Allowing users to enter keys for blowfish encryption

Question

I am writing a sqlite database that will encrypt messages using blowfish. However in order to use it effectively the user has to be able to enter the key for the database when the program starts. The problem is the fact that I am using a randomly generated key for security but this seems to make allowing the user to enter the key impossible. Does anyone have any ideas how to let the user input the key while avoiding forcing them to enter, for example, a null character.

Don't make them enter a raw key, instead derive a key from a password/phrase+salt, see http://stackoverflow.com/questions/372268/java-passphrase-encryption — Alex K., Jun 06 '11 at 11:50

score 0 · Accepted Answer · answered Jun 06 '11 at 11:56

You could generate the password as follows:

SecureRandom r = new SecureRandom();
byte[] bytes = new byte[16];
r.nextBytes(bytes);
String pwd = new BigInteger(bytes).toString(Character.MAX_RADIX);
System.out.println(pwd);

To convert the password back to the byte array, use:

bytes = new BigInteger(pwd, Character.MAX_RADIX).toByteArray();

Allowing users to enter keys for blowfish encryption

1 Answers1