Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Cryptography

How to encrypt XML file

Hello,I am trying to encrypt an XML file. I am treating it as normal file and encrypting using DES algo.But I am getting unwanted charaters when I decrypt the encrypted file.What should I do to get it right?
[221 byte] By [sruthima] at [2007-10-3 12:02:13]
«« Java Web Server 2.0 is not started
»» nextLine();
# 1
> What should I do to get it right?We can't help without seeing your code!
sabre150a at 2007-7-15 14:38:58 > top of Java-index,Security,Cryptography...
# 2

My Code is:

Here I am reading the xml file and encrypting it and saving it into another file;

BufferedReader br = new BufferedReader(new FileReader("c:/Data.xml"));

String str;

FileOutputStream fr = new FileOutputStream(new File("c:/Encrypt.xml"));

Encryption encr = new Encryption();

String decr;

while ((str = br.readLine()) != null) {

decr = encr.encrypt(str).trim();

fr.write(decr.getBytes());

}

// fr.flush();

fr.close();

br.close();

The encrypt class is:

public class Encryption{

public Encryption()

{

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

KEYGEN_STR="723934574823439249230423042340234";

}

private Key getKey()

{

try

{

byte[] bytes = getbytes(KEYGEN_STR);

DESKeySpec pass = new DESKeySpec(bytes);

SecretKeyFactory sKeyFactory = SecretKeyFactory.getInstance("DES");

SecretKey sKey = sKeyFactory.generateSecret(pass);

return sKey;

}

catch(Exception ex)

{

ex.printStackTrace();

}

return null;

}

private byte[] getbytes(String str)

{

ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();

StringTokenizer sTokenizer = new StringTokenizer(str, "-", false);

while(sTokenizer.hasMoreTokens())

{

try

{

byteOutputStream.write(sTokenizer.nextToken().getBytes());

}

catch(IOException ex)

{

}

}

byteOutputStream.toByteArray();

return byteOutputStream.toByteArray();

}

public String encrypt(String sourceStr)

{

try

{

// Get secret key

Key key = getKey();

ecipher = Cipher.getInstance("DES/ECB/PKCS5Padding");

ecipher.init(Cipher.ENCRYPT_MODE, key);

byte[] enc = ecipher.doFinal((new String(sourceStr)).getBytes());

//byte[] enc = ecipher.doFinal((new String(sourceStr)).getBytes("UTF-8"));

// Encode bytes to base64 to get a string

return new sun.misc.BASE64Encoder().encode(enc);

}

catch(Exception ex)

{

ex.printStackTrace();

}

return null;

}

public String decrypt(String sourceStr)

{

try

{

// Get secret key

Key key = getKey();

dcipher = Cipher.getInstance("DES/ECB/PKCS5Padding");

dcipher.init(Cipher.DECRYPT_MODE, key);

// Decode base64 to get bytes

byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(sourceStr);

//Decrypt data in a single step

byte[] utf8 = dcipher.doFinal(dec);

// Decode using utf-8

return new String(utf8, "UTF-8");

}

catch(Exception ex)

{

System.out.println("error in decrypt"+ex);

ex.printStackTrace();

}

return null;

}

}

Now when I encyrpt I am getting unwanted characters in the encrypted file.Its because I have added blanks using the OutputFormat in xml file(for indentation).Now after I read the xml file and before encryption,I need to remove all that blank spaces. One way of doing it is parse the file and then encrypt every node.This takes time because I need to do this atleast once in every class.So I want to know if there is a technique which encrypt the xml file or DOM object 's data only (with out those indentations).

sruthima at 2007-7-15 14:38:58 > top of Java-index,Security,Cryptography...
# 3
One does not normally encrypt a line at a time. There is nothing special about an XML file. Just encrypt the whole file treating it as bytes.
sabre150a at 2007-7-15 14:38:58 > top of Java-index,Security,Cryptography...
# 4
Hey! I did that.But tell me one thing I got to know that there is XML securoty suite from aplhaworks,which can encrypt the DOM Object.Is there anything similar in java API?
sruthima at 2007-7-15 14:38:58 > top of Java-index,Security,Cryptography...
# 5
> Hey! I did that.But tell me one thing I got to know> that there is XML securoty suite from> aplhaworks,which can encrypt the DOM Object.Is there> anything similar in java API?Sorry, I don't know!
sabre150a at 2007-7-15 14:38:58 > top of Java-index,Security,Cryptography...
# 6

> Hey! I did that.But tell me one thing I got to know

> that there is XML securoty suite from

> aplhaworks,which can encrypt the DOM Object.Is there

> anything similar in java API?

There is a Java XML Encryption API being defined via the Java Community Process : http://jcp.org/en/jsr/detail?id=106 but it is not finalized yet. You may want to check out the Apache XML Security project which includes a Java API for encrypting XML based on DOM: http://xml.apache.org/security/Java/index.html

smullana at 2007-7-15 14:38:58 > top of Java-index,Security,Cryptography...
# 7

Its very finalized. You can find the reference implementation in Java 6.0. Feel free to use it in any project... Example:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">

<SignedInfo>

<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>

<Reference URI="#invoice">

<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>fGlPZYVjFnzEdg3YfA0kTG7yRhM=</DigestValue>

</Reference>

</SignedInfo>

<SignatureValue>eR+z86tp2gTpFjr4JtBietfSBoJexFzmyPiGXcRuQmMxkYotT+WRqA==</SignatureValue>

<KeyInfo>

<X509Data>

<X509Certificate>MIIEFjCCA3+gAwIBAgIKH8YClQAFAAAWFDANBgkqhkiG9w0BAQUFADCBgTEhMB8GCSqGSIb3DQEJ

ARYSYWRtaW5AY2FjemVjaGlhLmN6MQswCQYDVQQGEwJDWjENMAsGA1UEBxMEQnJubzEmMCQGA1UE

ChMdQ2VydGlmaWthY25pIGF1dG9yaXRhIEN6ZWNoaWExGDAWBgNVBAMTD0NBIEN6ZWNoaWEgVEVT

VDAeFw0wNjExMjgxMDUxNDlaFw0wNjEyMjgxMTAxNDlaMHUxHTAbBgkqhkiG9w0BCQEWDmx6YXBA

c2V6bmFtLmN6MQswCQYDVQQGEwJDWjEXMBUGA1UECBMOQ3plY2ggcmVwdWJsaWMxEDAOBgNVBAcT

B09sb21vdWMxHDAaBgNVBAMTE0x1a2FzIFphcGxldGFsIFRFU1QwgZ8wDQYJKoZIhvcNAQEBBQAD

gY0AMIGJAoGBAKfR8O/navqGVYmm7T15MOxlAfB7IHXRLnqESoSCdvaER9t6DR7zv6wj8OAhax+x

cPHalN5vnwMj40z+fBstwTTbX21XzQlx7I/NVYmZOpy5Ng/2gBV/zElw5bAvgCknNYqsObW87ZCD

4cM8mxlrNHorwo3jeoP33fEYgWjCNwUBAgMBAAGjggGeMIIBmjAdBgNVHQ4EFgQUkDdm7Pk8mALm

h3R4GH/SWA6duu0wgb0GA1UdIwSBtTCBsoAUTAh9jA+pTf2o5FwAc72RERAroYqhgYekgYQwgYEx

ITAfBgkqhkiG9w0BCQEWEmFkbWluQGNhY3plY2hpYS5jejELMAkGA1UEBhMCQ1oxDTALBgNVBAcT

BEJybm8xJjAkBgNVBAoTHUNlcnRpZmlrYWNuaSBhdXRvcml0YSBDemVjaGlhMRgwFgYDVQQDEw9D

QSBDemVjaGlhIFRFU1SCEFCSSN+ho2GAT8bENNu4cIIwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDov

L3d3dy5jYWN6ZWNoaWEuY3ovY2EvY3JsL2NhY3plY2hpYV90ZXN0LmNybDBQBggrBgEFBQcBAQRE

MEIwQAYIKwYBBQUHMAKGNGh0dHA6Ly93d3cuY2FjemVjaGlhLmN6L2NhL2NhY2VydC9jYWN6ZWNo

aWFfdGVzdC5jZXIwIwYJYIZIAYb4QgENBBYWdsfdfsXplIHBybyB0ZXN0b3ZhbmkuMA0GCSqGSIb3

DQEBBQUAA4GBAMJor1R1DcZgmu365zrFIQUsD2ap0AP97EtQ2TNQw7r9WfQa77eqiE+CWDwWvK7r

uELVAlMCvIJ+TWYTTbI2QcrcLS4bSYagC0nt2SO65zPABZ2137+WzZdIZgCIW5eqFnR4GJv9vbxH

1xiOAuSgsoXVS11qWtcZchMwhdoAZkSS

</X509Certificate>

<X509Certificate>MIIDIDCCAomgAwIBAgIQUJJI36GjYYBPxsQ027hwgjANBgkqhkiG9w0BAQUFADCBgTEhMB8GCSqG

SIb3DQEJARYSYWRtaW5AY2FjemVjaGlhLmN6MQswCQYDVQQGEwJDWjENMAsGA1UEBxMEQnJubzEm

MCQGA1UEChMdQ2VydGlmaWthY25pssdfaXRhIEN6ZWNoaWExGDAWBgNVBAMTD0NBIEN6ZWNo

aWEgVEVTVDAeFw0wMjA1MzAxMzUyMjVaFw0wODA2MDYwNzExMTRaMIGBMSEwHwYJKoZIhvcNAQkB

FhJhZG1pbkBjYWN6ZWNoaWEuY3oxCzAJBgNVBAYTAkNaMQ0wCwYDVQQHEwRCcm5vMSYwJAYDVQQK

Ex1DZXJ0aWZpa2FjbmkgYXV0b3JpdGEgQ3plY2hpYTEYMBYGA1UEAxMPQ0EgQ3plY2hpYSBURVNU

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDsJImV+Jy55NPP9BL1hcxn1FbkWLD6/SN/gTFz

qJ71x/5oHZ9hlZkO6wreMWKGBNPrqiH8Qx0/LIqbIvOJ++2VXokIdu8N3u0a3vFvg3kbY/UIxO4Y

TUfpViw8X3HK+9IywU/hwFTN+0t0UhX3MCBgkActzamvoKOVm2MPN9nPeQIDAQABo4GWMIGTMAsG

A1UdDwQEAwIBxjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRMCH2MD6lN/ajkXABzvZERECuh

ijAQBgkrBgEEAYI3FQEEAwIBBTBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vd3d3LmNhY3plY2hp

YS5jei9jYS9jcmwvY2FjemVjaGlhX3Rlc3QuY3JsMA0GCSqGSIb3DQEBBQUAA4GBAInroN65WlWi

QPhMZ6SPyCahcPRUCZhAwg+SjPDt1gkeiYIJpkYdgWniE187ZqMOCWhfn2Ols20e4T0BU1vWxN3D

TlvilbyywdXUl87nv80/frqqBHLUTkQN5P9gloPd90agRlwRmsfEayON4LD2zAQCbjFHUBBtnVuB

C9FlFGQX

</X509Certificate>

</X509Data>

</KeyInfo>

<Object Id="invoice">

<invoice XMLns="http://www.company.com/accounting" xmlns="">

<items>

<item>

<desc>Applied Cryptography Vol. 2</desc>

<type>book</type>

<unitprice>44.50</unitprice>

<quantity>1</quantity>

</item>

</items>

<creditcard>

<number>123456789</number>

<expiry>10/20/2009</expiry>

<lastname>John</lastname>

<firstname>Smith</firstname>

</creditcard>

</invoice>

</Object>

</Signature>

Lukas_Zapletala at 2007-7-15 14:38:58 > top of Java-index,Security,Cryptography...
# 8
> Its very finalized. You can find the reference implementation in Java 6.0. Feel free to use it in any project... Example:XML Signature (JSR 105) is final and included in Java SE 6. But this user's question was about XML Encryption (JSR 106) which is not yet final.
smullana at 2007-7-15 14:38:58 > top of Java-index,Security,Cryptography...
Security
Cryptography

Security New Topic

Security Hot Topic

Security

All Classified