I would like to encrypt a file using a symmetric key and decrypt it using the game key in java without losing data, I tried an encryption of a 56 byte file and the resultant file was 10 bytes which makes me think I'm going wrong somewhere.
Are there any tutorials on how to encrypt and decrypt files in java using a symmetric key? (and how to get said key?)
Here is a short nice tutorial: http://www.javamex.com/tutorials/cryptography/symmetric.shtml
Here is a related question: Java using AES 256 and 128 Symmetric-key encryption
Hope it'll help.
Related
This is an extension of this question: OpenPGP Encryption Using BouncyCastle Lightweight API
My problem is as follows:
I have to generate a PGP encrypted message from a plain text. Because of the key sizes in question the only options I had was to either install the Unlimited Strength policy files or use the lightweight API. Given that I needed the solution to be portable I decided to use the lightweight API.
All solutions that I have found to use the lightweight API use the PGPEncryptedDataGenerator and open a stream to encrypt it (code samples in the other link) however the AES encryption for it uses CFB mode whereas I need to do it in CBC mode.
My Current Approach:
I generated a random 256 bit key and 128 bit initialization vector and used it to encrypt the plaintext. Then I encrypted the key with the public key using RSA. I first wrote the encrypted key and then the encrypted text in a stream, signed it using a private key, created PGPLiteralDataPackets out of it and then compressed and armoured it.
However when I try to decrypt it using gpg, it recognized the private key I signed it with and then it gives me a set of non printable ascii characters, which means that it does not recognize the encrypted part even though the public key is present in its keyring.
This means that I am not constructing the message properly. I would like to know how to construct a PGP message manually using bouncy castle so that the encrypted message created by me will be recognized and decrypted.
I have a UI to add/edit password .These passwords are encrypted using Blowfish in CBC mode and it worked fine but during decryption it required a IV (it threw a parameter missing exception.)
I have used the cipher class while initiating the cipher so this would have taken care of the IV while encrypting.
So my doubt is,
should the IV be same for both encryption and decryption? I read on some pages that while decryption if we use an incorrect IV the first block will be incorrect but the remaining blocks would be correct .Can you explain on this?
IF the IV (in case of encryption and decryption using the same IV) be saved should it be saved as a plain object or encrypted along with the password using some delimiter ?Which will be safer?
Thanks in advance.
Yes, the IV should be the same for encryption/decryption. In CBC, if I recall properly, errors will cascade down the blocks. So the whole message will be wrong if you use the wrong IV.
The IV can be stored in plaintext. If you try and store it encrypted, you'll end up needing to store the IV used to encrypt the IV...
However, it is generally considered a bad practice to store passwords in an encrypted form. If someone were to retrieve you database, they'd only need to find one key to retrieve all the passwords.
The recommended way to store passwords is to use a hash function multiple times, also known as a PBKDF (password based key derivation function), either based on a plain hash or on a hmac function. See the OWASP password storage cheatsheet.
There are primitives for this in java, see the example on this page. (Search for Use a Password Hashing Algorithm and scroll down to the java implementation.)
I am trying to encrypt XML using PHP which will be decrypted over java.
While I am doing R&D and i found a code over this link PHP code to decrypt XML encrypted through Java which is doing exactly opposite thing that I am looking for. How can I encrypt XML which comfortably decrypted over java?
It's not a problem to decript a file with diferent language. You just have to implement the same encrypter algorithm and that it's. If you want an asymetric encrypt take a look for RSA, if you want a symetric one look for DES.
Ans sorry but it's all informations you will take on the thread. This site is not a "code on demand" site.
I have some issues regarding BlowFish encryption. I'm developing a portlet in Java deployed under weblogic. I receive from an internet usb device a string encrypted with BlowFish - nCFB mode and i need to obtain the original string from it. I implemented blowfish decryption, but i don't know how can i decrypt using the nCFB mode. It's very few documentation on the internet but i was able to find a tool that does it at:
http://www.tools4noobs.com/online_tools/decrypt/
Giving my input string and password, it retrieves the result. But on java i can't do
Cipher cipher = Cipher.getInstance("Blowfish/NCFB/NoPadding");
Because the NCFB is not recognized. I did my implementation with
Cipher cipher = Cipher.getInstance("Blowfish/CFB/NoPadding");
But it only decodes the first 3 characters. How can i decrypt using the NCFB mode instead of CFB ?
I was able to found a little something about nCFB at http://mcrypt.hellug.gr/lib/mcrypt.3.html , but it belongs to mcrypt php library.
Is there a java API able to do this ? Or how can i get the CFB mode to work as NCFB ?
Best regards
CFB (Cypher Feed Back) mode feeds back part or all of the cyphertext when decrypting. the "n" in nCFB tells you how much to feed back. The default is the entire block. You will need to read the documentation to find out what value of n is being used to encrypt, and how to add that parameter to your decryption algorithm. Given that the first three characters are decrypting correctly, it might be that n is 24 bits, though I am not sure of that.
Normally CTR mode is less trouble than CFB.
Okay, I am working on an application and I want to store a file on the user's SD Card, but I want the file encrypted. I've researched several sites that use the DES encryption to encrypt files and data, but I am confused about something. All the examples I'm seen use a line like this:
SecretKey key = KeyGenerator.getInstance("DES").generateKey();
The problem I am having is that I get my key to encrypt and obviously I need the same key to decrypt. But its seems like a paradox because if I store my key in a file or in a database, can't someone get the key and decrypt my file? Maybe I am missing something, but is there a way to generate a key using a supplied pass phrase? And why would someone not want to use a passkey if they must store the generated key somewhere else?
I think there are two cases:
You trust the user - let the key be dependent on some input (password / passphrase). and encrypt / decrypt the data with it.
You don't trust the user - then you're in trouble, you might obfuscate the encryption / decryption algorithm, but as long as the mechanism + key is stored on the device, you will have this problem.
This applies to both symmetric and asymmetric encryption.
First of all, please don't use DES. It has been broken from many years. Use AES instead.
The problem I am having is that I get
my key to encrypt and obviously I need
the same key to decrypt.
If you use symmetric cryptography techniques this is it. Otherwise have a look to asimmetric encryption.
But its seems like a paradox because
if I store my key in a file or in a
database, can't someone get the key
and decrypt my file?
Yes, someone could do it.
Maybe I am missing something, but is there a way to generate a key using a supplied pass phrase?
You don't use a the key using a passphrase. Usually you do the following things:
key generation
encrypt the key generated with a symmetric key derived from a passphrase
And why would someone not want to use
a passkey if they must store the
generated key somewhere else?
There could be several reasons. For example you can store the key in a removable device, and you want simply connect it to your computer for retrieving the key, without entering the passphrase.
Having a passphrase has its disadvantage too: passphrase must be remembered, can be guessed, if it's too long probably you'll write it down (and that's pretty the same thing then storing it in a file )
EDIT:
to generate a key from a password have a look at PBKDF2 (related post).
Yeah, it is possible to use a pass-phrase to encrypt.
But first, dump DES. Use AES-128.
Accept the pass-phrase from the user and and generate the hash using SHA-256 or SHA-512. Trim the hash to 128 bits for AES-128. Refer this post.
Java AES and using my own Key
Use a salt when you can.
Regarding the storage of password part. Store the hash and not the password. This way you can prevent the attacker from generating the key. Ask the user to enter strong password. And don't forget that your salt must be very strong too.
So, in the end, you store only the hash of the password. The password is not stored and the key to decrypt will not be stored(It will be generated at run-time)
Hope it helps.