Encryption of IP address

Question

I need to encrypt an IP address, save it to file, and then be able to retrieve it later. I was wondering if anyone could suggest a good way to do this. Just the name of some encryption algorithms would be fine or links to resources.

Ive done my research and have come up with a few solutions. Just wanted to make sure there wasnt something I missed. If it helps at all, the application is written in java. We do use JNI for some native functions, but would prefer to stay away from JNI.

Thanks

EDIT:

Its a client/server model. The server will send the encrypted ip address to the client. The client will decrypt it, and then connect to that address.The data will be just a string. Its IPv4.

Just out of curiosity - why would you want to hide an IP address you are connecting to? After all users could just look at the trafic on their wireless network to see where your app is connecting. — Peter Knego, Nov 04 '10 at 19:31

score 2 · Answer 1 · answered Nov 04 '10 at 19:34

2

As other answers have already indicated, AES is your best bet for this problem. However, as is always the case with encryption, the real problem is not which algorithm to choose; it is how to keep your key a secret. If it is simply a string in your source code, it would take very little work for someone to figure that key out and use it to decrypt your file.

answered Nov 04 '10 at 19:34

Adam Crossland

14,198
3
44
54

This is indeed always the issue with encryption. Implementation is usually the downfall. – g19fanatic Nov 04 '10 at 19:39

score 2 · Answer 2 · answered Nov 04 '10 at 20:17

Assuming that you want arbitrary encryption on the client then you have a serious key management problem. It is pretty trivial to reverse engineer client code to obtain an embedded encryption key. And you need to consider what you'd do if that key is compromised and splattered all over the internet. Once it's embedded in your code then it's out of your hands (see CSS and deCSS for more fun reading on that subject).

So, a better solution is to have the server do the encryption and decryption and the client to just send up a bunch of bytes that it's stored locally.

Now, what's a good way of encrypting stuff on the server in an easy to maintain manner? I'm talking about key management; ease of use; strength of encryption; easy Ant/Maven targets/goals to manage the generation of said server side keys and so on. One framework that works really well for me is KeyCzar by Google. Simple API and external management is a piece of cake. Take a look.

score 1 · Answer 3 · answered Nov 04 '10 at 19:27

1

I can answer to your straight question about encryption algorithm: AES

Java has classes for that!

But I still have my doubts about the robustness of you solution

answered Nov 04 '10 at 19:27

usr-local-ΕΨΗΕΛΩΝ

26,101
30
154
305

score 1 · Answer 4 · edited May 23 '17 at 12:15

1

I'd personally use AES.

Some more resources:

http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html

Java 256-bit AES Password-Based Encryption

http://www.aescrypt.com/java_aes_crypt.html

edited May 23 '17 at 12:15

Community

1
1

answered Nov 04 '10 at 19:29

g19fanatic

10,567
6
33
63

Since you added the edit about encryption not taking place on the same side as the decryption... to reliably do this and safely, you will need to do it with a Public Key type of encryption. The usual model is for both the server and client to generate a pair of public/private keys. A server will 'host' both public keys. For the server to send an encrypted msg to the client, the server would encrypt the IP using the clients Public key, so that the client would be able to decrypt using his private key. – g19fanatic Nov 05 '10 at 12:03
http://stackoverflow.com/questions/338578/any-tutorials-on-public-key-encryption-in-java – g19fanatic Nov 05 '10 at 12:04

score 1 · Answer 5 · answered Nov 04 '10 at 19:34

I strongly recommend using the BouncyCastle library for Java. It's a lot cleaner than the built-in crypto stuff in Java and significantly easier to understand. Instead of mucking around with passing names of algorithms to methods and seeing if you actually get a cipher back you can just use new. Much easier.

James Black · Answer 6 · 2010-11-06T20:15:40.367

You mentioned you have a few solutions, why not mention them.

Also, this is a very general question, are you looking for a symmetric algorithm or prefer public/private key, or something that uses both?

If you are looking at keeping the key on the server, since IP addresses are small (is this for IPv6, http://en.wikipedia.org/wiki/IPv6) then RSA would be a good choice, as you can then keep the public key on the server but no one can create a new key without the private key.

How will you be using the data? If you are going to decrypt all of them then just keep them in one file, zip it, then encrypt the entire file.

More details would help to narrow this down, as there are a large number of solutions.

But for libraries, in Java, I like BouncyCastle (http://bouncycastle.org/) as they give a large selection and works well if you need to exchange keys with .NET.

UPDATE:

Based on the latest update to the question the biggest concern is how to exchange the encryption key.

Since this is being sent to a client, your best bet may be to use something like RSA to help with this. The client would have a private key, and the server would have the public key of each client, so that if one is compromised the entire system isn't. Then, the server generates a symmetric key (AES is fine, I like IDEA), and encrypts that key. Then, you transmit both pieces to the client, the client then decrypts the symmetric key and then the IP address.

This idea was made popular by PGP.

You may want to use BouncyCastle, as I mentioned, so that if your client is written in .NET or Java you can still do the key exchange, since it has APIs for both platforms.

How you get the key to the server, from the client, or vice versa, depends on many factors, but that will be the weak link in this whole system, and so that part needs to be designed carefully.

Sorry for the vagueness. This is the first task that I have ever been assigned to that deals with encryption so I'm learning about this stuff as I go. The key would be stored on the server. It will be using IPv4 for now. The data itself just needs to be a string. — user489041, Nov 04 '10 at 19:50
But how will you decide what to decrypt? For example, if you use a name before each one, then is that secure, or should the entire file be encrypted/decrypted as needed? — James Black, Nov 04 '10 at 20:40

score 0 · Answer 7 · answered Nov 06 '10 at 23:14

0

As commented elsewhere, it is pointless. The information is available by other means so encrypting it via this channel is a compete waste of time. Netstat is yet another way the address can be detected.

answered Nov 06 '10 at 23:14

user207421

305,947
44
307
483

So basically there is no way I can keep the ip address of the server secure and encrypted so no one but myself can see/edit it? – user489041 Nov 08 '10 at 16:10

score 0 · Answer 8 · answered Dec 06 '21 at 05:29

Is there no way to route the TCP traffic through a proxy IP and "obfuscate" the IP that way?

I don't see the issue there unless the said provider of the proxy blocks the required ports according to projects needs. It's too bad Cloudflare wont allow anything except HTTP/S requests through their service unless you get on Enterprise, otherwise there is your solution in a blink.

Encryption of IP address

8 Answers8