how can I simulate this code in mysql:
Encrypt
TextEncryptor encryptor = Encryptors.text(key, salt);
encryptor.encrypt(message);
Decrypt
TextEncryptor decryptor = Encryptors.text(key, salt);
decryptor.decrypt(message);
I need decrypt the data from the db that I encrytp in java code.
Use AES_ENCRYPT / AES_DECRYPT
INSERT INTO t VALUES (1, AES_ENCRYPT('text',UNHEX('F3229A0B371ED2D9441B830D21A390C3')));
https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html#function_aes-encrypt
Mysql offers a range of encryption functions, out of which only aes_encrypt() has not been deprecated yet.
However, if you want to encrypt data stored in databases, you may consider applying encryption on an operating system or database product level, so your data is encrypted, but you can still use sql to filter your data without much inconvenience.
Related
I have mysql 8.0 database (collation utf-08).
Having Table tbl_test (collation utf-08.) with following field.
id int auto_increament
text varbarinary(100)
I have following values stored using Java's encrytion library
93e4431a51f1cdfd31e970e3e035b3d6
I am trying to decrypt using mysql 8.0. Here is my query
set #k = 'bisp123456pitbas';
set #iv = '7654gabasyd854f1';
SELECT id, CAST(AES_DECRYPT(text, #k, #iv) AS CHAR (150)) FROM tbl_test;
But always get empty result. It works in mysql 5.7.
Is there anyone can help me on this?
Looking forward.
I wan to Decrypt a value that was encrypted in SQL server (using function Encryptbypassphrase). I am using 3DES algo.
I have the value of Pass-phrase. But i am unable to decrypt is using PassPhrase as key in my Java Application.
Later on i came to know that PassPhrase is used to generate a Key and key generation Algo is not open.
Can any one please confirm this or can suggest anyway to achieve this(Decrypting SQL encrypted value in Java).
Can i achieve this ? if i use EncryptByKey Function of MS SQL. But i am not sure if we can generate the KEY without any passphrase for EncryptByKey function.
Kindly suggest or guide...
This one is Encryption in SQL and Decrypting in Java...
I have been looking all over the place with no luck to what I am trying to do.
I am looking to hash and salt my user passwords and store them into the DB. The issue is, how do I store them?
I have looked at this http://shiro.apache.org/realm.html#Realm-authentication which I have found similar answers, but it doesn't make sense.
import org.apache.shiro.crypto.hash.Sha256Hash;
import org.apache.shiro.crypto.RandomNumberGenerator;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
...
//We'll use a Random Number Generator to generate salts. This
//is much more secure than using a username as a salt or not
//having a salt at all. Shiro makes this easy.
//
//Note that a normal app would reference an attribute rather
//than create a new RNG every time:
RandomNumberGenerator rng = new SecureRandomNumberGenerator();
Object salt = rng.nextBytes();
//Now hash the plain-text password with the random salt and multiple
//iterations and then Base64-encode the value (requires less space than Hex):
String hashedPasswordBase64 = new Sha256Hash(plainTextPassword, salt, 1024).toBase64();
User user = new User(username, hashedPasswordBase64);
//save the salt with the new account. The HashedCredentialsMatcher
//will need it later when handling login attempts:
user.setPasswordSalt(salt);
userDAO.create(user);
User nor "UserDAO" exists currently from what I'm seeing, and all of these examples seem to use older Shiro examples.
When I look at the "PasswordService" javadoc I read
Account Creation or Password Reset
Whenever you create a new user account or reset that account's password,
we must translate the end-user submitted raw/plaintext password value to a
string format that is much safer to store. You do that by calling the
encryptPassword(Object) method to create the safer value. For example:
String submittedPlaintextPassword = ...
String encryptedValue = passwordService.encryptPassword(submittedPlaintextPassword);
...
userAccount.setPassword(encryptedValue);
userAccount.save(); //create or update to your data store
Be sure to save this encrypted password in your data store
and never the original/raw submitted password.
but what is "userAccount?"
A lot of times the documentation is very vague.
However I did notice there is a "SubjectDAO" Class, but no UserDAO class...
So yeah I'm confused on what to do next, so if anyone could help me I would appreciate it greatly!
Thanks a lot!
Seems like the Documentation is refering User and UserDAO as your own User Model Entity (Table) and User Data Access Layer Entity (Class to Save, Update, Delete and Retrieve). These necessarily not required to be a part of Apache Shiro (Reason some Data Access Layer may be in RDBMS, Some in In-memory dbs, some could even be in properties file, why not?)
You must implement User and UserDAO to save to your own persistence store.
UserAccount also is the Model object you use when you want to register user accounts. Like the Gmail signup.
You must know that Apache Shiro is just a layer for Security (Authentication, Authorization, etc). Persistence must be implemented by you.
Strongly advice you to check out Spring Data JPA and Spring Security.
When you are hashing the password :
DefaultPasswordService passwordService = new DefaultPasswordService();
String encytptedPwd= passwordService.encryptPassword("your password");
Above api will generate password including salt.
Update this password using JDBC native api...
When you are implementing the JDBCRealm
PasswordMatcher credentialsMatcher = new PasswordMatcher();
this.setCredentialsMatcher(credentialsMatcher);
above will set the credential matcher and use SimpleAuthenticationInfo to validate your login.
The PasswordMatcher can be configured to use an ini file too.
i want to store encrypted password in my mysql database.
i have insert the password like ari means have to save the password like B-dd2c1cd0250859d32754fdd85ffc0531.
But i have to insert the data(ari) means the ari is displayed on my database.how can i encrupt the password and save the password like above format.
For eg:
ari is save in database like these format B-dd2c1cd0250859d32754fdd85ffc0531.how can i do.please help me.
i have wrote the code:
public class Insert {
public String insertData(String userName,String userPassword){
try{
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://server:3306/android","XXXX","XXX");
PreparedStatement statement = con.prepareStatement("INSERT INTO xcart_customers(login,password) VALUES ('"+userName+"','"+userPassword+"');");
int result = statement.executeUpdate();
}
catch(Exception exc){
System.out.println(exc.getMessage());
}
return "Insertion successfull!!";
}}
This is my Demo.java class:
public class Demo {
public static void main(String[] args){
Insert obj = new Insert();
System.out.println(obj.insertData("krishna", "ari"));
}
}
Looking at the sql query INSERT INTO xcart_customers(login,password) I guess you are trying to encrypt passwords for X-CART.
X-CART uses Blowfish key-based encryption. You can find your key from config.php -file.
Here's a already answered question about encrypting blowfish with a key in java which might help figuring out how encrypt it
Encryption with BlowFish in Java
You need to look at password hashing and salting. Have a look at this post.
EDIT:
Remember Hashing is One way! so you can't expect to convert the Hashed value back to the clear text (in this case ari). What you can do is when login works you can check user entered value is equal or not to the database value.
Without knowing which scheme was used to encrypt the existing data, there's no way to tell how you can achieve compatibility. If you can start all over again, bcrypt is the way to go.
I have a public key value that I want to store it in DB. I stored it as Blob. The Java concerned lines are:
byte[] pk = ((BigInteger) Modulus ).toByteArray();
and
preparedStmt.setBytes(1, pk);
When I open MySQL DB in the workbench GUI, I don't see the value itself as bytes. Rather, I see the following:
Not sure if this is how it should appear or there is something missing.