Newbie need to encrypt/decrypt using password

Similar Messages

• How to encrypt/decrypt the password

  Hi
  In our website(JSP,servlet) is running over the Sun One Application server.In website, Contact us information is call by a servlet.when we submit the information and it will connect to the DB. I need to use encrypt/decrypt the password. DB connection information is store in server.xml.
  So how to proceed to encrypt/decrypt the password?
  please advice/suggestion for the same.
  thanks
  lalit
  Edited by: Lalit107 on Aug 6, 2009 4:49 AM

  I don't understand what you are saying. Is your password sumitted from the JSP?

• Error in running encryption/decryption using DES in Websphere Dev't Client

  Hello!
  I have a code used to encrypt / decrypt a string (password). I have already tested it using Netbeans and it is working. But when I tried to add the java code to an existing web project using Websphere Development Client,, javax.crypto.* is not recognized. Then I imported JCE.jar.
  The java code contains no errors then, but when I started to run the project, it gives an Error 500. And below is the Console's error message:
  E SRVE0026E: [Servlet Error]-[javax.crypto.spec.PBEKeySpec: method <init>&#40;[C[BI&#41;V not found]: java.lang.NoSuchMethodError: javax.crypto.spec.PBEKeySpec: method <init>([C[BI)V not found[/b]
  Have I missed something to add? Or other things that I should do upon importing this jar file?
  Please help.
  Advance thanks for your reply.
  misyel

  I dont know what version of Java that my Websphere's using. But I am very sure that it is outdated. I am using Websphere 5.0. For Netbeans, it is JDK1.5.
  I imported the JCE from JDK 1.5 on Websphere.
  I think the code works perfectly fine. Actually it was my friend's code for encryption but they are using Eclipse for development (almost the same from Websphere but somehow different from it.)
  My idea is that I cant match the versions of the jarfiles used in my project. As much as I wanted to change the imported jar files, I couldn't for when I replaced the existing jar files, more and more errors occur.
  can we have any alternative ways of importing the jar files? or is there any other code that might help that will not use the JCE.jar?
  I really appreciate your response. thanks
  misyel

• How to Encrypt - Decrypt the Passwords

  Hi,
  i am developing an integration between SAP and SFTP.
  i want to save the encrypted password of SFTP to database tables and then i want to use the decrypted password to connect SFTP.
  how to convert the encrypted password to decrypted?
  can somebody help me please?
  Best regards.

  Hi
  you will have to encrypt the entered password first and compare the encrypted passwords.
  Im not sure, but maybe FM VRM_COMPUTE_MD5 will do the encrypting-job.
  just check it out and also check below FM
  Try the DB_CRYPTO_PASSWORD function module, there's no way to decrypt it back that I know of. You just pass the user input to the function module and compare the encrypted output to the value stored in the database.
  and also try this two
  Use the following FM to encrypt
  CALL FUNCTION 'FIEB_PASSWORD_ENCRYPT'
  Use the following FM to decrypt
  CALL FUNCTION 'FIEB_PASSWORD_DECRYPT'
  By these FM you can encrypt & decrypt any fields of the Program.
  Warm Regards
    NZAB

• Crypt::cbc encrypt / decrypt using javax.crypto

  I am having a bit of a time encrypting with crypt::cbc and decrypting with java. To get to the point, here is my code, perl first, java 2nd - I have tried to keep things very simple.
  #!/usr/local/bin/perl -w
  use strict;
  use Crypt::CBC 2.30;
  die "Need to specify a file" if(!(my $infile = shift));
  my $key = q(nvA9s$233eOrlQG4);
  my $iv = q(0123456701234567);
  my $bufsize = 16384;
  my $cipher = Crypt::CBC->new({
            'key'          => $key,
            'iv'          => $iv,
            'header'     => 'none',
            'cipher'     => 'Rijndael',
            'keysize'     => '16',     #forced - default is 32 bytes
            'padding'     => 'standard',     #PKCS5
            'blocksize'     => '16',
            'literal_key'     => '1',          #do not MD5 hash key
  open (FORIG,"$infile")|| die "can't open file: $!";
  open (FCRYPT,">$infile.crypt")|| die "can't open file: $!";
  $cipher->start('encrypting');
  while(my $readsize = sysread(FORIG, my $buf, $bufsize)) {
       print FCRYPT $cipher->crypt($buf);
  print FCRYPT $cipher->finish();
  close FCRYPT;
  close FORIG;
  now the java:
  // i have elided the import stmts for brevity
  public class AESEncrypter {
       Cipher ecipher;
       Cipher dcipher;
       byte [] buf = new byte[1024];
       public AESEncrypter() {
            String strKey = "nvA9s$233eOrlQG4";
            byte[] keyBytes = null;
            try {
                 keyBytes = strKey.getBytes("UTF-8");
            } catch(java.io.UnsupportedEncodingException ex) {
                 ex.printStackTrace();
            byte[] iv = new byte[] { 0,1,2,3,4,5,6,7,0,1,2,3,4,5,6,7 };
            IvParameterSpec ivSpec = new IvParameterSpec(iv);
            try {
                 ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
                 dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            } catch (NoSuchAlgorithmException e) {
                 e.printStackTrace();
            } catch (NoSuchPaddingException e) {
                 e.printStackTrace();
            try {
                 SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
                 ecipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
                 dcipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
            } catch (InvalidKeyException e1) {
                 e1.printStackTrace();
            } catch (InvalidAlgorithmParameterException e1) {
                 e1.printStackTrace();
       public void encrypt(InputStream in, OutputStream out) {
            try {
                 out = new CipherOutputStream(out, ecipher);
                 int numRead = 0;
                 while((numRead = in.read(buf)) >= 0) {
                      out.write(buf, 0, numRead);
                 out.close();
            } catch(java.io.IOException e) {
                 e.printStackTrace();
       public void decrypt(InputStream in, OutputStream out) {
            try {
                 out = new CipherOutputStream(out, dcipher);
                 int numRead = 0;
                 while((numRead = in.read(buf)) >= 0) {
                      out.write(buf, 0, numRead);
                 out.close();
            } catch(java.io.IOException e) {
                 e.printStackTrace();
       public static void main(String args[]) {
            if(args.length != 1) {
                 System.out.println("Usage: java AESEncrypter filename");
                 System.exit(0);
            AESEncrypter encrypter = new AESEncrypter();
            try {
       //          encrypter.encrypt(new FileInputStream(args[0]), new FileOutputStream("Java_encrypted.txt"));
                 encrypter.decrypt(new FileInputStream(args[0]), new FileOutputStream("Java_decrypted.txt"));
            } catch (java.io.FileNotFoundException ex) {
                 ex.printStackTrace();
  so with file named whoop.txt containing the following contents:
  whoop
  whoop
  whoop
  whoop
  I do:
  $>./encrypt.pl whoop.txt
  and get the resulting file whoop.txt.crypt. then I do
  $>java AESEncrypter whoop.txt.crypt
  and get the resulting file Java_decrypted.txt. when I do a hex dump of this file:
  $>dump.pl Java_decrypted.txt
  i get the following
  /0 /1 /2 /3 /4 /5 /6 /7 /8 /9 /A /B /C /D /E /F 0123456789ABCDEF
  0000 : 47 58 5F 5F 40 3A 47 58 5F 5F 40 3A 47 58 5F 5F GX__@:GX__@:GX__
  0010 : 70 0A 77 68 6F 6F 70 0A p.whoop.
  I have tried to ensure that everything matches between the perl and java code, however I am obviously missing something. Thanks in advance for any ideas!
  Gregg

  i have hardcoded the IV in perl as:
  my $iv = q(0123456701234567);
  and in the .java file as:
  byte[] iv = new byte[] { 0,1,2,3,4,5,6,7,0,1,2,3,4,5,6,7 };
  IvParameterSpec ivSpec = new IvParameterSpec(iv)
  Are these not compatible?
  thanks - gh

• Help ! Need PCI Encryption/Decryption Controller Driver for New HP 355 G2 (AMD) w/Win 7 Pro 64 Bit

  Just rebuilt new HP 355 G2 to Win 7 64 bit.  The ONLY driver I can not locate or get to work is the PCI Encryption/Decryption Controller. I installed all latest drivers for this model/OS from both HP and AMD sites still no luck. AMD autodetect utility and Catalyst software installed all other drivers successfully except this one and when completes says all drivers, including chipset, are installed successfully and current.
  I am at a complete loss where to get this driver from a OEM site, can you help ?
  Device ID's:
  PCI\VEN_1022&DEV_1537&SUBSYS_15371022&REV_00
  PCI\VEN_1022&DEV_1537&SUBSYS_15371022
  PCI\VEN_1022&DEV_1537&CC_108000
  PCI\VEN_1022&DEV_1537&CC_1080
  Thanks !!!
  This question was solved.
  View Solution.

  Hi:
  You need to run this driver and then manually install it.
  http://h20565.www2.hp.com/hpsc/swd/public/detail?swItemId=vc_133833_1
  To manually install the driver go to the device manager and click on the PCI Encryption/Decryption Controller needing the driver.
  Click on the driver tab.  Click on Update Driver.
  Select the Browse my computer for driver software option, and browse to the driver folder that was created when you ran the file.
  That folder will be located in C:\SWSetup\sp66974.
  Make sure the Include Subfolders box is checked, and the driver should install.
  Then reboot.

• Encrypt/decrypt using update

  Hi,
  can someone give me an encrypt/decrypt pair of code samples that use the cipher.update() call.
  i am trying it like that but apparently it doesn't work
  byte[] temp = new byte[message.length/2];
  byte[] temp2 = new byte[message.length/2];
  System.arraycopy(message, 0, temp, 0, temp.length);
  System.arraycopy(message, temp.length, temp2, 0, temp.length);
  ciphertext = new byte[message.length];
  System.arraycopy(symmetricCipher.update(temp), 0, ciphertext, 0, temp.length);
  System.arraycopy(symmetricCipher.doFinal(temp2), 0, ciphertext, temp.length, temp.length);

  ode]
  >
  I don't see how using the inputstream i would avoid
  the memory error, when passing anything over
  10,000,000. Unless you mean I split the input, and
  write small chunks into disk as I encrypt them?Your basic problem is that you have the data as one large array. I don't know how and why you created this large array; I would not to create it unless there was no other way.
  Since it does not make sense to create one large encrypted byte array and given that you have a byte array then you can use either
  1) Create a ByteArrayInputStream and wrap it in a CipherinputStream. This would allow you to encrypt the array in a sequential manner a few KBytes at a time.
  or
  2) Encrypt the array a few KBytes at a time using a simple update(array, start, length) that returns the encrypted bytes.
  But first, I would try to avoid creating the large 'cleartext' array.

• Encrypt/Decrypt using REPLACE/TRANSLATE function

  Hi,
  Can someone please provide me any procedure/function which encrypts/decrypts a string using REPLACE/TRANSLATE function?
  Thanks
  Dinakar

  example with TRANSLATE:
  CREATE OR REPLACE function temp_encrypt (p_value IN VARCHAR2)
  RETURN VARCHAR2 IS
  BEGIN
      RETURN(TRANSLATE(p_value, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'BCDEFGHIJKLMNOPQRSTUVWXYZA'));
  END;
  CREATE OR REPLACE function temp_decrypt (p_value IN VARCHAR2)
  RETURN VARCHAR2 IS
  BEGIN
      RETURN(TRANSLATE(p_value, 'BCDEFGHIJKLMNOPQRSTUVWXYZA', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'));
  END;
  SQL> SELECT temp_decrypt('MY TEST') FROM dual;
  TEMP_DECRYPT('MYTEST')
  LX SDRS
  SQL> SELECT temp_encrypt('LX SDRS') FROM dual;
  TEMP_ENCRYPT('LXSDRS')
  MY TESTyou may combine this with REPLACE() ...

• Newbie needs help - First time using Premier Pro 5.5.2

  I have Premier Pro CS 5.5.2 install on iMac 2011 with Lion 10.7.3. I imported an AVCHD clip from a SDHC card using a usb card reader. The clips were really choppy and pixelated. The clip was shorted in 1920 x 1080 HA. I have been reading from the Adobe site and their Videos. I should have no problem importing AVCHD into Premier Pro.  Do I need 3rd party conversion software to convert the clip to Quicktime or what specific settings should I be using? Any suggestion would be appreciated.

  With so many features that cannot be disabled, Premiere Pro requires significantly more horsepower than that iMac can deliver. FCP X also requires a decent amount of system horsepower as well. iMovie doesn't require much due to its relative lack of features.
  And as I stated a few times, the iMacs are designed for convenience/looks first, low power consumption second, performance third. In fact, although they use desktop CPUs, the 2011 lineup uses mostly reduced-power versions of the i5 and i7 CPUs (in this case, the "S" variant of these CPUs with their lower 65W TDP instead of the normal 95W TDP). And their minuscule interior space meant laptop-class GPUs instead of desktop-class GPUs. In the end, you'd end up with a very large system that performs no faster than a decent laptop (in fact, the laptop HD 6770M is slower than the desktop HD 6770 (which is in reality a tweaked HD 5770) in games). Worse, unless you can find a Thunderbolt external hard drive for that iMac, you're effectively stuck with a single physical hard drive for absolutely everything, especially since both Firewire 800 and USB 2.0 (the other ports available on the iMac) are much, much slower than SATA.

• Encrypt / Decrypt in J2SE 1.3.1

  Hi,
  I need to encrypt / decrypt a string.
  For this, i use JCE (J2SE 1.4) (Cipher class)
  The problem it's, i have to use J2SE 1.3.1.
  I am looking for some class i can use for encrypt and decrypt a string.
  Do you know what class can i use for my goal ???
  Thanks so much ...
  Omar

  J2SE is Java 2 Standard Edition
  JRE is Java Runtime Environment (that is what the client has)
  JDK is Java Development Environment (it includes JRE plus the development tools)
  If you have J2SE 1.4 and need to make sure that your
  program will run with J2SE 1.3.1, you need to add the
  option "-target 1.3" to the compile command on the
  command line:
  #javac -target 1.3 MyClass.java
  This makes sure that the class file is compatible with
  J2SE 1.3. If your program uses the JCE, you need to
  make sure that the end user has the JCE installed,
  because it is not automatically included with J2SE
  1.3. This is not correct. "-target" option tells compiller to use features specific for the concrete targets. And the default target for javac from 1.4 actually "1.2" (it was "1.1" in 1.3 and befofe). This is from javac changes documentation from JSDK 1.4
  The javac byte-code compiler has a new -source option that enables support for compiling source code containing assertions. Also, default compilation is for -target 1.2. Previously, the default was 1.1. The compiler now correctly detects unreachable empty statements, as discussed in bug 4083890. Javac also recognizes the new -Xswitchcheck option that checks switch blocks for fall-through cases and provides a warning message for any that are found.
  So, to make shure if your app going to work on 1.3 you no need to recompile it but you have to run it in 1.3 JRE and see if it work or not. Because JCE (Java Cryptography Extention) wasn't included into JRE 1.3 you have to install it in there. I recommend to use BouncyCastle or Sun's reference implementation.
  Use the Cipher class, if your end user has the JCE
  installed, it will work all fine.
  If you wanted to you could also use BouncyCastle
  instead of JCE, but it is not necessary.BouncyCastle is cleanroom JCE implementation and JCE provider! It have much more algorithms implemented and they are faster comparing with Sun's JCE provider.

• B2B - SFTP - Encrypt data using PGP

  Hello,
  I am hearing / reading mixed comments on using PGP encryption / decryption using the SFTP Transport in Oracle B2B.
  The requirement is the data needs to be encrypted during the transport between the trading partners. The SFTP server houses the PGP encrypted data, B2B should be able to listen, pick and decrypt and process the files.
  Is this possible in Oracle SOA Suite 11g? If yes, could you please point me to any documentation that explains configuring B2B to decrypt a PGP encrypted file.
  Thanks in advance,
  Venkatesh

  I think most comments you read about this would have said that B2B SFTP cannot handle PGP encryption. This is true. B2B out-of-box does not support PGP encryption/decription. Most people suggest using Java callout.
  ~Ismail.

• Better Encryption/Decryption Method - SMIME or PGP ?

  1. Which is the default encryption/decryption method provided in BizTalk Server ?
  2. What is PGP Encryption/Decryption ?
  3. What is SMIME Encryption/Decryption ?
  4. Which is better out of the two ?

  There is no default encryption/decryption method provided in BizTalk Server. BizTalk uses encryption/decryption using certificates (when you use certificates ). More about them here.
  BizTalk Server : Encrypting and Decrypting a Message.
  Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication.
  Soruce: Wiki. In Specific to BizTalk, messages are encrypted/decrypted at the entry point into BizTalk, right place is in pipeline using custom pipeline component. There is one available
  which you can learn more here.
  https://code.msdn.microsoft.com/windowsdesktop/BizTalk-Sample-PGP-ebcbc8b2. Also there is a thrid party adapter and pipeline component available to implement extensive suite of PGP features in BizTalk-
  https://www.eldos.com/bizcrypto/biztalk-pgp-adapter-pipeline.php
  S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for
  public keyencryption and
  signing of MIME data. S/MIME is on an
  IETFstandards track and defined in a number of documents, most importantly RFCs 3369, 3370, 3850 and 3851. S/MIME was originally developed by
  RSA Data Security Inc.
  soruce Wiki. In BizTalk, when you use certificates with two-key security, it supports public key encryption of outbound messages and decryption of inbound messages based on Secure Multipurpose
  Internet Mail Extensions (S/MIME). BizTalk Server uses S/MIME version 3 for encryption of outbound messages, and S/MIME versions 2 and 3 for decryption of inbound messages. Reference:
  http://msdn.microsoft.com/en-us/library/aa559843.aspx
  When you discuss about which is more native, I would choose S/MIME which can be implemented with certificates and out-of-MIME pipeline components. 
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• Please Help!!!  Encrypt/Decrypt Password

  i'm a newbie to Cryptography...and i know that this question have been asked MILLIONS of time...but i'm going to ask it again. i searched through the forum, and i didn't find anything useful...but:
  i want to write a program to encrypt the password i type in the JPasswordField...save it out to a Properties file...when i'm trying to authentication, get the password...decrypt the password...and authentication.
  i pretty much have the JPasswordField and Properties file done...i just need the encryption and decryption left.
  can someone please help??? please post example code...please don't suggest hashcode!!!
  sin sai

  Try this, found at:
  [ http://java.ittoolbox.com/documents/document.asp?i=1676 ]
  You can convert your password to MD5 format as follows:
  import java.security.*;
  import java.lang.*;
  public class PasswordEncrypt {
  * Constructor for the PasswordEncrypt object
  public PasswordEncrypt() { }
  * This is the method which converts the any string value to MD5
  format.
  *@param str password
  *@return encrypted password in MD5
  public String encrypt(String str) {
  StringBuffer retString = new StringBuffer();
  try {
  MessageDigest alg = MessageDigest.getInstance("MD5", "SUN");
  String myVar = str;
  byte bs[] = myVar.getBytes();
  byte digest[] = alg.digest(bs);
  for (int i = 0; i < digest.length; ++i) {
  retString.append(Integer.toHexString(0x0100 + (digest[i] &
  0x00FF)).substring(1));
  } catch (Exception e) {
  System.out.println("there appears to have been an error " + e);
  return retString.toString();
  ---

• Crypto newb: Need help with encrypting data for offline Swing app

  Hi all,
  I'm VERY new to cryptography. Can somebody point me in the right direction? I've created a Swing application that is intended to be used offline (no network connections are established by the app). I need to export XML files from this application, to be transported via floppy to another instance of the application on a different computer for import. The information is sensitive and must be encrypted!
  I started looking into AES and using asymmetric ciphers (public/private key encryption). But then I realized that if Jane is exporting a file for Bob to view, she won't have access to Bob's public key (no network access). Ugghh!
  I noticed another solution in this forum where the person suggested using password encryption. It was an old post and I think it used DES. Anyway, password encryption doesn't seem too secure.
  So, I thought I'd create a symmetic key (correct term?) once, store it in the program directory, and distribute it with the application installer. That way, everyone would have the same key and would be able to encrypt/decrypt each others files. Right? Err... I'm not sure.
  Like I said, I'm a newb at crypto. If someone could suggest the best/most secure way to accomplish this, I would be eternally grateful.
  PLEASE HELP!!! :-D
  Thanks in advance.

  Sorry, Grant. I must've posted that last one just
  after your response. I was intending the message to
  be for Anand. Heh - you have no idea how many times I've done the same thing. It's an artifact of the asynchronous nature of message boards.
  Your response is very helpful. Out of
  curiosity, does my last post provide any more insight
  that would change your mind? Or do you still believe
  that using password encryption and letting the user
  choose/provide the password is the best solution?Well, as you noted, giving everyone two sets of keypairs is semantically equivalent to giving everyone a single symmetric key. And, as I've noted, it's completely INsecure - everyone who gets access to an install disk, either legitimately or no, can read every transmission your app makes forever after. Cryptographically speaking, this is Not A Good Thing.
  The advantage of PBE is that it's easy for your users to exchange keys when their machines can't see each other. The real key here is that your app, if you really want it to be secure, MUST allow/require that transmission between Alice and Bob use a different key than that between Alice and Carlos or Bob and Carlos - otherwise, if Eve compromises any user of your software, ALL users are compromised.
  I'd go with PBE, just because other alternatives are painful for your end users. You could use generated KeyPairs, for example, if you provide a means for users to exchange public keys. If you display Bob's public key in encoded, String-able form, then Bob can either email that to Alice or read it off to her over the phone. Into your app Alice loads/types in that public key, and the app now knows how to secure communications with Bob.
  Public keys are large, though, and people screw them up typing them in. And many users have TERRIBLE key discipline - if Bob loses access to his private key, he can't read anything Alice sends. And if his private key is readable on some public shared folder (which happens with a totally-frightening regularity), then we're back to no security at all.
  Use one of the triple-DES PBE Ciphers, and get on with making your app do what you really want it to do, would be my advice. (Free advice, of course, being worth every penny you pay!)
  Once again, thanks a bunch!Glad to help.
  Grant

• Help needed in encrypting and decrypting a file

  Hello,
  I just started looking into the Java Security.I need to encrypt a file using any popular alogrithm like RSA or DES and write it to disk.and again decrypt this file at a later time when needed.
  I was checking out with different ways of doing so,but found it difficult to persist the key some where.
  Could some one help me in this regard,with a tutorial or a sample program where I will be able to give cleartext file as an input and get a ciphered text file as output and vice versa?

  Probably the simplest solution is to use password-based encryption (PBE). See http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html#PBEEx
  for an example.