4

I'd like to store a serialized object to a file however I'd like to make it encrypted. It doesn't need to be really strong encryption. I just want something easy (preferably a couple lines of code max)that will make it a bit more difficult for someone else to load. I've looked into SealedObject but the key's are holding me up. Ideally I'd like to just pass a String as the key to encrypt / decrypt the object.

Any suggestions?

user2041469
  • 49
  • 1
  • 1
  • 3

7 Answers7

13

Try this code:

String fileName = "result.dat"; //some result file

//You may use any combination, but you should use the same for writing and reading
SecretKey key64 = new SecretKeySpec( new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }, "Blowfish" );
Cipher cipher = Cipher.getInstance( "Blowfish" );

//Code to write your object to file
cipher.init( Cipher.ENCRYPT_MODE, key64 );
Person person = new Person(); //some object to serialise
SealedObject sealedObject = new SealedObject( person, cipher);
CipherOutputStream cipherOutputStream = new CipherOutputStream( new BufferedOutputStream( new FileOutputStream( fileName ) ), cipher );
ObjectOutputStream outputStream = new ObjectOutputStream( cipherOutputStream );
outputStream.writeObject( sealedObject );
outputStream.close();

//Code to read your object from file
cipher.init( Cipher.DECRYPT_MODE, key64 );
CipherInputStream cipherInputStream = new CipherInputStream( new BufferedInputStream( new FileInputStream( fileName ) ), cipher );
ObjectInputStream inputStream = new ObjectInputStream( cipherInputStream );
SealedObject sealedObject = (SealedObject) inputStream.readObject();
Person person1 = (Person) sealedObject.getObject( cipher );
Michael Cheremuhin
  • 1,381
  • 11
  • 17
  • Can I ask you a question?? What if I don't want it as a file? I just want the byte[] which I will encode using Base64 and convert it into string. Is there any way to do that? I found one way but it's a long shot and somehow I feel its bad. Kindly help. – Aditya Peshave Feb 19 '14 at 23:10
  • Then you should not use FileOutputStream – Michael Cheremuhin Feb 21 '14 at 09:14
  • One more quick question, Do I have to use sealed object whenever I am using serialization? I am doing it using ByteArrayInputStream but I am getting different results. I have the question here. http://crypto.stackexchange.com/questions/14619/decryption-returns-different-data – Aditya Peshave Feb 21 '14 at 09:35
  • The main point is to use the same Cipher arguments. So, if you serialised your object with some key64 and used Blowfish, the you should use the same key64 and Blowfish type while reading your object. – Michael Cheremuhin Feb 21 '14 at 17:45
5

Using CipherOutPutStream (http://docs.oracle.com/javase/6/docs/api/javax/crypto/CipherOutputStream.html) to write the objects into the ObjectOutputStream might be an easy and good approach here.

Leo Rohr
  • 196
  • 1
  • 8
  • Thanks! this sent me down the right road and I now have it working. I found this page which made it pretty easy.http://www.java2s.com/Code/Java/Security/EncryptingandDecryptingwiththeJCE.htm – user2041469 Jun 05 '13 at 23:21
3

You should look into Jasypt. It has a bunch of utility functions to make this easy. 

...
BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
textEncryptor.setPassword(myEncryptionPassword);
...
String myEncryptedText = textEncryptor.encrypt(myText);
...
String plainText = textEncryptor.decrypt(myEncryptedText);
...
Daniel Kaplan
  • 62,768
  • 50
  • 234
  • 356
1

Use SealedObject and Cipher class to Encrypt and decrypt the object.

What is SealedObject?

SealedObject encapsulate the original java object(it should implements Serializable). It use the cryptographic algorithm to seals the serialized content of the object.

What is Cipher?

This is a java class, use cryptographic algorithm for encryption and decryption.

Sample code

below is the sample code.

EncriptThisClass so = new EncriptThisClass();
SealedObject encryptedObject =encryptObject(so);
EncriptThisClass etcObject=decryptObject(encryptedObject);

For complete code please visit the below link. http://javaant.com/object-encryption-decryption-in-java/#.VvkA6RJ96Hs

Nirmal Dhara
  • 2,121
  • 18
  • 27
0

Cant you just use any encryption library at all? Your basic code would be

Object o=...;
String s= new String();
ObjectOutputStream out = new ObjectOutputStream(StringStream(s));
out.writeObject(o);

And then you just pass s into any encryption system you want.

Edit: I forgot that StringStream is a C++ thing, not a Java one. But you can basically do the same thing, take a look here.

shybovycha
  • 11,556
  • 6
  • 52
  • 82
David says Reinstate Monica
  • 19,209
  • 22
  • 79
  • 122
0

As a general answer (since I don't use Java much these days):

I suggest searching multiple forms of encryption and find which suits what you'd like to do, and then to find and modify a module already written for your data or to write your own based off of the algorithm that you would like use.

For example if you wanted to use SHA256 and found a module already written for you, just modify it to use the data stream you want. 

private ObjectName modifiedSHA256(input stream, ..., ...)
{
    // Modified algorithm
}

And then you can make a call to it whenever you want to write the data stream somewhere. The module will then save its own data stream which is then written to a file.

signus
  • 1,118
  • 14
  • 43
0

javax.crypto.SealedObject is definitely the answer. What's the problem with the keys?

user207421
  • 305,947
  • 44
  • 307
  • 483