Encrypt/decrypt in XML

Similar Messages

• Best method for encrypting/decrypting large XML files ( 100MB)

  I am in need of encrypting XML for large part files that can get upwards of 100Mb+.
  I found some articles and code, but the only example I was successful in getting to work used XMLCipher, which takes a Document, parses it, and then encrypts it.
  Obviously, 100Mb files do not cooperate well with DOM, so I want to find a better method for encryption/decryption of these files.
  I found some articles using a CipherInputStream and CipherOutputStreams, but am not clear if this is the way to go and if this will avoid memory errors.
  import java.io.*;
  import java.security.spec.AlgorithmParameterSpec;
  import javax.crypto.*;
  import javax.crypto.spec.IvParameterSpec;
  public class DesEncrypter {
      Cipher ecipher;
      Cipher dcipher;
      public DesEncrypter(SecretKey key) {
          // Create an 8-byte initialization vector
          byte[] iv = new byte[]{
              (byte)0x8E, 0x12, 0x39, (byte)0x9C,
              0x07, 0x72, 0x6F, 0x5A
          AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
          try {
              ecipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
              dcipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
              // CBC requires an initialization vector
              ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
              dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
          } catch (java.security.InvalidAlgorithmParameterException e) {
          } catch (javax.crypto.NoSuchPaddingException e) {
          } catch (java.security.NoSuchAlgorithmException e) {
          } catch (java.security.InvalidKeyException e) {
      // Buffer used to transport the bytes from one stream to another
      byte[] buf = new byte[1024];
      public void encrypt(InputStream in, OutputStream out) {
          try {
              // Bytes written to out will be encrypted
              out = new CipherOutputStream(out, ecipher);
              // Read in the cleartext bytes and write to out to encrypt
              int numRead = 0;
              while ((numRead = in.read(buf)) >= 0) {
                  out.write(buf, 0, numRead);
              out.close();
          } catch (java.io.IOException e) {
      public void decrypt(InputStream in, OutputStream out) {
          try {
              // Bytes read from in will be decrypted
              in = new CipherInputStream(in, dcipher);
              // Read in the decrypted bytes and write the cleartext to out
              int numRead = 0;
              while ((numRead = in.read(buf)) >= 0) {
                  out.write(buf, 0, numRead);
              out.close();
          } catch (java.io.IOException e) {
  }This looks like it might fit, but there is one more twist, I am using a persistence manager and xml encoding to accomplish that, so I am not sure how (where) to implement this method without affecting persistence.
  Any guidance on what would work best in this situation would be appreciated.
  Regards,
  vbplayr2000

  I can give some general guidelines that might help, having done much similar work:
  You have 2 different issues, at least from my reading of your problem:
  1) How to deal with large XML docs that most parsers will not handle without memory issues
  2) Where to hide or "black box" the encrypt/decrypt routines
  #1: Check into XPP3/XMLPull. Yes, it's different that the other XML parsers you are used to using, and more work is involved, but it is blazing fast and can be used to parse a stream as it is being read. You can populate beans and process as needed since there is really not much "inversion of control" involved compared to parsers that go on to finish the entire document or load it all into memory.
  #2: Extend Serializable and write your own readObject/writeObject methods. Place the encrypt/decrypt in there as appropriate. That will "hide" the implementation and should be what any persistence manager can deal with.
  Regards,
  antarti

• XML encrypt/decrypt

  Hi All,
  I'm a newbie, and want to know if the output XML file (UUT test report) from TestStand can be encrypted without using any third party software?
  Actually I want to know if TestStand itself supports encryption/decryption of XML?
  And if TestStand doesn't supports, is there any work around for this requirement?
  I am not allergic to Kudos, in fact I love Kudos.
   Make your LabVIEW experience more CONVENIENT.

  Hello,
  Encryption in XML file is required to encrypt the various configuration parameter values so that a user cannot view / edited it external outside the to the test application. By making use of Private / Public keys data would be encrypted.This key will be exchanged between TestStand & XML to decrypt & display it to user.
  See additional details on XML encryption on : http://www.w3.org/TR/xmlenc-core/
  We can encrypt the step result using LabVIEW encryption example --> http://zone.ni.com/devzone/cda/epd/p/id/3473
  My question now is --> How to include the customize XML report header to include the encryption standard?
  I saw many articles to make use of "ModifyReportHeader". Can someone furnish me with a working example of modifying the header through TestStand? I tried ... but in Vain..

• Bouncy Castle Encryption for Large XML Files?

  Hi,
  I am trying to encrypt files > 8 KB using the KeyBasedLargeFileProcessor Utility class of Bouncy Castle.
  It's encrypting the file. But, unable to decrypt the same encrypted file. Hence it's encrypting incorrectly.
  While trying to decrypt the encrypted file, it says "It was encrypted with a key (4E616D65) that does not exist"
  Please suggest what change needs to be made in the 'encryptFile' method where it says -
  "OutputStream cOut = cPk.open(out, new byte[1 << 16]);"
  I tried changing the value, but it doesn't work. The maximum file size that we may encrypt is around 3 MB.
  The files that are being encrypted / decrypted are XML files.
  Any inputs are highly appreciated.
  Thanks,
  Tan

  While trying to decrypt the encrypted file, it says "It was encrypted with a key (4E616D65) that does not exist" So use the same key you encrypted with.
  Please suggest what change needs to be made in the 'encryptFile' method where it says -
  "OutputStream cOut = cPk.open(out, new byte[1 << 16]);" Do you have some evidence that that's where the problem is?

• How to encrypt/decrypt xml data into, and then out of IDS?

  Hi,
  How would we encrypt NPPI information being passed from an unencrypted xml through IDS, and then decrypt it on exit prior to Gendata.
  The IDS SDK gave a reference to IDSEncryptionRule(), but insufficient examples of implementation.
  It could be something like a single tag element, or even the entire xml, it's just not clear how to make it happen using native IDS methods.
  Any thoughts or help to implement this security measure would be most welcome!
  Thanks so much!
  Edited by: lodit on Apr 10, 2013 2:56 PM

  Hi there,
  You would need to write a custom IDS rule that implements this function. You can refer to the IDS SDK book for info on writing a custom rule. IDSEncryptionRule does operations based on the request state received. Normally when an IDS rule is executed, the rules in the request type definition are executed with the RUN_FORWARD request state. Then they are executed with the RUN_REVERSE request state. An example of why this model is used would be the ATCReceiveFile. On RUN_FOWARD, it writes the contents of file segments in a message to a temporary file. Subsequent rules execute. Then on the RUN_REVERSE, the ATCReceiveFile does clean up routines to remove the temporary file.
  So, armed with that knowledge, you can use the IDSEncryptionrule to perform on RUN_FORWARD (decrypt message variables for subsequent processing by Documaker) and then on RUN_REVERSE (encrypt message variables to send back to the client).
  It should be apparent at this point that you need to use an encryption/decryption mechanism with the IDS client otherwise you won't be able to prepare the message to send or read the response. On the client side there are functions - consult the examples included in the IDS SDK (DSI_DSK in the installer package).
  --Andy                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• How to encrypt/decrypt the password

  Hi
  In our website(JSP,servlet) is running over the Sun One Application server.In website, Contact us information is call by a servlet.when we submit the information and it will connect to the DB. I need to use encrypt/decrypt the password. DB connection information is store in server.xml.
  So how to proceed to encrypt/decrypt the password?
  please advice/suggestion for the same.
  thanks
  lalit
  Edited by: Lalit107 on Aug 6, 2009 4:49 AM

  I don't understand what you are saying. Is your password sumitted from the JSP?

• Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state

  we have developed packages to do the followings
  Extract data from DB2 Source and put it in MS Sql Server 2008 database (Lets Say DatabaseA).From MS Sql Server 2008 (DatabaseA)
  we will process the data and place it in another database MS Sql Server 2008 (DatabaseB)
  We have created packages in BIDS..We created datasource connection in Datasource folder in BIDS..Which has DB2 Connection and both Ms Sql Server connection (Windows authentication-Let
  say its pointing to the server -ServerA which has DatabaseA and DatabaseB).The datasource connections will be used in packages during development.
  For deployment we have created Package Configuration which will have both DB2 Connection and MS SqlServer connection in the config
  We deployed the packages in different MS SqlServer by changing the connectionstring in the config for DB2 and MS SqlServer...
  While runing the package we are getting the following error message
  Code: 0xC0016016     Source:       Description: Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for
  use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.
  ilikemicrosoft

  Hi Surendiran,
  This is because the package has been created by somebody else and the package is being deployed under sombody else's account. e.g. If you are the creator then the package is encryption set according to your account and the package setup in SQL server is
  under a different user account.
  This happens because the package protection level is set to EncryptSensitiveWithUserKey which encrypts
  sensitive information using creator's account name.
  As a solution:
  Either you have to set up the package in SQL server under your account (which some infrastructures do not allow).
  OR
  Set the package property Protection Level to "DontSaveSensitive" and add a configuration file
  to the package and set the initial values for all the variables and all the connection manager in that configuration file (which might be tedious of-course).
  OR
  The third options (which I like do) is to open the package file and delete the password encryption entries from the package. Do note that this is not supported by designer and every time you make changes to the connection managers these encryption entries come
  back.
  Hope this helps. 
  Please mark the post as answered if it answers your question

• Encryption/Decryption  failure for pdf and MSWord files

  Hi,
  Is there anybody to help me to find out what is wrong with my class (listing below)? I am sucessfuly using this class to encrypt and decrypt txt, html files but for unknown reasons I am unable to use it for e.g. pdf files. The encrypion somehow works but any atempt to decrypt is a failure.
  /* This class accepts an input file, encrypts/decrypts it using DES algorithm and
  writes the encrypted/decrypted output to an output file. DES is used in Cipher
  Block Chaining mode with PKCS5Padding padding scheme. Note that DES is a symmetric
  block cipher that uses 64-bit keys for encryption. A password of length no less
  than 8 is to be passed to the encryptFile/ decryptFile methods. This password is
  used to generate the encryption key. All exception handling is to be done by
  calling methods. These exceptions are thrown by encryptFile/ decryptFile methods.
  The input buffer is 64 bytes, 8 times the key size.
  import java.io.*;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  import java.security.*;
  import java.security.spec.*;
  public class Crypto
  public Crypto(FileInputStream inStream_, FileOutputStream outStream_)
  fInputStream_ = inStream_;
  fOutputStream_ = outStream_;
  public void encryptFile(String password_) throws InvalidKeySpecException, InvalidKeyException,
  InvalidAlgorithmParameterException, IllegalStateException, IOException, Exception
  DataOutputStream dataOutStream_ = new DataOutputStream(fOutputStream_);
  // key generation
  SecretKey encryptKey_ = createEncryptionKey(password_);
  // Cipher initialization
  Cipher cipher_= Cipher.getInstance(cipherType);
  cipher_.init(Cipher.ENCRYPT_MODE, encryptKey_);
  // write initialization vector to output
  byte[] initializationVector_ = cipher_.getIV();
  dataOutStream_.writeInt(initializationVector_.length);
  dataOutStream_.write(initializationVector_);
  // start reading from input and writing encrypted data to output
  while (true) {
  inputLength_ = fInputStream_.read(input_);
  if (inputLength_ ==-1) break;
  byte[] output_ = cipher_.update(input_, inputOffset_, inputLength_);
  if (output_ != null)
  dataOutStream_.write(output_);
  // finalize encryption and wrap up
  byte[] output_ = cipher_.doFinal();
  if (output_ != null)
  dataOutStream_.write(output_);
  fInputStream_.close();
  dataOutStream_.flush();
  dataOutStream_.close();
  public void decryptFile(String password_) throws IllegalStateException, IOException, Exception
  DataInputStream dataInStream_ = new DataInputStream(fInputStream_);
  // key generation
  SecretKey encryptKey_ = createEncryptionKey(password_);
  // read initialization vector from input
  int ivSize_ = dataInStream_.readInt();
  byte[] initializationVector_ = new byte[ivSize_];
  dataInStream_.readFully(initializationVector_);
  IvParameterSpec ivParamSpec_= new IvParameterSpec(initializationVector_);
  // Cipher initialization
  Cipher cipher_= Cipher.getInstance("DES/CBC/PKCS5Padding");
  cipher_.init(Cipher.DECRYPT_MODE, encryptKey_, ivParamSpec_);
  // start reading from input and writing decrypted data to output
  while (true) {
  inputLength_ = fInputStream_.read(input_);
  if (inputLength_ ==-1) break;
  byte[] output_ = cipher_.update(input_, inputOffset_, inputLength_);
  if (output_ != null)
  fOutputStream_.write(output_);
  // finalize decryption and wrap up
  byte[] output_ = cipher_.doFinal();
  if (output_ != null)
  fOutputStream_.write(output_);
  fInputStream_.close();
  fOutputStream_.flush();
  fOutputStream_.close();
  // the following method creates the encryption key using the supplied password
  private SecretKey createEncryptionKey(String passwd_) throws InvalidKeySpecException,
  InvalidKeyException, NoSuchAlgorithmException
  byte[] encryptionKeyData_ = passwd_.getBytes();
  DESKeySpec encryptionKeySpec_ = new DESKeySpec(encryptionKeyData_);
  SecretKeyFactory keyFactory_ = SecretKeyFactory.getInstance(algorithm_);
  SecretKey encryptionKey_ = keyFactory_.generateSecret(encryptionKeySpec_);
  return encryptionKey_;
  private FileInputStream fInputStream_;
  private FileOutputStream fOutputStream_;
  private final String algorithm_= "DES";
  private final String cipherType= "DES/CBC/PKCS5Padding";
  private byte[] input_ = new byte[64]; // The input buffer size is 64
  private int inputLength_;
  private final int inputOffset_= 0;
  }

  Please can u give me refined code for me///
  at [email protected]
  Hi,
  I found at least one thing wrong. In the decrypt
  method you are reading from 'fInputStream_' rather
  than 'dataInStream'.
  Worked for me on MSWord after changing this!
  Roger
  // start reading from input and writing decrypted
  ted data to output
  while (true) {
  inputLength_ = fInputStream_.read(input_);
  if (inputLength_ ==-1) break;
  byte[] output_ = cipher_.update(input_,
  input_, inputOffset_, inputLength_);
  if (output_ != null)
  fOutputStream_.write(output_);

• How to resolve bug RC4 encrypt-decrypt on iPAD with AIR15 only

  Hi everybody,
  I have some trouble with AIR15 only, In the past, I created a small game on iPad It could send or receive messge from server. I used lib as3crypto.swc encrypt or decrypt message (RC4). But when I upgrade to AIR15 encrypt-decrypt cannot work ( Another thing about this crash is that it only happens with a release (adhoc or appstore) build but NOT with a debug build). I check so many time but i don't know what is problem here.
  Please help me, thanks so much any advice.
  P/S: My game have many swf files (code and resource). I must combine multiple SWF files into one.
  Class RC4.as
  import com.hurlant.crypto.prng.ARC4;
  import com.hurlant.util.Base64;
  import com.hurlant.util.Hex;
  import flash.utils.ByteArray;
  public class RC4
    private static const key:String = "keytest";
    private static var byteKeys:ByteArray = Hex.toArray(Hex.fromString(key));
    private static var rc4:ARC4 = new ARC4();
    public static function encrypt(clearText:String):String
    var byteText:ByteArray = Hex.toArray(Hex.fromString(clearText));
    rc4.init(byteKeys);
    rc4.encrypt(byteText);
    return Base64.encodeByteArray(byteText);
  public static function decrypt(encryptedText:String):String
    var byteText:ByteArray = Base64.decodeToByteArray(encryptedText);
    rc4.init(byteKeys);
    rc4.decrypt(byteText);
    return Hex.toString(Hex.fromArray(byteText));

  Sorry, exact message is "this movie could not be played".
  There are hundreds of posts about this message but no one states a clear solution to the problem.
  Your help will be much appreciated.
  Thank you.

• SQL Server Agent Failed to decrypt protected XML node

  I'm getting the below error when trying to run sql server agent to run an SSIS package. I've updated folder security to allow sql server agent access, but cannot get the package to execute within SQL Management Studio. The package runs find in SSIS. 
  11.0.2100.60 for 64-bit  Copyright (C) Microsoft Corporation. All rights reserved.    Started:  12:12:00 PM  Error: 2014-11-30 12:12:02.65     Code: 0xC0016016     Source: LoadStgProspects      Description:
  Failed to decrypt protected XML node "DTS:Password" with error 0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that
  the correct key is available.  End Error  Error: 2014-11-30 12:12:03.88     Code: 0xC0016016     Source: LoadStgProspects      Description: Failed to decrypt protected XML node "DTS:Password" with error
  0x8009000B "Key not valid for use in specified state.". You may not be authorized to access this information. This error occurs when there is a cryptographic error. Verify that the correct key is available.  End Error  Error: 2014-11-30
  12:12:04.74     Code: 0xC0209303     Source: LoadStgProspects Connection manager "Excel Connection Manager"     Description: The requested OLE DB provider Microsoft.Jet.OLEDB.4.0 is not registered. If the 64-bit driver
  is not installed<c/> run the package in 32-bit mode. Error code: 0x00000000.  An OLE DB record is available.  Source: "Microsoft OLE DB Service Components"  Hresult: 0x80040154  Description: "Class not registered".
   End Error  Error: 2014-11-30 12:12:04.74     Code: 0xC020801C     Source: Load prospect files Prospect xls [231]     Description: SSIS Error Code DTS_E_CANNOTACQUIRECONNECTIONFROMCONNECTIONMANAGER.  The AcquireConnection
  method call to the connection manager "Excel Connection Manager" failed with error code 0xC0209303.  There may be error messages posted before this with more information on why the AcquireConnection method call failed.  End Error  Error:
  2014-11-30 12:12:04.74     Code: 0xC0047017     Source: Load prospect files SSIS.Pipeline     Description: Prospect xls failed validation and returned error code 0xC020801C.  End Error  Error: 2014-11-30 12:12:04.74
      Code: 0xC004700C     Source: Load prospect files SSIS.Pipeline     Description: One or more component failed validation.  End Error  Error: 2014-11-30 12:12:04.74     Code: 0xC0024107     Source:
  Load prospect files      Description: There were errors during task validation.  End Error  Error: 2014-11-30 12:12:04.74     Code: 0xC00220DE     Source: LoadStgProspects      Description: Error
  0xC0012050 while loading package file "C:\Users\Jim\Documents\Visual Studio 2010\Projects\SSISTraining\SSISTraining\LoadStgProspects.dtsx". Package failed validation from the ExecutePackage task. The package cannot run.  .  End Error  DTExec:
  The package execution returned DTSER_FAILURE (1).  Started:  12:12:00 PM  Finished: 12:12:04 PM  Elapsed:  4.337 seconds.  The package execution failed.  The step failed.,00:00:04,0,0,,,,0

  Hi selfdestruct80,
  According to your description, you created SSIS package and it works fine. But you got the error message when the SSIS package was called from a SQL Server Agent job.
  According to my knowledge, the package may not run in the following scenarios:
  The current user cannot decrypt secrets from the package.
  A SQL Server connection that uses integrated security fails because the current user does not have the required permissions.
  File access fails because the current user does not have the required permissions to write to the file share that the connection manager accesses.
  A registry-based SSIS package configuration uses the HKEY_CURRENT_USER registry keys. The HKEY_CURRENT_USER registry keys are user-specific.
  A task or a connection manager requires that the current user account has correct permissions.
  According to the error message, the SSIS Package ProtectionLevel property to EncryptSensitiveWithPassword as ArthurZ mentioned. To solve the problem, you need to go to Command Line tab, manually specify the paassword in SQL Agent Job with the command like below:
  /FILE "\"C:\Users\xxxx\Documents\SQL Server Management Studio\SSIS\Package.dtsx\"" /DECRYPT somepassword /CHECKPOINTING OFF /REPORTING E
  If you have any more questions, please feel free to ask.
  Thanks,
  Wendy Fu
  Wendy Fu
  TechNet Community Support

• Help ! Need PCI Encryption/Decryption Controller Driver for New HP 355 G2 (AMD) w/Win 7 Pro 64 Bit

  Just rebuilt new HP 355 G2 to Win 7 64 bit.  The ONLY driver I can not locate or get to work is the PCI Encryption/Decryption Controller. I installed all latest drivers for this model/OS from both HP and AMD sites still no luck. AMD autodetect utility and Catalyst software installed all other drivers successfully except this one and when completes says all drivers, including chipset, are installed successfully and current.
  I am at a complete loss where to get this driver from a OEM site, can you help ?
  Device ID's:
  PCI\VEN_1022&DEV_1537&SUBSYS_15371022&REV_00
  PCI\VEN_1022&DEV_1537&SUBSYS_15371022
  PCI\VEN_1022&DEV_1537&CC_108000
  PCI\VEN_1022&DEV_1537&CC_1080
  Thanks !!!
  This question was solved.
  View Solution.

  Hi:
  You need to run this driver and then manually install it.
  http://h20565.www2.hp.com/hpsc/swd/public/detail?swItemId=vc_133833_1
  To manually install the driver go to the device manager and click on the PCI Encryption/Decryption Controller needing the driver.
  Click on the driver tab.  Click on Update Driver.
  Select the Browse my computer for driver software option, and browse to the driver folder that was created when you ran the file.
  That folder will be located in C:\SWSetup\sp66974.
  Make sure the Include Subfolders box is checked, and the driver should install.
  Then reboot.

• Help for a newbie on encryption/decryption

  I want to start with a text file.
  Read in a line of ascii characters, encrypt it using some algorithm and output it as a new set of ascii characters.
  What algorithm should I use?

  thanks a lot. I got the encryption/decryption working pretty easily.
  However, I ran into problem when I got to storing keys:
  I stored it fine with this code
            try {
                 KeyGenerator keyGen = KeyGenerator.getInstance("DES");
                 desKey = keyGen.generateKey();
                 cipher = Cipher.getInstance("DES");
                 KeyStore keyStore = KeyStore.getInstance("JKS");
                 String password = "lemein";
                 char passwd[] = password.toCharArray();
                 keyStore.load(null, passwd); //initialize keyStore
                 Certificate[] chain = new Certificate[1];
                 String alias = "test";
                 keyStore.setKeyEntry(alias, desKey, passwd, null);
                 String fileName = "data/gkey.txt";
                 FileOutputStream f = new FileOutputStream(fileName);
                 keyStore.store(f, passwd); // <----------exception happens here
            } catch (Exception e)
            {     e.printStackTrace();
  I got problem when I retrieve it with this code
            KeyGenerator kg = null;
            Key key = null;
            cipher = null;
            Security.addProvider(new com.sun.crypto.provider.SunJCE());
            byte[] result = null;
            try {
                 KeyStore keyStore = KeyStore.getInstance("JKS");
                 keyStore.load(new FileInputStream("data/gkey.txt"), "lemein".toCharArray());
                 key = keyStore.getKey("test", "lemein".toCharArray());
                 cipher = Cipher.getInstance("DES");
                 byte[] data = "Hello World!".getBytes();
                 System.out.println("Original data : " + new String(data));
                 cipher.init(Cipher.ENCRYPT_MODE, key);
                 result = cipher.doFinal(data);
                 System.out.println("Encrypted data: " + new String(result));
            } catch (Exception e) {
                 e.printStackTrace();
  I get the error:
  java.security.UnrecoverableKeyException: DerInputStream.getLength(): lengthTag=75, too big.
       at sun.security.provider.KeyProtector.recover(Unknown Source)
       at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
       at java.security.KeyStore.getKey(Unknown Source)
  Any idea what the problem is?
  Thanks

• Encrypt/decrypt using update

  Hi,
  can someone give me an encrypt/decrypt pair of code samples that use the cipher.update() call.
  i am trying it like that but apparently it doesn't work
  byte[] temp = new byte[message.length/2];
  byte[] temp2 = new byte[message.length/2];
  System.arraycopy(message, 0, temp, 0, temp.length);
  System.arraycopy(message, temp.length, temp2, 0, temp.length);
  ciphertext = new byte[message.length];
  System.arraycopy(symmetricCipher.update(temp), 0, ciphertext, 0, temp.length);
  System.arraycopy(symmetricCipher.doFinal(temp2), 0, ciphertext, temp.length, temp.length);

  ode]
  >
  I don't see how using the inputstream i would avoid
  the memory error, when passing anything over
  10,000,000. Unless you mean I split the input, and
  write small chunks into disk as I encrypt them?Your basic problem is that you have the data as one large array. I don't know how and why you created this large array; I would not to create it unless there was no other way.
  Since it does not make sense to create one large encrypted byte array and given that you have a byte array then you can use either
  1) Create a ByteArrayInputStream and wrap it in a CipherinputStream. This would allow you to encrypt the array in a sequential manner a few KBytes at a time.
  or
  2) Encrypt the array a few KBytes at a time using a simple update(array, start, length) that returns the encrypted bytes.
  But first, I would try to avoid creating the large 'cleartext' array.

• Encrypt/decrypt AES 256, vorsalt error

  Hiyas.
  So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
  'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
  'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
  But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
  An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
  Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?
  <!--- ////////////////////////////////////////////////////////////////////////// Here's the Code ///////////////////////////////////////////////////////////////////////// --->
  <cfset theAlgorithm  = "Rijndael/CBC/PKCS5Padding" />
  <cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w="><!--- these 2 are the same --->
  <!---<cfset gKey = ToBase64(BinaryDecode("8738fed68e7677d374e0946c8f7bd3bb4f50f23717f9f3667b2419483959039c", "Hex"))>--->
  <cfset theIV    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>
  <!---<cfset theIV128    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b","hex")>--->
  <cffunction    name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
      <cfargument    name="szToEncrypt" type="string" required="true"/>
      <cfset secretkey = gKey>               
      <cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
      <cfreturn szReturn>
  </cffunction>   
  <cffunction    name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
      <cfargument    name="szToDecrypt" type="string" required="true"/>
      <cfset secretkey = gKey>   
      <cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>       
      <cfreturn szReturn>
  </cffunction>
  <cfset szStart = form["toencrypt"]>
  <cfset szStart = "Test me!">
  <cfset szEnc = DoEncrypt(szStart)>
  <cfset szDec = DoDecrypt(szEnc)>
  <cfoutput>#szEnc# #szDec#</cfoutput>

  Hi edevmachine,
  This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
  Example:
  <cfscript>
    BouncyCastleCFC = new path.to.BouncyCastle();
    string = "ColdFusion Rocks!"; 
    key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
    ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
    encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
    writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
  </cfscript>
  Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
  - An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
  - An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
  - An explanation of how to connect the Bouncy Castle classes together
  - Bouncy Castle's doc for the Rijndael Engine
  And here is the full CFC as posted in the StackOverflow discussion:
  <cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
  <cffunction name="createRijndaelBlockCipher" access="private">
      <cfargument name="key" type="string" required="true" >
      <cfargument name="ivSalt" type="string" required="true" >
      <cfargument name="bEncrypt" type="boolean" required="false" default="1">
      <cfargument name="blocksize" type="numeric" required="false" default=256>
      <cfscript>
      // Create a block cipher for Rijndael
      var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
      // Create a Block Cipher in CBC mode
      var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
      // Create Padding - Zero Byte Padding is apparently PHP compatible.
      var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
      // Create a JCE Cipher from the Block Cipher
      var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
      // Create the key params for the cipher    
      var binkey = binarydecode(arguments.key,"hex");
      var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
      var binIVSalt = Binarydecode(ivSalt,"hex");
      var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
      cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
      return cipher;
      </cfscript>
  </cffunction>
  <cffunction name="doEncrypt" access="public" returntype="string">
      <cfargument name="message" type="string" required="true">
      <cfargument name="key" type="string" required="true">
      <cfargument name="ivSalt" type="string" required="true">
      <cfscript>
      var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
      var byteMessage = arguments.message.getBytes();
      var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
      var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
      var cipherText = cipher.doFinal(outArray,bufferLength);
      return toBase64(outArray);
      </cfscript>
  </cffunction>
  <cffunction name="doDecrypt" access="public" returntype="string">
      <cfargument name="message" type="string" required="true">
      <cfargument name="key" type="string" required="true">
      <cfargument name="ivSalt" type="string" required="true">
      <cfscript>
      var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
      var byteMessage = toBinary(arguments.message);
      var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
      var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
      var originalText = cipher.doFinal(outArray,bufferLength);
      return createObject("java", "java.lang.String").init(outArray);
      </cfscript>
  </cffunction>
  <cfscript>
  function getByteArray(someLength)
      byteClass = createObject("java", "java.lang.Byte").TYPE;
      return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
  </cfscript>
  </cfcomponent>
  Thanks!,
  -Aaron

• Encrypt / Decrypt password

  Hi
  I'm new in Java and I need to create a function to encrypt / decrypt passwords using the Blowfish algorithm. I know how to create a key, but I don't know how to recover it to decrypt the password.
  Another question, Is it possible to use public/private keys in this case???.
  Can you give some links or examples please???
  Regards
  J.C.

  This is typically done either one of two ways:
  1) PBE based encryption. This uses a password or pass phrase to derive
  a key to use with a symmetric algorithm.
  2) Asymmetric using something like RSA. Typically RSA is used to wrap
  the actual symmetric key used to do the encryption but for very short
  plaintext it can be used directly on the plaintext. Passwords are a
  good example of short plaintext.
  Obviously symmetric encryption is a great deal faster than asymmetric
  encryption. So if your plaintext was large you would want to use
  symmetric. Also Asymmetric encryption is length dependant. AKA if your
  public key's modulus is 1024 bits then you could encrypt any plaintext
  that was 121 bytes or shorter.
  PBE takes a salt (a random byte array) and an iteration count and
  hashes a passphrase with the salt iteration number of times to generate
  a key that can be reproduced over and over again and used with a
  symmetric algorithm. The issue here is that your salt/ic either need
  to be hard coded and reused or the values for any single encryption
  need to be saved along with the ciphertext. Using the same ic/salt for
  a large number of plaintext to ciphertext operations can lead to a
  weakening of the pass phrase (aka the key) and aids a cryptoanalyst in
  breaking the code. Although it is still difficult it becomes easier
  with each successive encryption.
  Its upto you which route you take but you should note that private keys
  used in asymmetric encryption use PBE to keep them private anyway so in
  a sense if you use asymmetric encryption you are really using both
  asymmetric encryption and PBE...