Encrypt/decrypt in c++ and java

Hi,
I have a problem in encryt a file using RC2 in java and decrypt in c++.
I am using the bouncycastle.org as my RC2 provider in JCE.
Here is the code in c++
void CEScoreDlg::encrypt(BYTE *pData, unsigned long dwDataSize, unsigned long *dwOutSize)
     HCRYPTPROV hProv =0;
     HCRYPTKEY hKey = 0;
     HCRYPTHASH hHash = 0;
                     char *pword = "pass";
     try
          if(!CryptAcquireContext(&hProv, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
               throw CryptError("Error during CryptAcquireContext!\n");
          if(!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
               throw CryptError("Error during CryptCreateHash!\n");
          DWORD dwPwdLength = strlen(pword);
          if(!CryptHashData(hHash, (BYTE*)pword, dwPwdLength, 0))
               throw CryptError("Error during CryptHashData!\n");
          if(!CryptDeriveKey(hProv, CALG_RC2, hHash, 0, &hKey))
               throw CryptError("Error during CryptDeriveKey!\n");
          if(!CryptEncrypt(hKey, 0, TRUE, 0, pData, &dwDataSize, dwDataSize + 2 + dwPwdLength))
               throw CryptError("Error during CryptEncrypt!\n");
          *dwOutSize = dwDataSize;
     catch(CryptError& e)
          CString errmsg;
          LPVOID lpMsgBuf;
          FormatMessage(
               FORMAT_MESSAGE_ALLOCATE_BUFFER |
               FORMAT_MESSAGE_FROM_SYSTEM |
               FORMAT_MESSAGE_IGNORE_INSERTS,
               NULL,
               GetLastError(),
               MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
               (LPTSTR) &lpMsgBuf,
               0,
               NULL
          // Free the buffer.
          errmsg.Format("%s%s", e.msg, (LPCTSTR)lpMsgBuf);
          LocalFree( lpMsgBuf );
          MessageBox(errmsg, "Encryption error!", MB_OK|MB_ICONSTOP);
     if(hHash != 0)
          CryptDestroyHash(hHash);
     if(hKey != 0)
          CryptDestroyKey(hKey);
     if(hProv != 0)
          CryptReleaseContext(hProv, 0);
}and here is my java code try to decrypt the file generated by the c++ code.
     public static void decrypt (String passphrase, byte [] data) throws Exception
   byte iv[] = {1,2,3,4,5,6,7,8};
   byte [] dataTemp;
    MessageDigest md = MessageDigest.getInstance("MD5");
    md.update(passphrase.getBytes());
    SecretKeySpec RC2Key = new SecretKeySpec (md.digest(), "RC2");
     Cipher cipher = Cipher.getInstance("RC2/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, RC2Key, new RC2ParameterSpec(128,iv));
      CipherInputStream cis = new CipherInputStream (new FileInputStream("/test.ctm"), cipher);
    StringBuffer read=new StringBuffer();
    byte[] bytes=new byte[1];
    while(cis.read(bytes)!=-1){
      read.append(new String(bytes));
    cis.close();
    System.out.println("Got message From reading the file:");
    System.out.println(read.toString());And it does not seems to understand each other. I am a newbie in JCE and not familiar with c++ either.
Please help, thanks
Fred

And it does not seems to understand each other.
I am
a newbie in JCE and not familiar with c++ either. Based on this you did not write the code you have presented so you should get the author of the code to debug it and you should start reading! To help the guy you could asking where the C code gets it's IV from, why RSA is involved in the C code and where CBC and PKCS5Padding are specified in the C code!
You have a long road to drive but it will be worth it in the end!

Similar Messages

Encrypt/decrypt same file with two different passwords

Hi everyone:
I'm quite new to Java and cryptography in general and have a theoretical question. Is the following scenario possible and how would it be implemented:
Two users with two passwords (say, a regular user and a superuser) encrypt, decrypt, read from and write to the same file. The secret key for encryption and decryption should be based on their passwords (generated from their passwords), i.e. not stored anywhere on the system.
I've been racking my brains but can't think of a way. Am I missing an obvious solution?
Can it be done?
Thanks,
Michael

I don't think you can avoid having more than just a password hash stored on the system. Using a combination of my approach and Jeff's approach I can implement this as long as you allow a password protected key store to be stored on each system. A given user's key store would contain his RSA private key and associated public key together with the admin user's RSA certificate (thought the admin user's public key could be stored in the program since it does not have to be kept private). The admin user's key store would contain only his RSA private and public keys.
Assume that the data file is to be create by a standard non-admin user. His code performs the following actions -
1) Generates a random symmetric algorithm key. Say a 128 bit AES key.
2) He write a digest of this to the output file.
3) He writes the random key encrypted with his public key to the file.
4) He writes his public key (or certificate) to the file.
5) He writes the random key encrypted with the admin users public key to the file.
6) He encrypts the data using the random key writes the result to the file.
This user can then update the file by
1) reading from the file the digest of the random key.
2) reading the random key encrypted with his public key.
3) Decrypting this encrypted random key using his private key extracted from his keystore.
4) Check the digest of this key to make sure he has the correct random key.
5) skipping his certificate and the random key encrypted using the admin user's public key.
5) Decrypting the data using the random key.
6) Update the data.
7) Re-encrypt the file as described in the first part using a new random key.
The admin user can
1) read from the file the digest of the random key.
2) skip the random key encrypted using the user's public key.
3) reading the user's public key from the file (for use later if the file needs to be updated).
4) read the random key encrypted using the admin's public key.
5) decrypting the random key using the admin's private key obtained from his key store.
6) check the digest of the random key to make sure it is correct.
7) decrypt the the data.
The admin can edit the data since he can re-encrypt the data in a similar manner to the way it was created in the first place.

Encryption/Decryption failure for pdf and MSWord files

Hi,
Is there anybody to help me to find out what is wrong with my class (listing below)? I am sucessfuly using this class to encrypt and decrypt txt, html files but for unknown reasons I am unable to use it for e.g. pdf files. The encrypion somehow works but any atempt to decrypt is a failure.
/* This class accepts an input file, encrypts/decrypts it using DES algorithm and
writes the encrypted/decrypted output to an output file. DES is used in Cipher
Block Chaining mode with PKCS5Padding padding scheme. Note that DES is a symmetric
block cipher that uses 64-bit keys for encryption. A password of length no less
than 8 is to be passed to the encryptFile/ decryptFile methods. This password is
used to generate the encryption key. All exception handling is to be done by
calling methods. These exceptions are thrown by encryptFile/ decryptFile methods.
The input buffer is 64 bytes, 8 times the key size.
import java.io.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.*;
import java.security.spec.*;
public class Crypto
public Crypto(FileInputStream inStream_, FileOutputStream outStream_)
fInputStream_ = inStream_;
fOutputStream_ = outStream_;
public void encryptFile(String password_) throws InvalidKeySpecException, InvalidKeyException,
InvalidAlgorithmParameterException, IllegalStateException, IOException, Exception
DataOutputStream dataOutStream_ = new DataOutputStream(fOutputStream_);
// key generation
SecretKey encryptKey_ = createEncryptionKey(password_);
// Cipher initialization
Cipher cipher_= Cipher.getInstance(cipherType);
cipher_.init(Cipher.ENCRYPT_MODE, encryptKey_);
// write initialization vector to output
byte[] initializationVector_ = cipher_.getIV();
dataOutStream_.writeInt(initializationVector_.length);
dataOutStream_.write(initializationVector_);
// start reading from input and writing encrypted data to output
while (true) {
inputLength_ = fInputStream_.read(input_);
if (inputLength_ ==-1) break;
byte[] output_ = cipher_.update(input_, inputOffset_, inputLength_);
if (output_ != null)
dataOutStream_.write(output_);
// finalize encryption and wrap up
byte[] output_ = cipher_.doFinal();
if (output_ != null)
dataOutStream_.write(output_);
fInputStream_.close();
dataOutStream_.flush();
dataOutStream_.close();
public void decryptFile(String password_) throws IllegalStateException, IOException, Exception
DataInputStream dataInStream_ = new DataInputStream(fInputStream_);
// key generation
SecretKey encryptKey_ = createEncryptionKey(password_);
// read initialization vector from input
int ivSize_ = dataInStream_.readInt();
byte[] initializationVector_ = new byte[ivSize_];
dataInStream_.readFully(initializationVector_);
IvParameterSpec ivParamSpec_= new IvParameterSpec(initializationVector_);
// Cipher initialization
Cipher cipher_= Cipher.getInstance("DES/CBC/PKCS5Padding");
cipher_.init(Cipher.DECRYPT_MODE, encryptKey_, ivParamSpec_);
// start reading from input and writing decrypted data to output
while (true) {
inputLength_ = fInputStream_.read(input_);
if (inputLength_ ==-1) break;
byte[] output_ = cipher_.update(input_, inputOffset_, inputLength_);
if (output_ != null)
fOutputStream_.write(output_);
// finalize decryption and wrap up
byte[] output_ = cipher_.doFinal();
if (output_ != null)
fOutputStream_.write(output_);
fInputStream_.close();
fOutputStream_.flush();
fOutputStream_.close();
// the following method creates the encryption key using the supplied password
private SecretKey createEncryptionKey(String passwd_) throws InvalidKeySpecException,
InvalidKeyException, NoSuchAlgorithmException
byte[] encryptionKeyData_ = passwd_.getBytes();
DESKeySpec encryptionKeySpec_ = new DESKeySpec(encryptionKeyData_);
SecretKeyFactory keyFactory_ = SecretKeyFactory.getInstance(algorithm_);
SecretKey encryptionKey_ = keyFactory_.generateSecret(encryptionKeySpec_);
return encryptionKey_;
private FileInputStream fInputStream_;
private FileOutputStream fOutputStream_;
private final String algorithm_= "DES";
private final String cipherType= "DES/CBC/PKCS5Padding";
private byte[] input_ = new byte[64]; // The input buffer size is 64
private int inputLength_;
private final int inputOffset_= 0;
}

Please can u give me refined code for me///
at [email protected]
Hi,
I found at least one thing wrong. In the decrypt
method you are reading from 'fInputStream_' rather
than 'dataInStream'.
Worked for me on MSWord after changing this!
Roger
// start reading from input and writing decrypted
ted data to output
while (true) {
inputLength_ = fInputStream_.read(input_);
if (inputLength_ ==-1) break;
byte[] output_ = cipher_.update(input_,
input_, inputOffset_, inputLength_);
if (output_ != null)
fOutputStream_.write(output_);

Java-oracle-java encryption-decryption error.

Hi
We have a program which encrypts strings using DES and writes the encrypted to an oracle data. The code is similar to the following:
private static String encrypt(String property) throws GeneralSecurityException {
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = keyFactory.generateSecret(new PBEKeySpec(PASSWORD));
Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");
pbeCipher.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(SALT, 20));
return base64Encode(pbeCipher.doFinal(property.getBytes()));
This works consistently across jvms / os / hw / etc.
Unfortunately, the original version was writing it to the db as strings and now, these can't be de-crypted as oracle returns different values from the column.
I was wondering whether there was any way of retrieving these values now.
Regards
V
Edited by: user10510492 on Sep 28, 2011 1:59 PM

You need to try to find out what characterset was originally used to create the strings, this was either specified explicitly in the code, or done with the default Java encoding for your platform. Unfortunately there still is potential for loss of information which might prevent you from correctly decrypting the string (eg, bytes not in the characterset might have been converted to a questionmark, ASCII controlcodes might have been converted to something safer by your database, etc).

Component that implements encryption solution between the browser and Java

I need a Component that implements encryption solution between the browser and Java tier.
I am a java programmer and have really limited knowledge about cryptography. I work on JSF . I am basically looking to build a component that will ensure that the password entered by the user in the login page of the browser is properly encrypted using Java script and then we should be able to decrypt it in the Java Tier.
Basically, I think we need a public-private key system. We send the public key to the browser and use it with JavaScript to encrypt the key and we hold the private key on the server to decrypt it.
If some one can help me with this it would be very helpful. Or if anyone can point me to some resource that does this kind of thing I shall be obliged.

Can't use HTTPs as many of our existing customers
that run on intranet do not use HTTPs.Is there really a technical reason that your clients cannot use HTTPS? If so, what is it and why would your homebrew re-implementation of the same technology be acceptable instead?

How to encrypt/decrypt xml data into, and then out of IDS?

Hi,
How would we encrypt NPPI information being passed from an unencrypted xml through IDS, and then decrypt it on exit prior to Gendata.
The IDS SDK gave a reference to IDSEncryptionRule(), but insufficient examples of implementation.
It could be something like a single tag element, or even the entire xml, it's just not clear how to make it happen using native IDS methods.
Any thoughts or help to implement this security measure would be most welcome!
Thanks so much!
Edited by: lodit on Apr 10, 2013 2:56 PM

Hi there,
You would need to write a custom IDS rule that implements this function. You can refer to the IDS SDK book for info on writing a custom rule. IDSEncryptionRule does operations based on the request state received. Normally when an IDS rule is executed, the rules in the request type definition are executed with the RUN_FORWARD request state. Then they are executed with the RUN_REVERSE request state. An example of why this model is used would be the ATCReceiveFile. On RUN_FOWARD, it writes the contents of file segments in a message to a temporary file. Subsequent rules execute. Then on the RUN_REVERSE, the ATCReceiveFile does clean up routines to remove the temporary file.
So, armed with that knowledge, you can use the IDSEncryptionrule to perform on RUN_FORWARD (decrypt message variables for subsequent processing by Documaker) and then on RUN_REVERSE (encrypt message variables to send back to the client).
It should be apparent at this point that you need to use an encryption/decryption mechanism with the IDS client otherwise you won't be able to prepare the message to send or read the response. On the client side there are functions - consult the examples included in the IDS SDK (DSI_DSK in the installer package).
--Andy

Encryption/decryption through jar file and classes

Hi,
My application uses tomcat as web server.
I am doing encrytion and decyption.
i fetch encypted data from database and then decrypt it
If i use calsses in webapps -> WEB-INF -> classes folder, i place classes in that ,
In other case i use jar file and place that file in WEB-INF -> lib folder in the webapps directory.
There is huge performance difference.
While using classes performance is great while using jar file performance is very disappointed.
I am using a file for encryption /decryption also.

Are you getting any error messages? Have you put debugging code in those classes to see what is happening?

Need to encrypt string in ColdFusion and Decrypt in Flex

My company is developing a standalone, offline Flex/AIR application. When users of the Flex/AIR app. want to activate the application, we will send them an activation file that contains an encrypted string. The string will hold the unique set-up data for the specific copy of the Flex/AIR app. The activation file will need to be generated on our central system which is written in ColdFusion. The Flex/AIR application must read the file and decrypt the string.
Are there any encryption/decryption options that are compatible with ColdFusion 8 and Flex 4?
Thanks.
P.S. The Flex/AIR app. runs offline, so I am not referring to encryption of communications between a ColdFusion server and Flex.

srikanth n wrote:
> Can anybody help me to resolve this issue.
>
> Thanks in advance.
>
>
My first thought is CF's list functions. You can declare any
character(s) you want to be a list delimiter. In you example
I would
use '-' and 'x' as the delimiter. A couple of examples.
<cfset phoneString = '123-456-7890 x1234'>
<cfset delimList = '-x '>
<cfoutput>
Areacode: #listFirst(phoneString,delimList)#<br/>
Exchange: #listGetAt(phoneString,2,delimList)#<br/>
Number: #listGetAt(phoneString,3,delimList)#<br/>
Extension: #listLast(phoneString,delimList)#
</cfoutput>

Help for a newbie on encryption/decryption

I want to start with a text file.
Read in a line of ascii characters, encrypt it using some algorithm and output it as a new set of ascii characters.
What algorithm should I use?

thanks a lot. I got the encryption/decryption working pretty easily.
However, I ran into problem when I got to storing keys:
I stored it fine with this code
          try {
               KeyGenerator keyGen = KeyGenerator.getInstance("DES");
               desKey = keyGen.generateKey();
               cipher = Cipher.getInstance("DES");
               KeyStore keyStore = KeyStore.getInstance("JKS");
               String password = "lemein";
               char passwd[] = password.toCharArray();
               keyStore.load(null, passwd); //initialize keyStore
               Certificate[] chain = new Certificate[1];
               String alias = "test";
               keyStore.setKeyEntry(alias, desKey, passwd, null);
               String fileName = "data/gkey.txt";
               FileOutputStream f = new FileOutputStream(fileName);
               keyStore.store(f, passwd); // <----------exception happens here
          } catch (Exception e)
          {     e.printStackTrace();
I got problem when I retrieve it with this code
          KeyGenerator kg = null;
          Key key = null;
          cipher = null;
          Security.addProvider(new com.sun.crypto.provider.SunJCE());
          byte[] result = null;
          try {
               KeyStore keyStore = KeyStore.getInstance("JKS");
               keyStore.load(new FileInputStream("data/gkey.txt"), "lemein".toCharArray());
               key = keyStore.getKey("test", "lemein".toCharArray());
               cipher = Cipher.getInstance("DES");
               byte[] data = "Hello World!".getBytes();
               System.out.println("Original data : " + new String(data));
               cipher.init(Cipher.ENCRYPT_MODE, key);
               result = cipher.doFinal(data);
               System.out.println("Encrypted data: " + new String(result));
          } catch (Exception e) {
               e.printStackTrace();
I get the error:
java.security.UnrecoverableKeyException: DerInputStream.getLength(): lengthTag=75, too big.
     at sun.security.provider.KeyProtector.recover(Unknown Source)
     at sun.security.provider.JavaKeyStore.engineGetKey(Unknown Source)
     at java.security.KeyStore.getKey(Unknown Source)
Any idea what the problem is?
Thanks

Encrypt/decrypt AES 256, vorsalt error

Hiyas.
So I'm trying to get encrypt/decrypt to work for AES 256, with both 32byte key and 32byte IVorSalt. (Yup-new java security files v6 installed)
'IF' I 32byte key but dont use a IV at all, I get a nice looking AES 256 result. (I can tell it's AES 256 by looking the length of the encrypted string)
'IF' I use a 32byte key and 16bit salt, I get a AES 128 result (I know- as per docs theyre both s'posed to the same size, but the docs are wrong).
But when i switch to using both a 32byte key AND a 32byte salt I get the error below.
An error occurred while trying to encrypt or decrypt your input string: Bad parameters: invalid IvParameterSpec: com.rsa.jsafe.crypto.JSAFE_IVException: Invalid IV length. Should be 16.
Has anyone 'EVER' gotten encrypt to work for them using AES 256 32byte key and 32byte salt? Is this a bug in CF? Or Java? Or I am doing something wrong?

<cfset theAlgorithm = "Rijndael/CBC/PKCS5Padding" />
<cfset gKey = "hzj+1o52d9N04JRsj3vTu09Q8jcX+fNmeyQZSDlZA5w=">

<cfset theIV    = BinaryDecode("7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b7fe8585328e9ac7b","hex")>

<cffunction    name="DoEncrypt" access="public" returntype="string" hint="Fires when the application is first created.">
    <cfargument    name="szToEncrypt" type="string" required="true"/>
    <cfset secretkey = gKey>
    <cfset szReturn=encrypt(szToEncrypt, secretkey, theAlgorithm, "Base64", theIV)>
    <cfreturn szReturn>
</cffunction>
<cffunction    name="DoDecrypt" access="public" returntype="string" hint="Fires when the application is first created.">
    <cfargument    name="szToDecrypt" type="string" required="true"/>
    <cfset secretkey = gKey>
    <cfset szReturn=decrypt(szToDecrypt, secretkey, theAlgorithm, "Base64",theIV)>
    <cfreturn szReturn>
</cffunction>
<cfset szStart = form["toencrypt"]>
<cfset szStart = "Test me!">
<cfset szEnc = DoEncrypt(szStart)>
<cfset szDec = DoDecrypt(szEnc)>
<cfoutput>#szEnc# #szDec#</cfoutput>

Hi edevmachine,
This Bouncy Castle Encryption CFC supports Rijndael w/ 256-bit block size. (big thanks to Jason here and all who helped w/ that, btw!)
Example:
<cfscript>
BouncyCastleCFC = new path.to.BouncyCastle();
string = "ColdFusion Rocks!";
key = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd key
ivSalt = binaryEncode(binaryDecode(generateSecretKey("Rijndael", 256), "base64"), "hex");//the CFC takes hex'd ivSalt
encrypted = BouncyCastleCFC.doEncrypt(string, key, ivSalt);
writeOutput(BouncyCastleCFC.doDecrypt(encrypted, key, ivSalt));
</cfscript>
Related links for anyone interested in adding 256-bit block size Rijndael support into ColdFusion:
- An explanation of how to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files into ColdFusion
- An explanation of how to install the Bouncy Castle Crypto package into ColdFusion (near bottom, under the "Installing additional security providers" heading)
- An explanation of how to connect the Bouncy Castle classes together
- Bouncy Castle's doc for the Rijndael Engine
And here is the full CFC as posted in the StackOverflow discussion:
<cfcomponent displayname="Bounce Castle Encryption Component" hint="This provides bouncy castle encryption services" output="false">
<cffunction name="createRijndaelBlockCipher" access="private">
    <cfargument name="key" type="string" required="true" >
    <cfargument name="ivSalt" type="string" required="true" >
    <cfargument name="bEncrypt" type="boolean" required="false" default="1">
    <cfargument name="blocksize" type="numeric" required="false" default=256>
    <cfscript>
    // Create a block cipher for Rijndael
    var cryptEngine = createObject("java", "org.bouncycastle.crypto.engines.RijndaelEngine").init(arguments.blocksize);
    // Create a Block Cipher in CBC mode
    var blockCipher = createObject("java", "org.bouncycastle.crypto.modes.CBCBlockCipher").init(cryptEngine);
    // Create Padding - Zero Byte Padding is apparently PHP compatible.
    var zbPadding = CreateObject('java', 'org.bouncycastle.crypto.paddings.ZeroBytePadding').init();
    // Create a JCE Cipher from the Block Cipher
    var cipher = createObject("java", "org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher").init(blockCipher,zbPadding);
    // Create the key params for the cipher
    var binkey = binarydecode(arguments.key,"hex");
    var keyParams = createObject("java", "org.bouncycastle.crypto.params.KeyParameter").init(BinKey);
    var binIVSalt = Binarydecode(ivSalt,"hex");
    var ivParams = createObject("java", "org.bouncycastle.crypto.params.ParametersWithIV").init(keyParams, binIVSalt);
    cipher.init(javaCast("boolean",arguments.bEncrypt),ivParams);
    return cipher;
    </cfscript>
</cffunction>
<cffunction name="doEncrypt" access="public" returntype="string">
    <cfargument name="message" type="string" required="true">
    <cfargument name="key" type="string" required="true">
    <cfargument name="ivSalt" type="string" required="true">
    <cfscript>
    var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt);
    var byteMessage = arguments.message.getBytes();
    var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
    var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
    var cipherText = cipher.doFinal(outArray,bufferLength);
    return toBase64(outArray);
    </cfscript>
</cffunction>
<cffunction name="doDecrypt" access="public" returntype="string">
    <cfargument name="message" type="string" required="true">
    <cfargument name="key" type="string" required="true">
    <cfargument name="ivSalt" type="string" required="true">
    <cfscript>
    var cipher = createRijndaelBlockCipher(key=arguments.key,ivSalt=arguments.ivSalt,bEncrypt=false);
    var byteMessage = toBinary(arguments.message);
    var outArray = getByteArray(cipher.getOutputSize(arrayLen(byteMessage)));
    var bufferLength = cipher.processBytes(byteMessage, 0, arrayLen(byteMessage), outArray, 0);
    var originalText = cipher.doFinal(outArray,bufferLength);
    return createObject("java", "java.lang.String").init(outArray);
    </cfscript>
</cffunction>
<cfscript>
function getByteArray(someLength)
    byteClass = createObject("java", "java.lang.Byte").TYPE;
    return createObject("java","java.lang.reflect.Array").newInstance(byteClass, someLength);
</cfscript>
</cfcomponent>
Thanks!,
-Aaron

Encrypt / Decrypt password

Hi
I'm new in Java and I need to create a function to encrypt / decrypt passwords using the Blowfish algorithm. I know how to create a key, but I don't know how to recover it to decrypt the password.
Another question, Is it possible to use public/private keys in this case???.
Can you give some links or examples please???
Regards
J.C.

This is typically done either one of two ways:
1) PBE based encryption. This uses a password or pass phrase to derive
a key to use with a symmetric algorithm.
2) Asymmetric using something like RSA. Typically RSA is used to wrap
the actual symmetric key used to do the encryption but for very short
plaintext it can be used directly on the plaintext. Passwords are a
good example of short plaintext.
Obviously symmetric encryption is a great deal faster than asymmetric
encryption. So if your plaintext was large you would want to use
symmetric. Also Asymmetric encryption is length dependant. AKA if your
public key's modulus is 1024 bits then you could encrypt any plaintext
that was 121 bytes or shorter.
PBE takes a salt (a random byte array) and an iteration count and
hashes a passphrase with the salt iteration number of times to generate
a key that can be reproduced over and over again and used with a
symmetric algorithm. The issue here is that your salt/ic either need
to be hard coded and reused or the values for any single encryption
need to be saved along with the ciphertext. Using the same ic/salt for
a large number of plaintext to ciphertext operations can lead to a
weakening of the pass phrase (aka the key) and aids a cryptoanalyst in
breaking the code. Although it is still difficult it becomes easier
with each successive encryption.
Its upto you which route you take but you should note that private keys
used in asymmetric encryption use PBE to keep them private anyway so in
a sense if you use asymmetric encryption you are really using both
asymmetric encryption and PBE...

Encrypt/decrypt

Hello!
I have been trying to use this syntax for encrypting/decrypting BUT I get different values all the time even if I use the same String. I would be really glad if anyone could help me to tell me why. What I want to use this encrypt/decrypt/ is to make some info unreadable in my database but I want to be able to decrypt the info.
-----------------------------syntax----------------------------------------------------------------------
SecretKey key=null;
try{
key = KeyGenerator.getInstance("DES").generateKey();
}catch(Exception e){}
DesEncrypter d= new DesEncrypter(key);
-----------------------------My cryptClass--------------------------------------------------------
public class DesEncrypter {
Cipher ecipher;
Cipher dcipher;
DesEncrypter(SecretKey key) {
try {
ecipher = Cipher.getInstance("DES");
dcipher = Cipher.getInstance("DES");
ecipher.init(Cipher.ENCRYPT_MODE, key);
dcipher.init(Cipher.DECRYPT_MODE, key);
} catch (javax.crypto.NoSuchPaddingException e) {
} catch (java.security.NoSuchAlgorithmException e) {
} catch (java.security.InvalidKeyException e) {
public String encrypt(String str) {
try {
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");
// Encrypt
byte[] enc = ecipher.doFinal(utf8);
// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (java.io.IOException e) {
return null;
public String decrypt(String str) {
try {
// Decode base64 to get bytes
byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str);
// Decrypt
byte[] utf8 = dcipher.doFinal(dec);
// Decode using utf-8
return new String(utf8, "UTF8");
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (UnsupportedEncodingException e) {
} catch (java.io.IOException e) {
return null;
thanks in advance!

I don't understand caffeiene's answer but maybe it will help you. It seems to me that you need to encrypt and decrypt the same way across application sessions, etc. Therefore you will need to store your key outside of the application in a file on the server. So you'll have to use a key generator that will let you save the key to a file. That's about all the detail I can give you since I've never worked directly with cryptography. Obviously you'll need to make sure the server is behind a good firewall, or whatever other security measures you deem appropriate to protect the key. It seems unsecure, but you have to persist the key, because otherwise if the app server crashes then the data in the db will be inaccessible.

Encrypt/Decrypt data, multiple public keys using Bouncy castle api?

Hi all.
I need to implement encrypt/decrypt functionality of some data with many public keys using bouncy castle api and EnvelopedData class in java 1.4 SE.
Could someone give me examples how to do it. I searched whole the internet and i could not find simple example.

Hi thanks very much.
I had a quick look at the examples. I will see if they could help me.
Here is more specific what i want:
Encrypt data with multiple public keys that are kept in .pkcs12 file.
And decrypt the data using coresponding private key after that.
I must use bouncy castle api for java 1.4 se.
Best regards
Edited by: menchev on Nov 13, 2008 8:26 AM

RMI client-side - how to encrypt,decrypt in client-side

I write javacard RMI style. My problem is...
Source code below is work when it write in applet (card - side)
but in client-side (reader -side) I copy it to client - side code and test to run, if fail --> throw exception 0x3 - javacard.security.CryptoException.NO_SUCH_ALGORITHM
It seem to be "javacardx.crypto" and "javacard.security" is make for use in applet in card only. Did I misunderstand?
if it make for use in applet only, how is possible to do like this " card use privatekey to sign message and send to reader , reader use card's publickey to verify that card sign this signature or not."
or
"card use reader's publickey to encrypt message and send to reader, then reader use privatekey to decrypt message (reader authencate itself) "
because I can't do any of cipher , keybuilder in RMI-client side(reader)
Cipher.getInstance(Cipher.ALG_RSA_PKCS1,false);
it will throw nullPointerException
and if (change false to true)
Cipher.getInstance(Cipher.ALG_RSA_PKCS1,true);
throw exception 0x3 - javacard.security.CryptoException.NO_SUCH_ALGORITHM
after that I swap this line with
pri_key = (RSAPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PRIVATE,KeyBuilder.LENGTH_RSA_512, false);
since it will do this first (i swap the line already) it also throw exception 0x3 - javacard.security.CryptoException.NO_SUCH_ALGORITHM
also be the same result with swap
kp = new KeyPair(KeyPair.ALG_RSA,(short)KeyBuilder.LENGTH_RSA_512 );
to a first line
it throw exception 0x3 - javacard.security.CryptoException.NO_SUCH_ALGORITHM
Please help me
RSAPrivateKey pri_key;
RSAPublicKey pub_key;
KeyPair kp;
Cipher RSAcipher;
RSAcipher = Cipher.getInstance(Cipher.ALG_RSA_PKCS1,false);
pri_key = (RSAPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PRIVATE,KeyBuilder.LENGTH_RSA_512, false);
pub_key =(RSAPublicKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PUBLIC,KeyBuilder.LENGTH_RSA_512, false);
kp = new KeyPair(KeyPair.ALG_RSA,(short)KeyBuilder.LENGTH_RSA_512 );
kp.genKeyPair();
pri_key = (RSAPrivateKey) kp.getPrivate();
pub_key = (RSAPublicKey) kp.getPublic();
//ENCRYPT
RSAcipher.init(pri_key, Cipher.MODE_ENCRYPT);
t_cipherLengthRSA = RSAcipher.doFinal(plaintxt,(short)0, (short)plaintxt.length, t_cipherText, (short)0);
//DECRYPT
RSAcipher.init(pub_key, Cipher.MODE_DECRYPT);
RSAcipher.doFinal(ciphertxt,(short)0,(short) t_cipherLengthRSA, temp1, (short)0);

I write javacard RMI style. My problem is...
Source code below is work when it write in applet (card - side)
but in client-side (reader -side) I copy it to client - side code and test to run, if fail --> throw
exception 0x3 - javacard.security.CryptoException.NO_SUCH_ALGORITHMYou can not share code between card and client. On the card use the classes of javacardx.crypto and on the client side those of javax.crypto and java.security.
It seem to be "javacardx.crypto" and "javacard.security" is make for use in applet in card only. That is right.
if it make for use in applet only, how is possible to
do like this " card use privatekey to sign message
and send to reader , reader use card's publickey to
verify that card sign this signature or not." or
"card use reader's publickey to encrypt message and
send to reader, then reader use privatekey to decrypt
message (reader authencate itself) "On each platform you have classes that provide the same cryptographic operations but the interface of these classes is different (because of the limitations of the java card platform).
because I can't do any of cipher , keybuilder in
RMI-client side(reader)Use the java.security.KeyFactory instead.
Cipher.getInstance(Cipher.ALG_RSA_PKCS1,false);
it will throw nullPointerException
and if (change false to true)
Cipher.getInstance(Cipher.ALG_RSA_PKCS1,true);
throw exception 0x3 -
javacard.security.CryptoException.NO_SUCH_ALGORITHMCryptographic support on java cards is optional. Not every card supports every algorithm. Try to use another algo.
Jan

TRIPLEDES Encrypt/Decrypt in Oracle

We are having issues in oracle encryption/decryption.
In our web application,We receive a number as input from the user which is encrypted & encoded using DES3 in .NET.
This encrypted value is stored in the oracle database. We need to decrypt it in oracle8.1.7 to get
the original number entered by the user.
We are using the following code and facing issues.
declare
decrypted_string VARCHAR2(2048);
input_string VARCHAR2(2048);
begin
DBMS_OBFUSCATION_TOOLKIT.DES3Decrypt (input_string=> hextoraw('a403de8264ec0b60a09c6d115768aff0'),
key_string=>hextoraw('6d6f68616d6d6164616c6c616d6261647368616831323334'),
Decrypted_string=>decrypted_string);
dbms_output.PUT_LINE('vr_decrypted is:' || decrypted_string);
end;
We have taken the string 'hello ho'.
This text is encrypted and encode ni .NET in DES3 which is the input string 'a403de8264ec0b60a09c6d115768aff0'.
and the key is the encoded format of the key used to encrypt the input string.
we are not getting the decrypted value as expected. thats 'hello ho'

If I understand what you are trying to accomplish correctly, a better approach might be to protect your data by encrypting the network traffic between the middle tier and the db. This would ensure the entire sqlnet exchange has been protected and not just any one piece of data. Once the data has been safely moved to the db tier, you can then use the DB Crypto package to encrypt any individual data you want stored in tables protected. Doing it this way will prevent you from having extra Forms application code and prevent you from writing your own risky security routine in Java.
Refer to the Oracle Net Services documentation for information on how to encrypt the net traffic between client and db. Remember that the "client" in this case is the middle tier Forms environment and not the end-user. Here are some helpful references:
http://docs.oracle.com/cd/B28359_01/network.111/b28530/toc.htm
http://docs.oracle.com/cd/B28359_01/network.111/b28316/toc.htm

Encrypt/decrypt in c++ and java

Similar Messages

Maybe you are looking for