-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
wqhdebian wrote:
As far as I know,when encrypt or decrypt ,a key must first be
got,and the key is first generate by a tool or from
SecurityRandom,that means I can not generate the same key with the
same input.Does there is a method which can generate a same with the
same input string?
There is a need to transfer file between to site,and the customer
wish to encrypt these files during transfering,and they want to
store a string into each database at each site,when sending and
receiving files,get the string from the database to encrypt or
decrypt the file,they alse want to have a control of the string,they
can change the string randomly if they wish as long as long keep
each string is equal,how to realize this?
Hi,
What you're looking for is called Password Based Encryption. Here's
how it works:
TO ENCRYPT:
1. Take the String and create a PBEKeySpec.
2. Use a SecretKeyFactory to produce a SecretKey.
3. Select an iteration count (probably a constant in code).
4. Generate a random salt.
5. Create a PBEParameterSpec from the iteration count and salt.
6. Create a Cipher from the SecretKey and PBEParameterSpec.
7. Encrypt the data with the Cipher.
8. Send the salt, unencrypted, and the output of the Cipher.
TO DECRYPT:
1. Take the String and create a PBEKeySpec.
2. Use a SecretKeyFactory to produce a SecretKey.
3. Use *THE SAME* iteration count.
4. Take the salt from the received block of bytes.
5. Create a PBEParameterSpec from the constant iteration count and the
received salt.
6. Create a Cipher from the SecretKey and PBEParameterSpec.
7. Decrypt the data with the Cipher.
8. Process the data.
Here's code for two classes that encrypt and decrypt, respectively,
files on disk. This code uses only algorithms that are part of Sun's
JCE provider. If your customer wants to use more modern encryption
algorithms, like AES, you will need to find and install another
provider.
CUT BELOW HERE FOR ENCRYPT.JAVA
import java.io.*;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class Encrypt {
public static final void main(final String[] args) throws Exception {
if (args.length != 3) {
System.out.println("Syntax:");
System.out.println("java Encrypt <infile> <outfile> <password>");
return;
}
PBEKeySpec pbeks = new PBEKeySpec(args[2].toCharArray());
byte[] salt = new byte[8];
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.nextBytes(salt);
PBEParameterSpec pbeps = new PBEParameterSpec(salt, 100);
SecretKeyFactory skf =
SecretKeyFactory.getInstance("PBEWithMD5AndTripleD ES");
SecretKey key = skf.generateSecret(pbeks);
Cipher c =
Cipher.getInstance("PBEWithMD5AndTripleDES/CBC/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, key, pbeps);
FileInputStream fIn = new FileInputStream(args[0]);
FileOutputStream fOut = new FileOutputStream(args[1]);
fOut.write(salt);
byte[] buffer = new byte[4096];
int i;
while ((i = fIn.read(buffer)) != -1) {
fOut.write(c.update(buffer, 0, i));
}
fOut.write(c.doFinal());
fOut.close();
fIn.close();
}
}
CUT ABOVE HERE FOR ENCRYPT.JAVA
CUT BELOW HERE FOR DECRYPT.JAVA
import java.io.*;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class Decrypt {
public static final void main(final String[] args) throws Exception {
if (args.length != 3) {
System.out.println("Syntax:");
System.out.println("java Decrypt <infile> <outfile> <password>");
return;
}
PBEKeySpec pbeks = new PBEKeySpec(args[2].toCharArray());
FileInputStream fIn = new FileInputStream(args[0]);
int i, total = 0;
byte[] salt = new byte[8];
while (total < salt.length) {
i = fIn.read(salt, total, salt.length - total);
if (i == -1) {
System.out.println("The file does not contain a full salt.");
return;
}
total += i;
}
PBEParameterSpec pbeps = new PBEParameterSpec(salt, 100);
SecretKeyFactory skf =
SecretKeyFactory.getInstance("PBEWithMD5AndTripleD ES");
SecretKey key = skf.generateSecret(pbeks);
Cipher c =
Cipher.getInstance("PBEWithMD5AndTripleDES/CBC/PKCS5Padding");
c.init(Cipher.DECRYPT_MODE, key, pbeps);
FileOutputStream fOut = new FileOutputStream(args[1]);
byte[] buffer = new byte[4096];
while ((i = fIn.read(buffer)) != -1) {
fOut.write(c.update(buffer, 0, i));
}
fOut.write(c.doFinal());
fOut.close();
fIn.close();
}
}
CUT ABOVE HERE FOR DECRYPT.JAVA
I think it should be trivial for you to integrate this code (which I
have tested) into your system.
- --
Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/v3AVwxczzJRavJYRAijkAKC54pEX9nMaXCLraBmRKeFZ0T8LkA CeNOIq
SJ1SoLeOoDjhh2kZq416YMA=
=Avxc
-----END PGP SIGNATURE-----