I am encrypting some data from codeigniter using Encrypt class and this will be send to a java program and need to be decoded there.
php code:
$this->load->library('encrypt');
$this->encrypt->set_key(SERVER_ENCRYPT_KEY);
$this->encrypt->set_mode(MCRYPT_MODE_CFB);
$this->data = $this->encrypt->encode($this->input->post('data'));
where SERVER_ENCRYPT_KEY is the key.
I found this: MCrypt for Java but I could not make it work.
There are other libs that can do this? or maybe an example how to do this using the java version of MCrypt.
Take a look in the CI_Encrypt class. In addition to calling the mcrypt library, it does various non standard things. As an example it runs encrypted data through an own invented _add_cipher_noise method. Also, it seems that the encrypted format have changed with different versions - indicating that this could happen again.
If you are going to use the encrypted data outside codeignite you should not use what looks like codeignites own packaging of mcrypt encrypted data.
I decided to avoid CI_Encrypt and use this PHP-Java-AES-Encrypt with small changes: add noise and use 2 types of keys. Also I build a tool to convert the old encrypted data to the new format.
Related
Currently I'm using AES/CBC encryption using the javax.crypto.cipher library, however, I'm finding its a little too slow. It takes anywhere between 45s-1m to decrypt a 10 minute .mp4 video file.
Is there a better way to do this on Android? I'm looking around and found some posts about openssl but is it really that much faster?
Any links, helpful posts and/or comments would be greatly appreciated.
Use streaming instead of file decryption. If you stream the video you can simply perform the decryption of the video as you need it. If you use CTR or CBC mode you can even skip to a specific place within the stream, although it will take some additional tricks to make that happen.
Leaving decryption to the default provider should be first choice, but you can certainly speed up things using a native decryption library.
Willing to decrypt the entire video before to start playing exposes the user to a noticeable delay. You should consider a streaming architecture.
A typical design involves the javax.crypto.CipherInputStream class and a local http instance. There is no class for an http server in the SDK, you have to implement your own or look for an existing library similar to LocalSingleHttpServer.
It looks like:
mServer = new LocalSingleHttpServer();
mServer.setCipher(myGetCipher());
mServer.start();
path = mServer.getURL(path);
mVideoView.setVideoPath(path);
mVideoView.start();
I have searched around for the best methods for encryption in terms of what ciphers to use, methods/etc. I'v decided on using 128Bit AES for the time being. My question lies more in what method is best for encrypting various types of data. In my example, this is for a small game I am making that has map data and associated image data.
I can save the data in any format, but would prefer something simple to read (when un-encrypted). Should I actually save this to the file itself, or should I change the file itself in some way?
Likewise in terms of the image files associated to the game that are saved as PNG or BMP files, any recommendations on how to encrypt those on top of the rest of the files?
My current method for the game data is to just encrypt it in singular lines - and have it load from a file line-by-line. Each line formatting to a different data value to be put into the system (e.g. load part of a map, maybe some item data, etc). Is there a better/faster method of accomplishing this that I may not have found yet?
I was also wondering about actually taking the entire class with the data saved and serializing it - then encrypting it. That way I could load the entire thing in one go straight into a class. Would this be a reasonable idea?
For the images: you can read them using a CipherInputStream / CipherOuputStream. Note that at least older Java versions ignored padding errors for CipherInputStream.
You cannot directly encrypt to lines as the output of a cipher is binary. So you need to encode (using e.g. Base64) if you want to store the result as lines. You may ask yourself if you want things like game data to be in text. I would recommend CBC mode with random IV prefixed to the ciphertext.
If the data is serializable then serializing data could be an option. Personally I'm not a huge fan of serialization in Java due to the many pitfalls. But yes, you can certainly encrypt serialized data easily, it's binary after all.
I'm writing a Java program to implements AES algorithms. I reviewed in many Java sites or forums about their code.
1. http://zenu.wordpress.com/2011/09/21/aes-128bit-cross-platform-java-and-c-encryption-compatibility/
2. http://www.code2learn.com/2011/06/encryption-and-decryption-of-data-using.html
And I wonder why they always use Base64 library in their code. I think it will make our program (encrypted and decrypted) slower than when we don't use it.
Any one can be explain for me.
Base64 is easier to read, check and transfer. e.g. email message with binary need Base64.
While Base64 is slower, it is trivial compared with encryption and decryption.
You don't have to use Base64, but I suggest you use it to start with and remove it when everything is working.
I have a vector of user passwords. I would like to save this vector to a file and encrypt it. Then load and decrypt the file to get the passwords. I would like my users to enter a pass phrase to decrypt the files. Which algorithm should i choose? and How can i encrypt the vector before writing the file?
Encryption in Java is done using the Java Cryptography Architecture (doc contains example code). As for which algorithm to use, AES should be fine.
However, don't use Vector - it's utterly outdated and should be replaced with ArrayList (this has nothing to do with cryptography, but using Vector marks you as someone who's been learning Java from 12 year old books).
I think you can checkout my other post (example included) and get a headstart.
few characters missing after decryption
Basically you just need to use CipherInputStream & CipherOutputStream, and that's it! :)
I'm looking for a low-level encryption to write questions/answers for a test/exam application in Java. Both the questions and exam are objects. Basically, I need a way to serialize a object, write it to a file, whilst encrypting everything so no one can read the question/answers without my program.
I've heard of Protocol Buffers (http://code.google.com/apis/protocolbuffers/docs/javatutorial.html), but not sure if there is something newer/better out there or if it is the next best thing.
Cheers
-Tanner
You need two steps - serialization/deserialization, which converts an object to a representation which can be stored on disk; and encryption/decryption, which enciphers the on-disk representation.
In Java you can use an ObjectOutputStream to perform the serialization, and a CipherOutputStream to perform the encryption. First obtain a FileOutputStream, then pass that to the constructor of a CipherOutputStream, then pass that to the constructor of an ObjectOutputStream. Then you can just hand your Serializable object(s) to the ObjectOutputStream, and they'll end up serialized, encrypted and written to a file. (You will of course need to perform additional setup on at least the CipherOutputStream object, but that's the basic idea).
However, there is a rather large caveat to all of this. The encryption you're doing is no more than obfuscation - if you give someone the encrypted data and a program that can decrypt it, that person has all the information they need to decrypt the data themselves. There's no way to get around this - if your program can decrypt it, then your program can be pulled apart and its secrets found.
Judging from your description of the application, performance is not a concern. So a solution that serializes to XML (e.g. using XStream) and then encrypts the XML would be satisfy your requirements.
However, I should warn you that there is a significant risk that student with sufficient incentive could hack your encryption. I can think of only ways you can guard against this:
don't store the encrypted data on the user's machine at all, or
use an asymmetric cipher and don't ever do any decryption on the user's machine.
If you cannot do one or the other, your application is vulnerable. Hacking it is not quite as simple as reading the files with a text editor, but it is not all that hard either ... even if you feed the application through an JAR file obfuscator.