I'm writing a Java program to implements AES algorithms. I reviewed in many Java sites or forums about their code.
1. http://zenu.wordpress.com/2011/09/21/aes-128bit-cross-platform-java-and-c-encryption-compatibility/
2. http://www.code2learn.com/2011/06/encryption-and-decryption-of-data-using.html
And I wonder why they always use Base64 library in their code. I think it will make our program (encrypted and decrypted) slower than when we don't use it.
Any one can be explain for me.
Base64 is easier to read, check and transfer. e.g. email message with binary need Base64.
While Base64 is slower, it is trivial compared with encryption and decryption.
You don't have to use Base64, but I suggest you use it to start with and remove it when everything is working.
Related
Currently I'm using AES/CBC encryption using the javax.crypto.cipher library, however, I'm finding its a little too slow. It takes anywhere between 45s-1m to decrypt a 10 minute .mp4 video file.
Is there a better way to do this on Android? I'm looking around and found some posts about openssl but is it really that much faster?
Any links, helpful posts and/or comments would be greatly appreciated.
Use streaming instead of file decryption. If you stream the video you can simply perform the decryption of the video as you need it. If you use CTR or CBC mode you can even skip to a specific place within the stream, although it will take some additional tricks to make that happen.
Leaving decryption to the default provider should be first choice, but you can certainly speed up things using a native decryption library.
Willing to decrypt the entire video before to start playing exposes the user to a noticeable delay. You should consider a streaming architecture.
A typical design involves the javax.crypto.CipherInputStream class and a local http instance. There is no class for an http server in the SDK, you have to implement your own or look for an existing library similar to LocalSingleHttpServer.
It looks like:
mServer = new LocalSingleHttpServer();
mServer.setCipher(myGetCipher());
mServer.start();
path = mServer.getURL(path);
mVideoView.setVideoPath(path);
mVideoView.start();
I am encrypting some data from codeigniter using Encrypt class and this will be send to a java program and need to be decoded there.
php code:
$this->load->library('encrypt');
$this->encrypt->set_key(SERVER_ENCRYPT_KEY);
$this->encrypt->set_mode(MCRYPT_MODE_CFB);
$this->data = $this->encrypt->encode($this->input->post('data'));
where SERVER_ENCRYPT_KEY is the key.
I found this: MCrypt for Java but I could not make it work.
There are other libs that can do this? or maybe an example how to do this using the java version of MCrypt.
Take a look in the CI_Encrypt class. In addition to calling the mcrypt library, it does various non standard things. As an example it runs encrypted data through an own invented _add_cipher_noise method. Also, it seems that the encrypted format have changed with different versions - indicating that this could happen again.
If you are going to use the encrypted data outside codeignite you should not use what looks like codeignites own packaging of mcrypt encrypted data.
I decided to avoid CI_Encrypt and use this PHP-Java-AES-Encrypt with small changes: add noise and use 2 types of keys. Also I build a tool to convert the old encrypted data to the new format.
My requirement is to find best algorithm use to secure data sent using XML over network. This is important data which is to be exchanged between third parties.
I know about DES which is quite outdated these days. MD5 appeared as another option but this does not allow decryption to get data back(please correct me if I am wrong)
What other options do we have to accomplish above task and which is best and most standard way to do it?
Tried out AES, it uses common key for encryption and decryption. Other option I explored was RSA, which has two keys public and private, for encryption and decryption.
Not able to decide about better approach of above two.
You can use Advanced Encryption Standard(AES).The differences between AES and DES
There's a W3C standard for this, it's called XML Encryption Syntax and Processing, which uses a cipher like a DES/3DES-CBC symmetric key cipher.
I have a vector of user passwords. I would like to save this vector to a file and encrypt it. Then load and decrypt the file to get the passwords. I would like my users to enter a pass phrase to decrypt the files. Which algorithm should i choose? and How can i encrypt the vector before writing the file?
Encryption in Java is done using the Java Cryptography Architecture (doc contains example code). As for which algorithm to use, AES should be fine.
However, don't use Vector - it's utterly outdated and should be replaced with ArrayList (this has nothing to do with cryptography, but using Vector marks you as someone who's been learning Java from 12 year old books).
I think you can checkout my other post (example included) and get a headstart.
few characters missing after decryption
Basically you just need to use CipherInputStream & CipherOutputStream, and that's it! :)
I'm looking for a low-level encryption to write questions/answers for a test/exam application in Java. Both the questions and exam are objects. Basically, I need a way to serialize a object, write it to a file, whilst encrypting everything so no one can read the question/answers without my program.
I've heard of Protocol Buffers (http://code.google.com/apis/protocolbuffers/docs/javatutorial.html), but not sure if there is something newer/better out there or if it is the next best thing.
Cheers
-Tanner
You need two steps - serialization/deserialization, which converts an object to a representation which can be stored on disk; and encryption/decryption, which enciphers the on-disk representation.
In Java you can use an ObjectOutputStream to perform the serialization, and a CipherOutputStream to perform the encryption. First obtain a FileOutputStream, then pass that to the constructor of a CipherOutputStream, then pass that to the constructor of an ObjectOutputStream. Then you can just hand your Serializable object(s) to the ObjectOutputStream, and they'll end up serialized, encrypted and written to a file. (You will of course need to perform additional setup on at least the CipherOutputStream object, but that's the basic idea).
However, there is a rather large caveat to all of this. The encryption you're doing is no more than obfuscation - if you give someone the encrypted data and a program that can decrypt it, that person has all the information they need to decrypt the data themselves. There's no way to get around this - if your program can decrypt it, then your program can be pulled apart and its secrets found.
Judging from your description of the application, performance is not a concern. So a solution that serializes to XML (e.g. using XStream) and then encrypts the XML would be satisfy your requirements.
However, I should warn you that there is a significant risk that student with sufficient incentive could hack your encryption. I can think of only ways you can guard against this:
don't store the encrypted data on the user's machine at all, or
use an asymmetric cipher and don't ever do any decryption on the user's machine.
If you cannot do one or the other, your application is vulnerable. Hacking it is not quite as simple as reading the files with a text editor, but it is not all that hard either ... even if you feed the application through an JAR file obfuscator.