I am trying to implement a simple encryption utility for educational pourpuses, it works, at least with simple files, but when I succesfully encrypt one file, i'd like not to encrypt it again, because that could lead to loose my data if i encrypt/decrypt it in a wrong way... Is there a way to prevent me from do it?
I am using java, and the default encryption library.
Thanks in advance
The answer to what you want to know here depends very much on how your encrypting the files in the first place.
I'll list a couple of different approaches that might help you however
Approach 1 - Scripting
If your using a 3rd party tool such as an encryption util written by another java programmer, and if your running this tool in some kind of a shell session, your best bet might be to wrap the invocation of said tool in a shell script.
If your running on windows this could be a batch file, on Linux a bash script.
Essentially you use this approach by working out ahead of time what command you need to use, then putting that command into said shell script while substituting any parameters you need to change.
Following on from the wrapped command you could then provide further commands to rename the file, or embed some kind of information in it's file properties or file name, a possible example might be something like:
IF NOT EXIST %%0.encrypted(
encrypt %%0 -a -b -c -d
rename %%0 %%0.encrypted) ELSE (
)
ELSE
()
NOTE: These are just theoretical examples as I don't know what your OS is
If this was saved in a file called 'myencrypt.bat', then you could just type
myencrypt.bat afile.ext
Approach 2 - Custom Bytes
If you have direct control of the source code and consequently the application that performs this encryption, then why not make a pseudo file format.
Add some kind of a marker into the file that your program then checks for.
By way of an example, you could perhaps
add the following string to the front of the file
ENCFOriginalFile.Ext
Turn that into a set of bytes, then load the file in, encrypt it, add the bytes from the text on and save it back out, maybe with a custom file extension.
When you come to encrypt a file again, all you then need to do is read the first 4 bytes and if they are equal to ENCF you know that the file is already encrypted.
Those are just 2 ideas I can think of off the top of my head, but it's late here and I'm tired. If I was more awake I could probably come up with a whole page full.
Since it is encrypted it cannot be opened in the default program for that file type, so you can savely rename the file. This can be done for example by adding .enc as the extension. Doing so will make it easy to spot the encrypted file for you and your java application.
Depending on your use case you can also let your java application manage a database of encrypted files.
Related
I have made an encryption system and I'm looking for a way to add some way to integrate it with file system on windows(if possible also on linux). I don't want to rise a debate whether it is needed, that it already exists etc...
I was hoping to find a way to mount a virtual disk drive that will be able to access the files in the decrypted form, encrypt and decrypt on the fly using my software, it is currently written in java, but if needed I can port it to c++.
I have found one way to do it, which is to run a java ssh server and use another software to mount it in windows, but it doesn't work work well, constant crashes or it sometimes just doesn't mount the drive.
I need it as I want to access the files using IDE and other programs without coping the files as it decreases the security and doubles the disk space used.
Has anyone found a way to do it preferably in java?
Is there some kind of API for it (all I need is list files, get parent, read file, write file)?
Or is there a good java lib what works with another program to do it?
I thought this would be an easy task but . . .
I want my Java program to get the user's Windows file associations.
In other words, I want to know what the user uses to open .txt files, .cvs files, etc.
The assoc and ftype commands provide that info, but not for the user.
In other words, if I've set my text editor to Notepad++,
assoc and ftype don't show it. They show the system default, Notepad, instead.
It looks like I have to get that info from the registry but I have two problems.
1) I don't know the exact registry keys I want to pull
(though I've looked at "reg query HKEY_CURRENT_USER, HKEY_CLASSES_ROOT, etc.)
2) I don't know how to pull the key from the registry. I've seen JNI mentioned
but haven't figured out the details.
Any hints appreciated.
In Win7, you can find the "class"* for each file extension in the
HKLM\SOFTWARE\Classes\<extension>\(Default)
key.
For example, on my machine
HKLM\SOFTWARE\Classes\.txt
has a (Default) key of txtfile.
In that same path, you can find what opens files of the class txtfile:
HKLM\SOFTWARE\Classes\txtfile
Which should have a subpath of ...\shell\open\command
On my system,
HKLM\SOFTWARE\Classes\txtfile\shell\open\command\(Default)
is
%SystemRoot%\system32\NOTEPAD.EXE %1
Which you could parse to find the executable that opens .txt files.
For user-specific customizations, you can replace
HKLM\SOFTWARE\Classes\
with
HKCU\Software\Classes\
All that being said, I like MadProgrammer's suggestion if possible for your application.
* I'm sure there is a better name for "class", I just don't know it.
Take a look at the Eclipse's Program class, which should to what you want: http://help.eclipse.org/helios/index.jsp?topic=%2Forg.eclipse.platform.doc.isv%2Freference%2Fapi%2Forg%2Feclipse%2Fswt%2Fprogram%2FProgram.html.
If you would like to launch the program, use the Desktop-class (like MadProgrammer suggested)
I am working on a Swing application in which i have to give the HTML files to client but I dont want the client to get access to them.
Is there any way that I can put my files either in password protected folder or I could encrypt the file and my program should access them back in the Swing application.
You could encrypt them with a shared hidden key.
One for your application, hardcoded in the software, one for yourself, to encrypt the html files with.
That's about all you can do about it. Once decrypted it is fairly easy to get the contents from it because they can always write their own class which implements your class that simply shows the content(it's about 15 lines of code really, java decompilers work pretty good these days)
Hehe, well that's of course technically possible, but at some point the cleartext will be available to your client - if not by other means, then at least by network sniffing...
Use your resources to write good code and don't bother encrypting your HTML.
Cheers,
This question already has answers here:
How do I "decompile" Java class files? [closed]
(19 answers)
Closed 8 years ago.
When i create a runnable jar file from a java source code file from eclipse, i believe it creates a class file which then can be run by the JVM.
The reason i am asking this is because i am going to be making an java application that keeps all my passwords. The app is going consist of an interface that asks for a password and then if the password is correct show the passwords. Here are my questions on this subject:
What exactly does a runnable *jar file* consist of?
If the runnable jar file consists of a class file, can that class file be interpreted in anyway to be able to see the source code which would revile the passwords?
when you run the runnable jar file from cmd and type "java -jar xxx". and "xxx" meaning the file name, does "-jar" mean you are going to run a jar file and "java" means run this following file in the JVM?
Is this like .exe files, which can't be un done to readable source code when turned into the .exe file.
For the unasked question: If your password is in the source code it will be in the class file in a pretty easy to find way.
A runnable jar file is a jar file (i.e. zip file with jar suffix) containing class files and special file containing information about which class to start.
You can decompile byte code: http://www.program-transformation.org/Transform/JavaDecompilers to get source code. But you can actually see the password in the byte code without decompiling it
yes. in java -jar xxx java means run the jvm using a jar file with name xxx
If you know the language and tools created you should be able to decompile exe file just as class files. And even if not passwords in the source code will be easy to find in the .exe file. So yes jar files are kind of like exe files, but they are different then what you describe.
If you want to make an application to maintain your passwords, make it so that it encrypts the stored passwords using a master password that you provide on startup as a user of the application. Never ever store passwords in source code.
Java class files can be disassembled back to readable Java code. Even easier, though, is that you can extract all passwords from the compiled class file because they are stored as plain text (try for example the strings command on a GNU machine).
So, no, the passwords are not inherently safe inside a class file (and therefore not in a jar archive, because jars can easily be unpacked).
What you need to do is implement some sort of encryption and let your program save the passwords in an encrypted file. Your program will then need you to input the decryption key to even be able to unpack the passwords. The key should not be included in the Java program, it should be provided by you each time you run the program.
Basically, however hard you try, it can be easily decompiled and read by anyone.
If you can, don't store the password, compare it online on your server (using asynchronous encryption) or store it using a master password given to the application every time.
If you can't, don't store the password as-is. The best thing I can think of is storing (and checking against) the hashcode of the password. User enters the password, it is then SHA-256'd and the resulting hashcode is compared to your stored hashcode of the password. Add salt to protect against rainbow tables.
The idea of this is that the hash function is only one-way, a password can't be recovered from its hash. Therefore, nobody should be able to get your password in a reasonable time if it's strong enough.
A very good read on this are the wiki links - but most notably this article on jasypt.org.
That said - if you tried to encrypt the file containing the hash to add another layer of security, the decrypted password could still be found using a decompiler and a debugger, so don't really count on it being supereffective against someone who would really want to get through. Therefore, it's more a security through obscurity than a real encryption.
This question already has answers here:
How to create my own file extension like .odt or .doc? [closed]
(3 answers)
Closed 8 years ago.
I'm on my way in developing a desktop application using netbeans(Java Dextop Application) and I need to implement my own file format which is specific to that application only. I'm quite uncertain as to how should I go about first.What code should I use so that my java application read that file and open it in a way as I want it to be.
If it's character data, use Reader/Writer. If it's binary data, use InputStream/OutputStream. That's it. They are available in several flavors, like BufferdReader which eases reading a text file line by line and so on.
They're part of the Java IO API. Start learning it here: Java IO tutorial.
By the way, Java at its own really doesn't care about the file extension or format. It's the code logic which you need to write to handle each character or byte of the file according to some file format specification (which you in turn have to writeup first if you'd like to invent one yourself).
I am not sure this directly addresses your question, but since you mentioned a custom file format, it is worth noting that applications launched using Java Web Start can declare a file association. If the user double clicks one of those file types, the file name will be passed to the main(String[]) of the app.
This ability is used in the File Service demo. of the JNLP API - available at my site.
As to the exact format of the file & the best ways to load and save it, there are a large number of possibilities that can be narrowed down with more details of the information it contains.
Choosing a new/existing file extension does not affect your application (or in any case anyone's). It is upto the programmer what files he wants his app to read.
For example, you may consider you can't read a pdf or doc directly as a text file....but that is not because they are written/ stored differently, but because they have headers or characters which your app does not understand. So we might use a plugin or extension which understands those added headers ( or rather the grammar of the pdf /doc file) removes them & lets our app know what text (or anything else) it contains.
So if you wish to incorporate your own extension, & specifically want no other application to be able to read it, just write the text in a way that only your program is able to understand. Though writing a file in binary pretty much ensures that your file is not read directly just by user opening a file, but it is however still possible to read from it, if it is merely collection of raw characters.
If you ask code for hiding a data, I'd say there are plenty of algorithms you might use, which usually get tagged as encryptions cause you are basically trying to lock/hide your stuff. So if you do not really care for the big hulla-bulla, simply trying to keep a file from being directly read & successful attempts to read the file does not cause any harm to your application, write it in binary.