In the decrypt class, I cant get it to correctly decrypt. I've verified in the decrypt class that my salt and my ciphertext still carries the same values before I convert them back to bytes.
The program itself doesn't given an error however when I compile, I'll encrypt, save it to the string encryptPhrase and then decrypt it in the decrypt method and I cant seem to get it to decrypt properly. I've marked in comments where the issue is and gives a badpadding exception, however there is no padding?
The odd thing is... if i take out everything in the decrypt method and return just encryptPhrase, it actually returns the correct plain text.
Any help would be appreciated. Thanks! :)
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.util.*;
public class PasswordEncryption {
private static int ITERATIONS = 1000;
private static String saltString;
private static String ciphertextString;
private static String encryptPhrase;
private static void usage(){
System.err.println("Usage: java PBE -e|-d password text");
System.exit(1);
}
public static void main(String[] args) throws Exception{
scan = new Scanner(System.in);
System.out.println("Please enter plain text: ");
String text = scan.nextLine();
System.out.println("Please enter password to encrypt plain text: ");
char [] pw = scan.nextLine().toCharArray();
int option=3;
while (option!=0){
System.out.println("Are we encrypting(1) or decrypting(2) or Exit(0)? " );
option = scan.nextInt();
String output="exiting program";
if (option == 1)
output = encrypt(pw, text);
else if (option ==2)
output = decrypt(pw,text);
System.out.println("Output: " +output);
}
}
private static Scanner scan;
private static String encrypt(char[] password, String plaintext) throws Exception {
//create random salt
byte[] salt = new byte[8];
SecureRandom random = new SecureRandom();
random.nextBytes(salt);
//create key based on password
int iterationCount = ITERATIONS;
PBEKeySpec pbeSpec = new PBEKeySpec(password, salt, iterationCount);
SecretKeyFactory keyFact = SecretKeyFactory.getInstance("PBEWithSHAAnd3KeyTripleDES");
//create a cipher
Cipher myCipher = Cipher.getInstance("PBEWithSHAAnd3KeyTripleDES");
Key encryptKey = keyFact.generateSecret(pbeSpec);
myCipher.init(Cipher.ENCRYPT_MODE, encryptKey);
byte[] cipherText = myCipher.doFinal();
System.out.println("Encrypted Text: " +toString(cipherText));
//produce salt to string
saltString = salt.toString();
System.out.println("SALT: " +saltString);
//produce cipher text to string
ciphertextString = toString(cipherText);
//stores salt and cipher string in encryptPhrase
encryptPhrase = saltString+ciphertextString;
return saltString+ciphertextString;
}
public static String decrypt(char[] password, String encryptPhrase) throws Exception{
//split the encryption data into salt and ciphertext
//System.out.println("encrypt Phrase: " +encryptPhrase);
//convert salt into bytearray
byte[] bsalt = toByteArray(saltString);
//convert ciphertext into bytearray
byte[] bciphert= toByteArray(ciphertextString);
//produce cipher
/////////////////////////////////////////////////////////////////////
int iterationCount = ITERATIONS;
PBEKeySpec pbeSpec = new PBEKeySpec(password, bsalt, iterationCount);
//use SHA and 3DES
//create the key
SecretKeyFactory keyFact = SecretKeyFactory.getInstance("PBEWithSHAAnd3KeyTripleDES");
Cipher cDec = Cipher.getInstance("PBEWithSHAAnd3KeyTripleDES");
Key sKey = keyFact.generateSecret(pbeSpec);
//perform decryption
cDec.init(cDec.DECRYPT_MODE,sKey);
byte [] plainTextb = cDec.doFinal(bciphert); //gives me an error here. Says BadPaddingException: pad block corrupted?
String plainText = toString(plainTextb);
return plainText;
//return encryptPhrase;
}
/**
* Convert a byte array of 8 bit characters into a String.
*
*#param bytes the array containing the characters
* #param length the number of bytes to process
* #return a String representation of bytes
*/
public static String toString(byte[] bytes, int length)
{
char[] chars = new char[length];
for (int i = 0; i != chars.length; i++)
{
chars[i] = (char)(bytes[i] & 0xff);
}
return new String(chars);
}
/**
* Convert a byte array of 8 bit characters into a String.
*
* #param bytes the array containing the characters
* #return a String representation of bytes
*/
public static String toString( byte[] bytes)
{
return toString(bytes, bytes.length);
}
/**
* Convert the passed in String to a byte array by
* taking the bottom 8 bits of each character it contains.
*
* #param string the string to be converted
* #return a byte array representation
*/
public static byte[] toByteArray(String string)
{
byte[] bytes = new byte[string.length()];
char[] chars = string.toCharArray();
for (int i = 0; i != chars.length; i++)
{
bytes[i] = (byte)chars[i];
}
return bytes;
}
private static String digits = "0123456789abcdef";
public static String toHex(byte[] data, int length)
{
StringBuffer buf = new StringBuffer();
for (int i=0; i!= length; i++)
{
int v = data[i] & 0xff;
buf.append(digits.charAt(v >>4));
buf.append(digits.charAt(v & 0xf));
}
return buf.toString();
}
/**
* Return the passed in byte array as a hex string.
*
* #param data the bytes to be converted.
* #return a hex representation of data.
*/
public static String toHex(byte[] data)
{
return toHex(data, data.length);
}
}
Yet another confusion between bytes and characters. Could have guessed. Please look up the base 64 encoding and see why it exists. Then note the implementation of Object.toString() and lookup character encoding (don't use new String(byte[]) on randomized bytes).
Related
I am trying to encrypt an ISO-0 pinblock using the codenameone BouncyCastle lib.
The methods I use to achieve this is as follows:
private static byte[] performEncrypt(byte[] key, String plainText, boolean padding) {
byte[] ptBytes = plainText.getBytes();
BufferedBlockCipher cipher;
if (padding) {
cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()));
} else {
cipher = new BufferedBlockCipher(new CBCBlockCipher(new DESedeEngine()));
}
cipher.init(true, new KeyParameter(key));
byte[] rv = new byte[cipher.getOutputSize(ptBytes.length)];
int oLen = cipher.processBytes(ptBytes, 0, ptBytes.length, rv, 0);
try {
cipher.doFinal(rv, oLen);
} catch (CryptoException ce) {
LoggingUtil.error(TAG, ce, "Unexpected Exception");
}
return rv;
}
private static String createIso0PinBlock(String pin, String number) {
...
}
private static String getPaddedData(String data, byte padCharacter) {
String paddedData = ByteUtil.pad(data, (char) padCharacter, 8).toString();
return paddedData;
}
public static String createPinBlockAndEncrypt(String pin, String number) {
LoggingUtil.debug("SecurityUtil", "CREAT PIN BLOCK AND ENCRYPT.. PIN: " + pin + " NUMBER: " + number);
String pb = createIso0PinBlock(pin, number.substring(0, number.length() - 1));
LoggingUtil.debug("SecurityUtil", "PINBLOCK: " + pb);
String padded = getPaddedData(pb, (byte) 0x00);
LoggingUtil.debug("SecurityUtil", "PADDED: " + padded);
byte[] encrypted = performEncrypt(Hex.decode(KEY.getBytes()), new String(ByteUtil.hex2byte(padded)), false);
return ByteUtil.byte2hex(encrypted);
}
In ByteUtil:
public static StringBuilder pad(String data, char padCharacter, int multiplier) {
StringBuilder text = new StringBuilder();
text.append(data);
while (text.length() % multiplier != 0) {
text.append(padCharacter);
}
return text;
}
To give example Log outputs:
[SecurityUtil] CREAT PIN BLOCK AND ENCRYPT.. PIN: 2255 NUMBER: 6284734104205417486
[SecurityUtil] PINBLOCK: 042214FBDFABE8B7
[SecurityUtil] PADDED: 042214FBDFABE8B7
When I run this through a public static void main method, it works as expected, however, when I build this for Android via Codenameone, I get the following error in logcat:
org.bouncycastle.crypto.DataLengthException: data not block size aligned
org.bouncycastle.crypto.BufferedBlockCipher.doFinal(BufferedBlockCipher.java:275)
Despite the padded pinblock being 16 in length (a multiple of 8).
Any help regarding this issue would be appreciated.
Encryption works on binary data, and your pinblock is binary, so keep it that way.
When calling performEncrypt(..) you convert your hex encoded pinblock to a string with new String(ByteUtil.hex2byte(padded)), and inside performEncrypt(...) you convert it to a byte array with byte[] ptBytes = plainText.getBytes();. The problem with this is that not all byte sequences can be mapped correctly back and forth through a string, and you might end up with different data and even different length etc. take a look here
Change your signature of you performEncrypt(..) to:
private static byte[] performEncrypt(byte[] key, byte[] plainText, boolean padding) {
and avoid converting through a string altogether.
Since yesterday when I posted the frist time I learned a lot. So what I am trying to do now is to implement user console input instead of the given values, written in bold, encrypt, save them in the file and then keep verifying next user input with the encrypted values saved in the file until correct or up to 10 times.
String openPwd = "my password is datasecurity";
String openUser = "a user is ME";
The first question is: can I implement second user input and verification in the same main method of the class?
Moreover I encrypt values with two way encryption AES (Now I know that is not the safest way to encrypt) and one way encryption with hash and salt would be the safest option due to the number of reasons. Also I save password and key in the system file, since setting up database would be too time consuming for the task.
The second question is: can I use PBKDF2 and salt instead of encryption with AES if I do not save password and user name in dbms, but in system file instead? How will verification process in encryption case and PBKDF2 with salt differ?
public class PasswordEncryption {
public static final String AES = "AES";
public static String encrypt(String value, File keyFile)
throws GeneralSecurityException, IOException {
if (!keyFile.exists()) {
KeyGenerator keyGen = KeyGenerator
.getInstance(PasswordEncryption.AES);
keyGen.init(128);
SecretKey sk = keyGen.generateKey();
FileWriter fw = new FileWriter(keyFile);
fw.write(byteArrayToHexString(sk.getEncoded()));
fw.flush();
fw.close();
}
SecretKeySpec sks = getSecretKeySpec(keyFile);
Cipher cipher = Cipher.getInstance(PasswordEncryption.AES);
cipher.init(Cipher.ENCRYPT_MODE, sks, cipher.getParameters());
byte[] encrypted = cipher.doFinal(value.getBytes());
return byteArrayToHexString(encrypted);
}
public static String decrypt(String message, File keyFile)
throws GeneralSecurityException, IOException {
SecretKeySpec sks = getSecretKeySpec(keyFile);
Cipher cipher = Cipher.getInstance(PasswordEncryption.AES);
cipher.init(Cipher.DECRYPT_MODE, sks);
byte[] decrypted = cipher.doFinal(hexStringToByteArray(message));
return new String(decrypted);
}
private static SecretKeySpec getSecretKeySpec(File keyFile)
throws NoSuchAlgorithmException, IOException {
byte[] key = readKeyFile(keyFile);
SecretKeySpec sks = new SecretKeySpec(key, PasswordEncryption.AES);
return sks;
}
private static byte[] readKeyFile(File keyFile)
throws FileNotFoundException {
#SuppressWarnings("resource")
Scanner scanner = new Scanner(keyFile).useDelimiter("\\Z");
String keyValue = scanner.next();
scanner.close();
return hexStringToByteArray(keyValue);
}
private static String byteArrayToHexString(byte[] b) {
StringBuffer sb = new StringBuffer(b.length * 2);
for (int i = 0; i < b.length; i++) {
int v = b[i] & 0xff;
if (v < 16) {
sb.append('0');
}
sb.append(Integer.toHexString(v));
}
return sb.toString().toUpperCase();
}
private static byte[] hexStringToByteArray(String s) {
byte[] b = new byte[s.length() / 2];
for (int i = 0; i < b.length; i++) {
int index = i * 2;
int v = Integer.parseInt(s.substring(index, index + 2), 16);
b[i] = (byte) v;
}
return b;
}
public static void main(String[] args) throws Exception {
final String KEY_FILE = "/Users/xxx/key";
final String PASSWORD_FILE = "/Users/xxx/properties";
String openPwd = "my password is datasecurity";
String openUser = "a user is ME";
Properties p1 = new Properties();
String encryptedPwd = PasswordEncryption.encrypt(openPwd, new File(
KEY_FILE));
String encryptedUser = PasswordEncryption.encrypt(openUser, new File(
KEY_FILE));
p1.put("password",encryptedPwd);
p1.put("user",encryptedUser);
p1.store(new FileWriter(PASSWORD_FILE),"");
// ==================
Properties p2 = new Properties();
p2.load(new FileReader(PASSWORD_FILE));
encryptedPwd = p2.getProperty("password");
encryptedUser = p2.getProperty("user");
System.out.println(encryptedPwd);
System.out.println(encryptedUser);
System.out.println(PasswordEncryption.decrypt(encryptedPwd, new File(
KEY_FILE)));
System.out.println(PasswordEncryption.decrypt(encryptedUser, new File(
KEY_FILE)));
}
}
There are two simple ways of doing this. The first would be to create a static class level variable in your first class that contains the value of the encryptedPwd. To make a class level variable you would define it like this:
public class FirstClass {
public static String encryptedPwd = "";
public static void main(String[] args){
...
FirstClass.encryptedPwd = encryptedPwd; //Set the class level variable equal to the encrypted password
...
}
}
Then you could access it from your Authenticate class using:
if (FirstClass.encryptedPwd.equals(inputHash)) //Getting the password variable in Authenticate class
or you could create a static method to access it as well which would allow you to keep the variable private.
public static String getPassword(){ //Static Method inside your first class that returns the encrypted password
return encryptedPwd;
}
if(FirstClass.getPassword().equals(inputHash)) //Method call in Authenticate class
There are other options too, but it depends on what your doing and the design you want for your project
Hi I am trying to encrypt a string using AES encryption with initalvector and key. The problem is I am not able to generate a IV which is 16 bytes long. what ever I do its showing IV is not 16 bytes so an exception is raised.
public static String encryptString(String str){
char[] CHARSET_AZ_09 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789".toCharArray();
String initialVectorString = Helper.randomString(CHARSET_AZ_09, 16);
byte[] vectorbytes = (new org.apache.commons.codec.binary.Base64()).encode(initialVectorString.getBytes());
String encryptedString = Helper.encrypt(str, initialVectorString, "mykey");
return encryptedString;
}
public static String randomString(char[] characterSet, int length) {
Random random = new SecureRandom();
char[] result = new char[length];
for (int i = 0; i < result.length; i++) {
// picks a random index out of character set > random character
int randomCharIndex = random.nextInt(characterSet.length);
result[i] = characterSet[randomCharIndex];
}
String str = new String(result);
try{
str = new String(str.getBytes(),"UTF8");
}
catch(Exception e){
}
Log.d("check",str.getBytes().length+"");
return str;
}
public static String encrypt(String data,String initialVectorString,String secretKey){
String encryptedString = null;
try{
SecretKeySpec skeySpec = new SecretKeySpec(md5(secretKey).getBytes(), "AES");
IvParameterSpec initialVector = new IvParameterSpec((new org.apache.commons.codec.binary.Base64()).decode(initialVectorString.getBytes()));
Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, initialVector);
byte[] plainTextByteArray = (new org.apache.commons.codec.binary.Base64()).decode(data.getBytes());
byte[] encryptedByteArray = cipher.doFinal(plainTextByteArray);
encryptedString = new String(encryptedByteArray, "UTF8");
}
catch (Exception e) {
Log.d("Problem decrypting the data", e.getLocalizedMessage());
}
return encryptedString;
}
Does anybody knows how to generate a 16 byte long IV?
Are you asking how to create an array of 16 bytes?
byte[] iv = new byte[ 16 ];
And while we are here, use this to fill it with random data:
SecureRandom random = SecureRandom.getInstance( "SHA1PRNG" );
random.nextBytes( iv );
Your method of obtaining an IV value is quite broken:
String initialVectorString = Helper.randomString(CHARSET_AZ_09, 16);
// ....
IvParameterSpec initialVector = new IvParameterSpec(
(new org.apache.commons.codec.binary.Base64()).decode(
initialVectorString.getBytes()));
It looks like you are creating a 16 character alphanumeric string, then treating this as base64-encoded data (which it isn't) and using that result as an IV. Very odd!
Instead, just use the Random class to generate random bytes. I would suggest Random is secure enough for generating a public IV value, but if you feel super paranoid you could use SecureRandom.
byte[] iv = new byte[16];
random.nextBytes(iv); // where 'random' is a private static final field of
// your class, with type Random
I've been looking around and the closest answer is : How to generate a random alpha-numeric string?
I want to follow this workflow according to this CrackStation tutorial:
To Store a Password
Generate a long random salt using a CSPRNG.
Prepend the salt to the password and hash it with a standard cryptographic hash function such as SHA256.
Save both the salt and the hash in the user's database record.
To Validate a Password
Retrieve the user's salt and hash from the database.
Prepend the salt to the given password and hash it using the same hash function.
Compare the hash of the given password with the hash from the database. If they match, the password is correct. Otherwise, the password is incorrect.
I don't know how to generate a SALT. I figured out how to generate a hash using the MessageDigest. I tried using SecureRandom but nextByte method produces garbled code.
Edit: I don't know which answer to choose, they're too complicated for me, I have decided to use jBCrypt; jBCript is easy to use, does all the complex stuff behind the scenes. so I'll let the community vote up for the best answer.
Inspired from this post and that post, I use this code to generate and verify hashed salted passwords. It only uses JDK provided classes, no external dependency.
The process is:
you create a salt with getNextSalt
you ask the user his password and use the hash method to generate a salted and hashed password. The method returns a byte[] which you can save as is in a database with the salt
to authenticate a user, you ask his password, retrieve the salt and hashed password from the database and use the isExpectedPassword method to check that the details match
/**
* A utility class to hash passwords and check passwords vs hashed values. It uses a combination of hashing and unique
* salt. The algorithm used is PBKDF2WithHmacSHA1 which, although not the best for hashing password (vs. bcrypt) is
* still considered robust and recommended by NIST .
* The hashed value has 256 bits.
*/
public class Passwords {
private static final Random RANDOM = new SecureRandom();
private static final int ITERATIONS = 10000;
private static final int KEY_LENGTH = 256;
/**
* static utility class
*/
private Passwords() { }
/**
* Returns a random salt to be used to hash a password.
*
* #return a 16 bytes random salt
*/
public static byte[] getNextSalt() {
byte[] salt = new byte[16];
RANDOM.nextBytes(salt);
return salt;
}
/**
* Returns a salted and hashed password using the provided hash.<br>
* Note - side effect: the password is destroyed (the char[] is filled with zeros)
*
* #param password the password to be hashed
* #param salt a 16 bytes salt, ideally obtained with the getNextSalt method
*
* #return the hashed password with a pinch of salt
*/
public static byte[] hash(char[] password, byte[] salt) {
PBEKeySpec spec = new PBEKeySpec(password, salt, ITERATIONS, KEY_LENGTH);
Arrays.fill(password, Character.MIN_VALUE);
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return skf.generateSecret(spec).getEncoded();
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new AssertionError("Error while hashing a password: " + e.getMessage(), e);
} finally {
spec.clearPassword();
}
}
/**
* Returns true if the given password and salt match the hashed value, false otherwise.<br>
* Note - side effect: the password is destroyed (the char[] is filled with zeros)
*
* #param password the password to check
* #param salt the salt used to hash the password
* #param expectedHash the expected hashed value of the password
*
* #return true if the given password and salt match the hashed value, false otherwise
*/
public static boolean isExpectedPassword(char[] password, byte[] salt, byte[] expectedHash) {
byte[] pwdHash = hash(password, salt);
Arrays.fill(password, Character.MIN_VALUE);
if (pwdHash.length != expectedHash.length) return false;
for (int i = 0; i < pwdHash.length; i++) {
if (pwdHash[i] != expectedHash[i]) return false;
}
return true;
}
/**
* Generates a random password of a given length, using letters and digits.
*
* #param length the length of the password
*
* #return a random password
*/
public static String generateRandomPassword(int length) {
StringBuilder sb = new StringBuilder(length);
for (int i = 0; i < length; i++) {
int c = RANDOM.nextInt(62);
if (c <= 9) {
sb.append(String.valueOf(c));
} else if (c < 36) {
sb.append((char) ('a' + c - 10));
} else {
sb.append((char) ('A' + c - 36));
}
}
return sb.toString();
}
}
You were right regarding how you want to generate salt i.e. its nothing but a random number. For this particular case it would protect your system from possible Dictionary attacks. Now, for the second problem what you could do is instead of using UTF-8 encoding you may want to use Base64. Here, is a sample for generating a hash. I am using Apache Common Codecs for doing the base64 encoding you may select one of your own
public byte[] generateSalt() {
SecureRandom random = new SecureRandom();
byte bytes[] = new byte[20];
random.nextBytes(bytes);
return bytes;
}
public String bytetoString(byte[] input) {
return org.apache.commons.codec.binary.Base64.encodeBase64String(input);
}
public byte[] getHashWithSalt(String input, HashingTechqniue technique, byte[] salt) throws NoSuchAlgorithmException {
MessageDigest digest = MessageDigest.getInstance(technique.value);
digest.reset();
digest.update(salt);
byte[] hashedBytes = digest.digest(stringToByte(input));
return hashedBytes;
}
public byte[] stringToByte(String input) {
if (Base64.isBase64(input)) {
return Base64.decodeBase64(input);
} else {
return Base64.encodeBase64(input.getBytes());
}
}
Here is some additional reference of the standard practice in password hashing directly from OWASP
Another version using SHA-3, I am using bouncycastle:
The interface:
public interface IPasswords {
/**
* Generates a random salt.
*
* #return a byte array with a 64 byte length salt.
*/
byte[] getSalt64();
/**
* Generates a random salt
*
* #return a byte array with a 32 byte length salt.
*/
byte[] getSalt32();
/**
* Generates a new salt, minimum must be 32 bytes long, 64 bytes even better.
*
* #param size the size of the salt
* #return a random salt.
*/
byte[] getSalt(final int size);
/**
* Generates a new hashed password
*
* #param password to be hashed
* #param salt the randomly generated salt
* #return a hashed password
*/
byte[] hash(final String password, final byte[] salt);
/**
* Expected password
*
* #param password to be verified
* #param salt the generated salt (coming from database)
* #param hash the generated hash (coming from database)
* #return true if password matches, false otherwise
*/
boolean isExpectedPassword(final String password, final byte[] salt, final byte[] hash);
/**
* Generates a random password
*
* #param length desired password length
* #return a random password
*/
String generateRandomPassword(final int length);
}
The implementation:
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.Validate;
import org.apache.log4j.Logger;
import org.bouncycastle.jcajce.provider.digest.SHA3;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Random;
public final class Passwords implements IPasswords, Serializable {
/*serialVersionUID*/
private static final long serialVersionUID = 8036397974428641579L;
private static final Logger LOGGER = Logger.getLogger(Passwords.class);
private static final Random RANDOM = new SecureRandom();
private static final int DEFAULT_SIZE = 64;
private static final char[] symbols;
static {
final StringBuilder tmp = new StringBuilder();
for (char ch = '0'; ch <= '9'; ++ch) {
tmp.append(ch);
}
for (char ch = 'a'; ch <= 'z'; ++ch) {
tmp.append(ch);
}
symbols = tmp.toString().toCharArray();
}
#Override public byte[] getSalt64() {
return getSalt(DEFAULT_SIZE);
}
#Override public byte[] getSalt32() {
return getSalt(32);
}
#Override public byte[] getSalt(int size) {
final byte[] salt;
if (size < 32) {
final String message = String.format("Size < 32, using default of: %d", DEFAULT_SIZE);
LOGGER.warn(message);
salt = new byte[DEFAULT_SIZE];
} else {
salt = new byte[size];
}
RANDOM.nextBytes(salt);
return salt;
}
#Override public byte[] hash(String password, byte[] salt) {
Validate.notNull(password, "Password must not be null");
Validate.notNull(salt, "Salt must not be null");
try {
final byte[] passwordBytes = password.getBytes("UTF-8");
final byte[] all = ArrayUtils.addAll(passwordBytes, salt);
SHA3.DigestSHA3 md = new SHA3.Digest512();
md.update(all);
return md.digest();
} catch (UnsupportedEncodingException e) {
final String message = String
.format("Caught UnsupportedEncodingException e: <%s>", e.getMessage());
LOGGER.error(message);
}
return new byte[0];
}
#Override public boolean isExpectedPassword(final String password, final byte[] salt, final byte[] hash) {
Validate.notNull(password, "Password must not be null");
Validate.notNull(salt, "Salt must not be null");
Validate.notNull(hash, "Hash must not be null");
try {
final byte[] passwordBytes = password.getBytes("UTF-8");
final byte[] all = ArrayUtils.addAll(passwordBytes, salt);
SHA3.DigestSHA3 md = new SHA3.Digest512();
md.update(all);
final byte[] digest = md.digest();
return Arrays.equals(digest, hash);
}catch(UnsupportedEncodingException e){
final String message =
String.format("Caught UnsupportedEncodingException e: <%s>", e.getMessage());
LOGGER.error(message);
}
return false;
}
#Override public String generateRandomPassword(final int length) {
if (length < 1) {
throw new IllegalArgumentException("length must be greater than 0");
}
final char[] buf = new char[length];
for (int idx = 0; idx < buf.length; ++idx) {
buf[idx] = symbols[RANDOM.nextInt(symbols.length)];
}
return shuffle(new String(buf));
}
private String shuffle(final String input){
final List<Character> characters = new ArrayList<Character>();
for(char c:input.toCharArray()){
characters.add(c);
}
final StringBuilder output = new StringBuilder(input.length());
while(characters.size()!=0){
int randPicker = (int)(Math.random()*characters.size());
output.append(characters.remove(randPicker));
}
return output.toString();
}
}
The test cases:
public class PasswordsTest {
private static final Logger LOGGER = Logger.getLogger(PasswordsTest.class);
#Before
public void setup(){
BasicConfigurator.configure();
}
#Test
public void testGeSalt() throws Exception {
IPasswords passwords = new Passwords();
final byte[] bytes = passwords.getSalt(0);
int arrayLength = bytes.length;
assertThat("Expected length is", arrayLength, is(64));
}
#Test
public void testGeSalt32() throws Exception {
IPasswords passwords = new Passwords();
final byte[] bytes = passwords.getSalt32();
int arrayLength = bytes.length;
assertThat("Expected length is", arrayLength, is(32));
}
#Test
public void testGeSalt64() throws Exception {
IPasswords passwords = new Passwords();
final byte[] bytes = passwords.getSalt64();
int arrayLength = bytes.length;
assertThat("Expected length is", arrayLength, is(64));
}
#Test
public void testHash() throws Exception {
IPasswords passwords = new Passwords();
final byte[] hash = passwords.hash("holacomoestas", passwords.getSalt64());
assertThat("Array is not null", hash, Matchers.notNullValue());
}
#Test
public void testSHA3() throws UnsupportedEncodingException {
SHA3.DigestSHA3 md = new SHA3.Digest256();
md.update("holasa".getBytes("UTF-8"));
final byte[] digest = md.digest();
assertThat("expected digest is:",digest,Matchers.notNullValue());
}
#Test
public void testIsExpectedPasswordIncorrect() throws Exception {
String password = "givemebeer";
IPasswords passwords = new Passwords();
final byte[] salt64 = passwords.getSalt64();
final byte[] hash = passwords.hash(password, salt64);
//The salt and the hash go to database.
final boolean isPasswordCorrect = passwords.isExpectedPassword("jfjdsjfsd", salt64, hash);
assertThat("Password is not correct", isPasswordCorrect, is(false));
}
#Test
public void testIsExpectedPasswordCorrect() throws Exception {
String password = "givemebeer";
IPasswords passwords = new Passwords();
final byte[] salt64 = passwords.getSalt64();
final byte[] hash = passwords.hash(password, salt64);
//The salt and the hash go to database.
final boolean isPasswordCorrect = passwords.isExpectedPassword("givemebeer", salt64, hash);
assertThat("Password is correct", isPasswordCorrect, is(true));
}
#Test
public void testGenerateRandomPassword() throws Exception {
IPasswords passwords = new Passwords();
final String randomPassword = passwords.generateRandomPassword(10);
LOGGER.info(randomPassword);
assertThat("Random password is not null", randomPassword, Matchers.notNullValue());
}
}
pom.xml (only dependencies):
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>6.1.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
<version>1.3</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.51</version>
<type>jar</type>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.3.2</version>
</dependency>
</dependencies>
Here's my solution, i would love anyone's opinion on this, it's simple for beginners
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
import java.util.Base64.Encoder;
import java.util.Scanner;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
public class Cryptography {
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeySpecException {
Encoder encoder = Base64.getUrlEncoder().withoutPadding();
System.out.print("Password: ");
String strPassword = new Scanner(System.in).nextLine();
byte[] bSalt = Salt();
String strSalt = encoder.encodeToString(bSalt); // Byte to String
System.out.println("Salt: " + strSalt);
System.out.println("String to be hashed: " + strPassword + strSalt);
String strHash = encoder.encodeToString(Hash(strPassword, bSalt)); // Byte to String
System.out.println("Hashed value (Password + Salt value): " + strHash);
}
private static byte[] Salt() {
SecureRandom random = new SecureRandom();
byte salt[] = new byte[6];
random.nextBytes(salt);
return salt;
}
private static byte[] Hash(String password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException {
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
byte[] hash = factory.generateSecret(spec).getEncoded();
return hash;
}
}
You can validate by just decoding the strSalt and using the same hash method:
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeySpecException {
Encoder encoder = Base64.getUrlEncoder().withoutPadding();
Decoder decoder = Base64.getUrlDecoder();
System.out.print("Password: ");
String strPassword = new Scanner(System.in).nextLine();
String strSalt = "Your Salt String Here";
byte[] bSalt = decoder.decode(strSalt); // String to Byte
System.out.println("Salt: " + strSalt);
System.out.println("String to be hashed: " + strPassword + strSalt);
String strHash = encoder.encodeToString(Hash(strPassword, bSalt)); // Byte to String
System.out.println("Hashed value (Password + Salt value): " + strHash);
}
I wanted to know how to encrypt a file or a photo which will eventually uploaded into the dropbox.
As i have research online and only manage to found this code (pasted at the bottom) which only encrypt the password, but I wanted to know how to encrypt a file or a photo which will eventually uploaded into the dropbox instead.
So is there any reference or help or guide on how to write a java programming ( will be using on Eclipse software ) on encrypting a file using triple DES? Thank you so much.
package com.kushal.utils;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class DESEncryption {
private static final String UNICODE_FORMAT = "UTF8";
public static final String DES_ENCRYPTION_SCHEME = "DES";
private KeySpec myKeySpec;
private SecretKeyFactory mySecretKeyFactory;
private Cipher cipher;
byte[] keyAsBytes;
private String myEncryptionKey;
private String myEncryptionScheme;
SecretKey key;
public DESEncryption() throws Exception
{
myEncryptionKey = "ThisIsSecretEncryptionKey";
myEncryptionScheme = DES_ENCRYPTION_SCHEME;
keyAsBytes = myEncryptionKey.getBytes(UNICODE_FORMAT);
myKeySpec = new DESKeySpec(keyAsBytes);
mySecretKeyFactory = SecretKeyFactory.getInstance(myEncryptionScheme);
cipher = Cipher.getInstance(myEncryptionScheme);
key = mySecretKeyFactory.generateSecret(myKeySpec);
}
/**
* Method To Encrypt The String
*/
public String encrypt(String unencryptedString) {
String encryptedString = null;
try {
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] plainText = unencryptedString.getBytes(UNICODE_FORMAT);
byte[] encryptedText = cipher.doFinal(plainText);
BASE64Encoder base64encoder = new BASE64Encoder();
encryptedString = base64encoder.encode(encryptedText);
} catch (Exception e) {
e.printStackTrace();
}
return encryptedString;
}
/**
* Method To Decrypt An Ecrypted String
*/
public String decrypt(String encryptedString) {
String decryptedText=null;
try {
cipher.init(Cipher.DECRYPT_MODE, key);
BASE64Decoder base64decoder = new BASE64Decoder();
byte[] encryptedText = base64decoder.decodeBuffer(encryptedString);
byte[] plainText = cipher.doFinal(encryptedText);
decryptedText= bytes2String(plainText);
} catch (Exception e) {
e.printStackTrace();
}
return decryptedText;
}
/**
* Returns String From An Array Of Bytes
*/
private static String bytes2String(byte[] bytes) {
StringBuffer stringBuffer = new StringBuffer();
for (int i = 0; i < bytes.length; i++) {
stringBuffer.append((char) bytes[i]);
}
return stringBuffer.toString();
}
/**
* Testing the DES Encryption And Decryption Technique
*/
public static void main(String args []) throws Exception
{
DESEncryption myEncryptor= new DESEncryption();
String stringToEncrypt="Sanjaal.com";
String encrypted=myEncryptor.encrypt(stringToEncrypt);
String decrypted=myEncryptor.decrypt(encrypted);
System.out.println("String To Encrypt: "+stringToEncrypt);
System.out.println("Encrypted Value :" + encrypted);
System.out.println("Decrypted Value :"+decrypted);
}
}
File reading is taken from here
public static byte[] encryptFile(String pFilePath, byte[] pKey) throws GeneralSecurityException, IOException
{
File file = new File(pFilePath);
long length = file.length();
InputStream is = new FileInputStream(file);
// You cannot create an array using a long type.
// It needs to be an int type.
// Before converting to an int type, check
// to ensure that file is not larger than Integer.MAX_VALUE.
if (length > Integer.MAX_VALUE) {
// File is too large
}
// Create the byte array to hold the data
byte[] bytes = new byte[(int)length];
// Read in the bytes
int offset = 0;
int numRead = 0;
while (offset < bytes.length
&& (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) {
offset += numRead;
}
// Close the input stream and return bytes
is.close();
// Ensure all the bytes have been read in
if (offset < bytes.length) {
throw new IOException("Could not completely read file "+file.getName());
}
SecretKeyFactory lDESedeKeyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey kA = lDESedeKeyFactory.generateSecret(new DESedeKeySpec(pKey));
IvParameterSpec lIVSpec = new IvParameterSpec(new byte[8]);
Cipher desedeCBCCipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
desedeCBCCipher.init(Cipher.ENCRYPT_MODE, kA, lIVSpec);
byte[] encrypted = desedeCBCCipher.doFinal(bytes);
return encrypted;
}
A file can probably be read as a string of binary digits (lots of 1's and 0's). You could read the file, then encrypt the string using DES the same way you would a password, outputting the result to a new file.
Decryption would work the same way, reading the encrypted file, decrypting, and outputting to an unencrypted file.