Encrypt/decrypt streams with same password

Hi all!
I'would like to know if I can encrypt/decrypt streams using key's which are hardwired in my application. By a hardwired key I understand a key which is generated using the same seed; practically I don't keep the key, but the minimum info to regenerate it.
Is this possible and if yes, how? Where can I find some more info about regenerating a key?
Stefan.
PS: I'm a newbie in field of cryptography, so...

You can use password-based encryption. See an example
of such a thing in:
http://javaalmanac.com/egs/javax.crypto/PassKey.html
Erm, what sort of encryption isn't password-based ?

Similar Messages

Creating 50 users with SAME password

All
I need to create 50 Trainning users with SAME password.
Does SAP allows to do it ? SU10 does not let me know
enter the password ?
Is there any report that I can use ?
How can use SCAT trasaction to do this ?
Please advise.
Thanks
From
PT.

Hi Pranav,
Yes SAP allow you but for security reason its not recomended.
But you can't give the password same like the username, SAP will not allow your to give password that contain userid.
You can use SCAT to create the 50 user.
First you recard the transcation first
Than change the value with parameter (type &parameter_name)
and than you can create a excel file that contain the 50 user.
and use SCAT to run it.
Please read:
http://help.sap.com/saphelp_47x200/helpdata/en/f4/3f9ef659a711d1bc84080009b4534c/content.htm
or
http://help.sap.com/saphelp_47x200/helpdata/en/fd/f10538d6cb1e3be10000009b38f8cf/frameset.htm
Regards,
Fendi Suyanto

Can not connect with itunes with iphone but can connect with same password with my computer

I can not connect with Apple ID by IPhone but I can with same ID on my computer.

Read the article from which the thread was started.

When I create a new account with same password is ...

Over the course of inactivity it happened that I forgot my passwords. I did not request a reset but created a new account with the same e-mail. Can I have several accounts with the same e-mail? And if so, how do I request a reset of password for a specific username resp. account? I would like to keep the old user accounts for several reasons. But requesting a reset via e-mail will do so on my newest account for which I know the password.
Am I trying to do something impossible?

as far as I remember, accounts are tagged as inactive after 6 months of no activity.
In your case, I think you may need to contact customer service for further assistance.
Just click the link below to see the instructions on how you can get in touch with the Support team ;
https://support.skype.com/en/faq/FA1170/how-can-i-contact-skype-customer-service
CONTACT SKYPE CUSTOMER SERVICE | HOW TO RECORD SKYPE VIDEO CALLS | HOW TO HANDLE SUPICIOUS CALLS AND MESSAGES | WINDOWS PROBLEMS TROUBLESHOOTING | SKYPE DOWNLOAD LINKS
MORE TIPS, TRICKS AND UPDATES AT
skypefordummies.blogspot.com

My developer id on Xcode says the password is rejected, but I can long on to the apple development site with same password and it is okay. This started after downloading Xcode 5.0.2 any ideas?

On xcode preferences the account is being rejected due to password wrong but the password works on the developer site. I am using xcode 5.0.2 and an iphone 4s. Prior to this i was using an older xcode and an iphone 3gs. I entered the password again but it fails. i deleted all xcode off my machine, downloaded a new verison from the app store, but problem persists. Any ideas? thanks in advance for your help. regards

did you ever figure this out? Im having the same problem... only thing I can think of is - that I am admin on the account.. .so maybe Apple thinks admins don't ever need to use Xcode? haha

I can't sign into ny iPad but I can sign into my iPhone with same password

I Can sign into my iPhone with Apple id, however I can't sign into iPad. I have reset etc. but still to no avail

What IP does your iPad show as having?
Try a reset. Press & hold the Power and Home buttons together for 10+ seconds, ignoring the red power-off slider, until you see the Apple logo.
Some folks have discovered that changing their DNS service fixes FaceTime connection issues.
The ideal way is to configure your modem/router with DNS service, but often settings in System Preferences/Network on your Mac will override the router settings. Try either of these;
OpenDNS
208.67.222.222, 208.67.220.220
Google Public DNS
8.8.8.8. 8.8.4.4

How to encrypt/decrypt xml data into, and then out of IDS?

Hi,
How would we encrypt NPPI information being passed from an unencrypted xml through IDS, and then decrypt it on exit prior to Gendata.
The IDS SDK gave a reference to IDSEncryptionRule(), but insufficient examples of implementation.
It could be something like a single tag element, or even the entire xml, it's just not clear how to make it happen using native IDS methods.
Any thoughts or help to implement this security measure would be most welcome!
Thanks so much!
Edited by: lodit on Apr 10, 2013 2:56 PM

Hi there,
You would need to write a custom IDS rule that implements this function. You can refer to the IDS SDK book for info on writing a custom rule. IDSEncryptionRule does operations based on the request state received. Normally when an IDS rule is executed, the rules in the request type definition are executed with the RUN_FORWARD request state. Then they are executed with the RUN_REVERSE request state. An example of why this model is used would be the ATCReceiveFile. On RUN_FOWARD, it writes the contents of file segments in a message to a temporary file. Subsequent rules execute. Then on the RUN_REVERSE, the ATCReceiveFile does clean up routines to remove the temporary file.
So, armed with that knowledge, you can use the IDSEncryptionrule to perform on RUN_FORWARD (decrypt message variables for subsequent processing by Documaker) and then on RUN_REVERSE (encrypt message variables to send back to the client).
It should be apparent at this point that you need to use an encryption/decryption mechanism with the IDS client otherwise you won't be able to prepare the message to send or read the response. On the client side there are functions - consult the examples included in the IDS SDK (DSI_DSK in the installer package).
--Andy

Encrypt/decrypt same file with two different passwords

Hi everyone:
I'm quite new to Java and cryptography in general and have a theoretical question. Is the following scenario possible and how would it be implemented:
Two users with two passwords (say, a regular user and a superuser) encrypt, decrypt, read from and write to the same file. The secret key for encryption and decryption should be based on their passwords (generated from their passwords), i.e. not stored anywhere on the system.
I've been racking my brains but can't think of a way. Am I missing an obvious solution?
Can it be done?
Thanks,
Michael

I don't think you can avoid having more than just a password hash stored on the system. Using a combination of my approach and Jeff's approach I can implement this as long as you allow a password protected key store to be stored on each system. A given user's key store would contain his RSA private key and associated public key together with the admin user's RSA certificate (thought the admin user's public key could be stored in the program since it does not have to be kept private). The admin user's key store would contain only his RSA private and public keys.
Assume that the data file is to be create by a standard non-admin user. His code performs the following actions -
1) Generates a random symmetric algorithm key. Say a 128 bit AES key.
2) He write a digest of this to the output file.
3) He writes the random key encrypted with his public key to the file.
4) He writes his public key (or certificate) to the file.
5) He writes the random key encrypted with the admin users public key to the file.
6) He encrypts the data using the random key writes the result to the file.
This user can then update the file by
1) reading from the file the digest of the random key.
2) reading the random key encrypted with his public key.
3) Decrypting this encrypted random key using his private key extracted from his keystore.
4) Check the digest of this key to make sure he has the correct random key.
5) skipping his certificate and the random key encrypted using the admin user's public key.
5) Decrypting the data using the random key.
6) Update the data.
7) Re-encrypt the file as described in the first part using a new random key.
The admin user can
1) read from the file the digest of the random key.
2) skip the random key encrypted using the user's public key.
3) reading the user's public key from the file (for use later if the file needs to be updated).
4) read the random key encrypted using the admin's public key.
5) decrypting the random key using the admin's private key obtained from his key store.
6) check the digest of the random key to make sure it is correct.
7) decrypt the the data.
The admin can edit the data since he can re-encrypt the data in a similar manner to the way it was created in the first place.

Error running SSIS package to do with encrypting/decrypting password. Help needed.

Getting this error. Can anyone shed some light? This is the first promote since 2009. Protection level of the package is 'EncryptSensitiveWithPassword' I'm new at SSIS so don't assume I know anything.
10/30/2014 16:11:06,HPAddress_Export,Error,0,SSQLTST01\SSQLTST02,HPAddress_Export,(Job outcome),,The job failed.
The Job was invoked by User AHCCCS\Administrator. The last step to run was step 1 (Step 1).,00:00:02,0,0,,,,0
10/30/2014 16:11:06,HPAddress_Export,Error,1,SSQLTST01\SSQLTST02,HPAddress_Export,Step 1,,Executed as user: AHCCCS\svcssqltst01. ....00.5324.00 for 32-bit
Copyright (C) Microsoft Corp 1984-2005. All rights reserved.
Started: 4:11:06 PM Error: 2014-10-30 16:11:07.05
Code: 0xC001405F     Source:
Description: Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information.
End Error Error: 2014-10-30 16:11:07.37
Code: 0xC001405F     Source:
Description: Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information.
End Error Error: 2014-10-30 16:11:07.79
Code: 0xC0202009     Source: HPAddress_ExportPackage Connection manager "SQL.HealthPlanAddressChanges.hpac"
Description: SSIS Error Code DTS_E_OLEDBERROR. An OLE DB error has occurred. Error code: 0x80040E4D.
An OLE DB record is available. Source: "Micros...
The package execution fa... The step failed.,00:00:02,0,0,,,,0

Hi,
From the error message “Failed to decrypt an encrypted XML node because the password was not specified or not correct. Package load will attempt to continue without the encrypted information.“, it seems that the error is caused by the password to decrypt
an encrypted XML node was not specified or incorrect.
Besides, the EncryptSensitiveWithPassword Protection level means user should use a password to encrypt only the values of sensitive properties in the package. To open the package in SSIS Designer, the user must provide the package password. If the password
is not provided, the package opens without the sensitive data and the current user must provide new values for sensitive data. If the user tries to execute the package without providing the password, package execution fails.
So in order to resolve this issue, we should provide the password when executing the package. When you execute a package with this setting using DTEXEC, you can specify the password on the command line using the /Decrypt password command line argument.
Reference:
Access Control for Sensitive Data in Packages
Securing Your SSIS Packages Using Package Protection Level
Thanks,
Katherine Xiong
Katherine Xiong
TechNet Community Support

Encrypt / Decrypt password

Hi
I'm new in Java and I need to create a function to encrypt / decrypt passwords using the Blowfish algorithm. I know how to create a key, but I don't know how to recover it to decrypt the password.
Another question, Is it possible to use public/private keys in this case???.
Can you give some links or examples please???
Regards
J.C.

This is typically done either one of two ways:
1) PBE based encryption. This uses a password or pass phrase to derive
a key to use with a symmetric algorithm.
2) Asymmetric using something like RSA. Typically RSA is used to wrap
the actual symmetric key used to do the encryption but for very short
plaintext it can be used directly on the plaintext. Passwords are a
good example of short plaintext.
Obviously symmetric encryption is a great deal faster than asymmetric
encryption. So if your plaintext was large you would want to use
symmetric. Also Asymmetric encryption is length dependant. AKA if your
public key's modulus is 1024 bits then you could encrypt any plaintext
that was 121 bytes or shorter.
PBE takes a salt (a random byte array) and an iteration count and
hashes a passphrase with the salt iteration number of times to generate
a key that can be reproduced over and over again and used with a
symmetric algorithm. The issue here is that your salt/ic either need
to be hard coded and reused or the values for any single encryption
need to be saved along with the ciphertext. Using the same ic/salt for
a large number of plaintext to ciphertext operations can lead to a
weakening of the pass phrase (aka the key) and aids a cryptoanalyst in
breaking the code. Although it is still difficult it becomes easier
with each successive encryption.
Its upto you which route you take but you should note that private keys
used in asymmetric encryption use PBE to keep them private anyway so in
a sense if you use asymmetric encryption you are really using both
asymmetric encryption and PBE...

Encrypt/Decrypt passwords

Hi...
Another thread with that same, old subject... right? Perhaps yes!! But I am not able to move further without help.
I am developing an application where user needs to login by entering the password. My requirement is to encrypt the password first (while registering the user) and store it in a database (using MS Access 2007). Later, while logging in, I need to decrypt that stored password and validate the entered password by user.
As I am quite new to this, not able to understand how to proceed. Checked in this forum, even in net - got many stuffs as well - but still I am not able to develop this.
Any suggestion, help would be appreciated.
I have few simple logics, that could be used: 1. replace each characters with the next (or next to next) characters, 2. insert some junk characters in between each characters and creating a string... etc
But I am looking for some serious encryption/decryption techniques.
Thanks in Advance...

>
Oh yeah.. what an 'Aloo Paratha' with no salt. But not able to understand how to add this 'Salt' to my paratha.. :(
TiA...Suppose I had read access to the password table, where I also had an account:
| user_name | digested_password | ...
+-----------+-------------------+--
| bdlh      | efagukfuilfehilef |
| smith     | fiopwefiopf890fnk |
...I can't guess smith's password from his digest, but what if I notice:
| user_name | digested_password | ...
+-----------+-------------------+--
| bdlh      | efagukfuilfehilef |
| smith     | fiopwefiopf890fnk |
| kumar     | efagukfuilfehilef |Hey! kumar and I happen to have the same digest! We have the same password! (Or as good as.) I can log on as kumar and have jolly time at his expense.
Now change things with a pinch of salt: a randomly generated unique string. One's digested_password is actually the digest of password+salt:
| user_name | digested_password | salt     |
+-----------+-------------------+----------+
| bdlh      | efagukfuilfehilef | efaghkku |
| smith     | fiopwefiopf890fnk | h23bh9m0 |
| kumar     | vjlvsr8u0w780w4bj | 789r2bh7 |Now even if kumar and I happen to have the same password, our salts make the digests different.
As for "how to digest", use MessageDigest: [http://java.sun.com/javase/6/docs/api/java/security/MessageDigest.html]

Issues with encrypt/decrypt

I got a system that is behaving strange what appears to be randomly.
I create a CURD cfc for this table and to store the password I use
Encrypt and when it's been red from the CFC it gets decrypt by the cfc.
Here is the few lines of code from the CFC that is in charge of it.
On update (same method is doen on crate as well):
<cfif isdefined("arguments.fu_password")>fu_password=<CFQUERYPARAM value="#left(encrypt(trim(arguments.fu_password), this.encKey),250)#" cfsqltype="cf_sql_varchar" maxlength="250">,</cfif>
On read (after I query the database):
<cfloop query="qReadFrontend_Users">
 <cfset qReadFrontend_Users.fu_password[currentrow] = #Decrypt(qReadFrontend_Users.fu_password[currentrow], this.encKey)#>
</cfloop>
It worked well (I use this method everywhere I need to save the data encrypted) for a long time, and IT STILL works well on my server. But about 2 months a go I started to get errors that the input/output of the encryption is not the same.
The MUST strange thing is that the errors will be sent to me WITOUT the page being viewed been relocated to the error page (which is what happens when an error accurse on that system). And on top of that the CFC would RETURN the SQL with the RIGTH INFO !! IE it decrypts the info but yet say there was a problem.
I then added this to the CFC …
<cftry> 
 <cfloop query="qReadFrontend_Users">
 <cfset qReadFrontend_Users.fu_password[currentrow] = #Decrypt(qReadFrontend_Users.fu_password[currentrow], this.encKey)#>
 </cfloop>
 <cfcatch type="any">
 <cfmail from="****" to="*****" subject="FRONT END USERS CFC CF CATCH EMAIL !!!!" type="html">
 cfcatch:
 <cfdump var="#cfcatch#">
 
 arguments:
 <cfdump var="#arguments#">
 
 Query
 <cfdump var="#qReadFrontend_Users#">
 
 this
 <cfdump var="#this#">
 
 cgi
 <cfdump var="#cgi#">
 </cfmail>
 <cfreturn qReadFrontend_Users>
 </cfcatch>
 </cftry>
And I started getting emails. in all of the emails the RETRURNED query is fine, as I mentioned above.
I also checked the DB, outputting each row and its decrypt password, the problems is not in the DATA IT SELF, the data is k-ok !.
And again this happens totally on random, no pattern to it what so ever.
My Q' is, did any one encountered something like this?
My first guess was that the SQL is not ok in some why, but I have NO idea what to look for.
Please HELP : )

Sorry, I have solved this problem, Thank you.

How to encrypt/decrypt the password

Hi
In our website(JSP,servlet) is running over the Sun One Application server.In website, Contact us information is call by a servlet.when we submit the information and it will connect to the DB. I need to use encrypt/decrypt the password. DB connection information is store in server.xml.
So how to proceed to encrypt/decrypt the password?
please advice/suggestion for the same.
thanks
lalit
Edited by: Lalit107 on Aug 6, 2009 4:49 AM

I don't understand what you are saying. Is your password sumitted from the JSP?

Can we generate the same key with the same password???

Hi everyone,
Is it at all possible to generate the same key? I have a program that takes a user password, creates a key. And this is done in a loop for 5 times. I just wanted to see if the keys that are generated will be the same for the same password. But the keys that are generated are different.
Does anyone have any idea why this would happen?
My Environment
jdk1.2.2
jce1.2.1
My class is very simple as is as follows
import java.security.*;
public class SecureStuff {
static
Security.addProvider(new com.sun.crypto.provider.SunJCE());
public SecureStuff()
try {
Key secretKey = null;
for (int i = 0; i < 6; i++){
javax.crypto.spec.DESedeKeySpec spec = new javax.crypto.spec.DESedeKeySpec("PASSWORDPASSWORDPASSWORD".getBytes());
javax.crypto.SecretKeyFactory desFactory = javax.crypto.SecretKeyFactory.getInstance("DESede");
secretKey = desFactory.generateSecret(spec);
System.out.println("key generated:"+secretKey.getEncoded());
} catch (Exception e){
e.printStackTrace();
public static void main(String[] args) {
SecureStuff securestuff = new SecureStuff();
The Output
C:\> java SecureStuff
key generated:[B@eb7989c5
key generated:[B@e96189c5
key generated:[B@e99589c5
key generated:[B@e8d989c5
key generated:[B@ef4189c5
key generated:[B@eff589c5
Please can anyone help me..
Thank you very very much.
...geetha

Hi,
I was wondering if you have found a solution to your question.. I justed started working with JCE and have to implement the same functionality. basically I am trying to Encrypt passwords stored in the DB and then when a user logs in, I encrypt his password and compare with the stored password in the DB. For me to do this I have to be sure I can get the same key generated for each encryption.
Also, do you have any examples I can look at or any recommendation on books that explain this subject (JCE) well.
Thanks
Chi

Or some reason everytime i got to my membership for pet insurance it says wrong password the i go back to IE 11 and it lets me sign in with the same password...

for some reason everytime i got to my membership for pet insurance it says wrong password then i go back to IE 11 and it lets me sign in with the same password...What gives..do I have to have 8 different browsers to get into certain accounts...lol...help

Hi vikadelic,
Do you store your passwords in the browser? If so, you may want to update them to make sure that they are trying to login with the right credentials: [[Password manager - Remember, delete and change saved passwords in Firefox]]
If that is not the case, it may be an old stored cookie: [[Delete cookies to remove the information websites have stored on your computer]]

Encrypt/decrypt streams with same password

Similar Messages

Maybe you are looking for