I have a vector of user passwords. I would like to save this vector to a file and encrypt it. Then load and decrypt the file to get the passwords. I would like my users to enter a pass phrase to decrypt the files. Which algorithm should i choose? and How can i encrypt the vector before writing the file?
Encryption in Java is done using the Java Cryptography Architecture (doc contains example code). As for which algorithm to use, AES should be fine.
However, don't use Vector - it's utterly outdated and should be replaced with ArrayList (this has nothing to do with cryptography, but using Vector marks you as someone who's been learning Java from 12 year old books).
I think you can checkout my other post (example included) and get a headstart.
few characters missing after decryption
Basically you just need to use CipherInputStream & CipherOutputStream, and that's it! :)
Related
I have the following three lines in my little game which store the id and pass of a new user:
Properties prop = new Properties();
prop.setProperty(id, pass);
prop.store(new FileOutputStream(new File("path/to/project/src/properties.data")), "");
Unfortunately I've noticed that only by changing the properties file extension to txt all the users and passwords become visible and readable by anybody, which is a thing I don't really like. Please let me know of a good easy method to encrypt the file in some way.
The thing is I already searched about this but the answers don't really fit my needs, I don't expect my game files getting attacked by the biggest hackers so using AES or any other big popular libraries would be too much I'd say. What do you think?
First, everybody can read your password file, no matter if the extension is .txt or .data or whatever else. The extension is just a Windows trick to decide with which program to open the file, but it does nothing to the contents.
If you want to encrypt the password file, you'll need a key and / or a password for that, and then you need to figure out where and how to store that. You just postpone the problem.
If the file holds names and passwords of the players in your game, go with #Boris the Spider's advice: instead of saving (encrypted) passwords, just save the password's hash. When someone logs in, calculate the hash of the entered password and compare that to the hash you have saved. If they are equal, the user entered the correct password. See this question and the accepted answer for a possible way to do this.
Here's an excellent article on storing passwords securely. The examples are in C#, not Java, but it's still a helpful discussion:
https://blog.mking.io/password-security-best-practices-with-examples-in-csharp/
I also strongly recommend the book "24 Deadly Sins of Software Security" by Michael Howard and David LeBlanc as a more general overview of common security bugs and how to avoid them.
I faced a similar problem and I took resort in writing an AES encrypted string in file (in my case, users were asked to take encrypted key from administrators to put into property files, so I provided a method to encrypt password to them too) and then decrypting it in the method where I am reading it.
I have searched around for the best methods for encryption in terms of what ciphers to use, methods/etc. I'v decided on using 128Bit AES for the time being. My question lies more in what method is best for encrypting various types of data. In my example, this is for a small game I am making that has map data and associated image data.
I can save the data in any format, but would prefer something simple to read (when un-encrypted). Should I actually save this to the file itself, or should I change the file itself in some way?
Likewise in terms of the image files associated to the game that are saved as PNG or BMP files, any recommendations on how to encrypt those on top of the rest of the files?
My current method for the game data is to just encrypt it in singular lines - and have it load from a file line-by-line. Each line formatting to a different data value to be put into the system (e.g. load part of a map, maybe some item data, etc). Is there a better/faster method of accomplishing this that I may not have found yet?
I was also wondering about actually taking the entire class with the data saved and serializing it - then encrypting it. That way I could load the entire thing in one go straight into a class. Would this be a reasonable idea?
For the images: you can read them using a CipherInputStream / CipherOuputStream. Note that at least older Java versions ignored padding errors for CipherInputStream.
You cannot directly encrypt to lines as the output of a cipher is binary. So you need to encode (using e.g. Base64) if you want to store the result as lines. You may ask yourself if you want things like game data to be in text. I would recommend CBC mode with random IV prefixed to the ciphertext.
If the data is serializable then serializing data could be an option. Personally I'm not a huge fan of serialization in Java due to the many pitfalls. But yes, you can certainly encrypt serialized data easily, it's binary after all.
I am trying to encrypt XML using PHP which will be decrypted over java.
While I am doing R&D and i found a code over this link PHP code to decrypt XML encrypted through Java which is doing exactly opposite thing that I am looking for. How can I encrypt XML which comfortably decrypted over java?
It's not a problem to decript a file with diferent language. You just have to implement the same encrypter algorithm and that it's. If you want an asymetric encrypt take a look for RSA, if you want a symetric one look for DES.
Ans sorry but it's all informations you will take on the thread. This site is not a "code on demand" site.
I am encrypting some data from codeigniter using Encrypt class and this will be send to a java program and need to be decoded there.
php code:
$this->load->library('encrypt');
$this->encrypt->set_key(SERVER_ENCRYPT_KEY);
$this->encrypt->set_mode(MCRYPT_MODE_CFB);
$this->data = $this->encrypt->encode($this->input->post('data'));
where SERVER_ENCRYPT_KEY is the key.
I found this: MCrypt for Java but I could not make it work.
There are other libs that can do this? or maybe an example how to do this using the java version of MCrypt.
Take a look in the CI_Encrypt class. In addition to calling the mcrypt library, it does various non standard things. As an example it runs encrypted data through an own invented _add_cipher_noise method. Also, it seems that the encrypted format have changed with different versions - indicating that this could happen again.
If you are going to use the encrypted data outside codeignite you should not use what looks like codeignites own packaging of mcrypt encrypted data.
I decided to avoid CI_Encrypt and use this PHP-Java-AES-Encrypt with small changes: add noise and use 2 types of keys. Also I build a tool to convert the old encrypted data to the new format.
I'm writing a Java program to implements AES algorithms. I reviewed in many Java sites or forums about their code.
1. http://zenu.wordpress.com/2011/09/21/aes-128bit-cross-platform-java-and-c-encryption-compatibility/
2. http://www.code2learn.com/2011/06/encryption-and-decryption-of-data-using.html
And I wonder why they always use Base64 library in their code. I think it will make our program (encrypted and decrypted) slower than when we don't use it.
Any one can be explain for me.
Base64 is easier to read, check and transfer. e.g. email message with binary need Base64.
While Base64 is slower, it is trivial compared with encryption and decryption.
You don't have to use Base64, but I suggest you use it to start with and remove it when everything is working.