security.Security.getProviders())
{
Set<String> algs = new HashSet<String>();
System.out.println("Provider : " + provider.getName());
for (Enumeration en = provider.propertyNames(); en.hasMoreElements();)
{
String alg = (String)en.nextElement();
if (alg.matches("(?i)cipher.*?pbe.*?DES.*"))
{
alg = alg.replaceFirst("(?i).*?(?=pbe)", "");
if (!algs.contains(alg))
{
algs.add(alg);
System.out.println("" + alg);
PBEEncryptDataString pbeEncryptAgent = new PBEEncryptDataString(alg, provider.getName(), passphrase, salt, iterationCount, "UTF-8");
// Get the dataString to encrypt from the command line
String dataString = (args.length == 0)? "The quick brown fox jumps over the lazy dog." : args[0];
System.out.println("\tData string ....................[" + dataString + "]");
// Encrypt the data
byte[] encryptedDataStringBytes = pbeEncryptAgent.encrypt(dataString);
BASE64Encoder base64Encoder = new BASE64Encoder();
System.out.println("\tEncoded encrypted data string ..[" + base64Encoder.encode(encryptedDataStringBytes) + "]");
// Decrypt the data
String recoveredDataString = pbeEncryptAgent.decrypt(encryptedDataStringBytes);
System.out.println("\tRecovered data string ..........[" + recoveredDataString + "]");
}
}
}
}
}
}
Message was edited by:
sabre150
> Thanks for ur reply..It is very helpful..
>
> But what does the salt means?why do we need it?
It's original use was to help to prevent 'dictionary attacks' but I am not convinced that it helps at all (though I am willing to be convinced). The PBE algorithm needs some salt and a number of random looking bytes will do.
