7

I'm making a simple program that takes text entered in a text box, and takes a password that's in another text box, then does some sort of simple encryption on it and saves it to a file. Afterwards, a user should be able to open up the file again and provide the password that was used to encrypt it and it should spit out the original text.

Right now I'm taking the string. Separate it into a char array, then doing the same for the password. After that, I take the password, convert all those chars to integers, find the average value for all of them, and use it as an offset to the chars int he original text. Kind of like:

textChars[1]= (char)((int)textChars[1]+offset);

Then I can do the reverse for the encrypted string:

encryptedChars[1]= (char)((int)encryptedChars[1]-offset);

The problem is that characters have different values on different platforms so sometimes the offset will turn the char into some crazy number (like a negative value) which will just turn the char into a question mark.

I looked at the crypto library in the standard Java API, but I feel confused as to how the key works if it's just randomly generated every time I start the program.

What I need is two functions that look like String encrypt(String text,String Password) which spits out the text encrypted with the password as a key to decrypting it, and String decrypt(String encryptedText, String Password) which would spit out the original text (or gibberish if the password is junk)

Any help is really appreciated, this is really just a personal project so I don't need any fancy encryption methods.

help-info.de
  • 6,695
  • 16
  • 39
  • 41
RangerMauve
  • 308
  • 1
  • 2
  • 8
  • oh yea MD5 is one way I could not be stuffed reading whole post:) – Shahzeb Oct 14 '11 at 03:57
  • possible duplicate of [Java 256bit AES Encryption](http://stackoverflow.com/questions/992019/java-256bit-aes-encryption) – Tim Bender Oct 14 '11 at 03:57
  • You should not be storing encrypted passwords. What is your use case? Are you trying to verify the user knows their password or are you trying to create a password vault. If the latter and you are confused by Java encryption then just dont. If the former then don't encrypt the password store a hash of the password such as SHA-256 hash, then when given the password later hash it again and compare with the hash you have stored. Make sure to store a salt too. Maybe you ought to read up a bit more on how all this works before you end up making something that gets you into trouble. – Steve Owens Dec 23 '22 at 21:09

2 Answers2

12

You're trying to re-invent the wheel. Unless you're doing it for fun, I'd recommend using something like AES. If you just google "AES in java" you'll find a number of examples.

If you are doing it for fun and want something simple to implement, have a look at ROT13 as well.

Here's an example for AES in Java:

private static final String ALGORITHM = "AES";
private static final byte[] keyValue = 
    new byte[] { 'T', 'h', 'i', 's', 'I', 's', 'A', 'S', 'e', 'c', 'r', 'e', 't', 'K', 'e', 'y' };

 public String encrypt(String valueToEnc) throws Exception {
    Key key = generateKey();
    Cipher c = Cipher.getInstance(ALGORITHM);
    c.init(Cipher.ENCRYPT_MODE, key);
    byte[] encValue = c.doFinal(valueToEnc.getBytes());
    String encryptedValue = new BASE64Encoder().encode(encValue);
    return encryptedValue;
}

public String decrypt(String encryptedValue) throws Exception {
    Key key = generateKey();
    Cipher c = Cipher.getInstance(ALGORITHM);
    c.init(Cipher.DECRYPT_MODE, key);
    byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedValue);
    byte[] decValue = c.doFinal(decordedValue);
    String decryptedValue = new String(decValue);
    return decryptedValue;
}

private static Key generateKey() throws Exception {
    Key key = new SecretKeySpec(keyValue, ALGORITHM);
    return key;
}

You may want to improve on this code.

Akshay
  • 1,606
  • 3
  • 17
  • 32
  • 1
    Okay, I've used the code you provided but switched to DES instead since I didn't know how many characters AES needs, and I really don't care about strong protection. Thanks for the help! – RangerMauve Oct 14 '11 at 06:08
  • Most encryption algorithms work on bytes, not characters and Strings. As per the AES spec, the key should be 128, 192 or 256 bits. To use a string as a key, check this out: http://stackoverflow.com/questions/3451670/java-aes-and-using-my-own-key – Akshay Oct 14 '11 at 06:40
6

What you really need is Symmetric cryptography, i.e., the algorithm uses same key to encrypt and decrypt the data. There are many algorithms available which support symmetric cryptography like DES, AES.

Have a look at this example: http://www.java2s.com/Code/Java/Security/EncryptionanddecryptionwithAESECBPKCS7Padding.htm

In the above example, replace

byte[] keyBytes = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
    0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 };

with

byte[] keyBytes = yourPassword.getBytes();

It uses the bouncycastle library, which is arguably the best cryptography libraries available.

Rohit5k2
  • 17,948
  • 8
  • 45
  • 57
Manish
  • 3,913
  • 2
  • 29
  • 45
  • This seems to be the most promising solution so far, I'll go try it out. – RangerMauve Oct 14 '11 at 04:05
  • @Shahzeb Whats wrong with java2s? I personally find the examples at the site a good start rather than beginning from scratch. – Manish Oct 14 '11 at 06:21
  • 1
    You shouldn't use a password directly as a key - you should always use key stretching first. – Nick Johnson Oct 17 '11 at 03:24
  • 2
    This is completely insecure. You need to use something like PBKDF2 to derive a key form the password. Otherwise you are stuck with the very very low entropy of the password which someone could easily guess. – imichaelmiers Oct 17 '11 at 16:00
  • And you don't want to use ECB. At least use CBC or perhaps even better, an AEAD mode. – QuantumMechanic May 23 '16 at 15:46