JCE and doing byte array <-> string conversions
I've been trying to code a secure messaging protocol that uses JCE for encryption. All the return values from JCE are usually byte arrays (checksums, encryption, signing, etc), which I convert into strings, as so:
String s =new String(encryptedData);
However, I've heard there are problems with this, namely irreversibility, such as when I want to convert that s back into a byte array with s.getBytes()
Is there any way around this, while still using strings (and not doing everything in byte arrays)?
I've been getting the occassional javax.crypto.BadPaddingException, but it doesn't happen all the time. I imagine it's because it'll convert correctly most of the time, but not always?
I spent some time looking around the forum and noticed suggestions that one should use base64 or hex encoding...... but those are part of classes that I shouldn't be using (I should only be using classes that are part of the standard java sdk). I've seen various methods that encode to hex, but none yet that decode from it.
And will using that actually solve the problem of converting to strings? The reason I'm using strings is because I have messages that I append timestamps then checksums to, which are delimited by a special string, and then the entire result is encrypted. I figure it's easier trying to find those delimited strings and doing all the string ops using, well, strings. Byte arrays would require searching through, etc etc.
> I spent some time looking around the forum and
> noticed suggestions that one should use base64 or hex
> encoding......
If you have to have a String represenation of the encrpted data then yes, Base64 or Hex.
> but those are part of classes that I
> shouldn't be using (I should only be using classes
> that are part of the standard java sdk).
Why?
> ve seen
> various methods that encode to hex, but none yet that
> decode from it.
Jakarta Commons Codec class Hex can encode and decode Hex.
>
> And will using that actually solve the problem of
> converting to strings?
Yes!
> The reason I'm using strings
> is because I have messages that I append timestamps
> then checksums to, which are delimited by a special
> string, and then the entire result is encrypted. I
> figure it's easier trying to find those delimited
> strings and doing all the string ops using, well,
> strings. Byte arrays would require searching through,
> etc etc.
Does not sound like a very good approach to me but then I don't have the whole story.
I have generated encrypted cookies with a fixed width time stamp (8 bytes), and SHA1 hash (20 bytes) then a load of variable length but fixed order fields. The only reason I needed a String rather than bytes is that Cookies are defined as String values so the encrypted data had to be a String though the data that was encrypted was not.
> which I convert into
> strings, as so:
> > String s = new String(encryptedData);
>
> However, I've heard there are problems with this,
> namely irreversibility,
Which is oftern assocate with a BadPadding Exception.
> such as when I want to
> convert that s back into a byte array with
> s.getBytes()
Is there any way around
> this, while still using strings (and not doing
> everything in byte arrays)?
Why not use byte arrays?
>
> I've been getting the occassional
> javax.crypto.BadPaddingException, but it doesn't
> happen all the time. I imagine it's because it'll
> convert correctly most of the time, but not always?
Correct for many character sets.
Actually, I managed to find code for doing Hex encoding and decoding. The reason I can't use non-standard SDK classes is because we have to be able to run our code on various machines that might not necessarily have those classes (it's an assignment for one of my courses where we have to implement secure messaging). Thanks though sabre!
> Actually, I managed to find code for doing Hex
> encoding and decoding. The reason I can't use
> non-standard SDK classes is because we have to be
> able to run our code on various machines that might
> not necessarily have those classes
Then you distribute the third party classes (jar files) with your program!
> (it's an
> assignment for one of my courses where we have to
> implement secure messaging). Thanks though sabre!
