Encrypting and decrypting xml

Question

I am making an app in which I have to encrypt the xml from my side and send it to server and in response I will receive xml and I have to decrypt it. I have no idea to encrypt and decrypt. My code is as follows

<?xml version='1.0' encoding='utf-8'?><adm_auth_req><user_name>user.s7</user_name><password>gspcsmo</password></adm_auth_req>

I am using this code to encrypt and decrypt it

public string encryptData(string key, string data)
{
    int keyLen = key.Length;
    int dataLen = Convert.ToInt16(data.Length);
    char chData;
    char chKey;
    char[] data1 = data.ToCharArray();
    char[] key1 = key.ToCharArray();
    StringBuilder encryptedData = new StringBuilder();
    for (int i = 0; i < dataLen; i++)
    {
        chData = data1[i];
        for (int j = 0; j < keyLen; j++)
        {
            chKey = key1[j];
            chData = (char)(chData ^ chKey);
        }
        encryptedData.Append(chData);
    }
    return (encryptedData.ToString());
}

But still all in vain. Can anyone tell me how to encrypt it and decrypt the result?

What do you mean by "all in vain"? What **exactly** is not working with that code? — Nico Haase, Apr 17 '20 at 19:51

score 3 · Answer 1 · answered Dec 06 '11 at 05:59

3

What is the problem you're solving?

Maybe SSL is matching you? Encryption out of the box, standart solution.

Also you can take a look at JCA. But i think, it will be too heavy solution for your problem.

answered Dec 06 '11 at 05:59

Artem

4,347
2
22
22

score 2 · Answer 2 · answered Dec 06 '11 at 06:01

In my opinion, you should not try to implement a custom algorithm as first off, you're reinventing the wheel, and second off it will probably be no where near as secure as other more standard encryption routines. If I were you, I would take a look around for some good Java Encryption libraries. One I found is here, http://www.bouncycastle.org/latest_releases.html

CloudyMarble · Answer 3 · 2011-12-06T07:12:35.470

0

Why dont you use Twofish for that, XML is Text and all you need to use is the algorithm and you can find alot of examples for that.

edited Dec 06 '11 at 07:12

answered Dec 06 '11 at 06:00

CloudyMarble

36,908
70
97
130

score 0 · Answer 4 · edited May 23 '17 at 11:45

0

There are already some answers on SO which might fit you answer.

Encrypt and decrypt a String in java

How to encrypt String in Java

edited May 23 '17 at 11:45

Community

1
1

answered Dec 06 '11 at 06:07

uhm

278
3
12

Balaji Khadake · Accepted Answer · 2011-12-06T07:26:28.987

I have used DES algorith for encryption and decryption.

For encryption:Here after encryption, I am writing file to save. You can save it with other(temp) name and send it to server. After successful sending you can delete this encrypted file

    FileOutputStream fos = null ;  
     CipherInputStream cis; 

     byte key[] = "abcdEFGH".getBytes();   
     SecretKeySpec secretKey = new SecretKeySpec(key,"DES"); 

     Cipher encrypt =  Cipher.getInstance("DES/ECB/PKCS5Padding");  
     encrypt.init(Cipher.ENCRYPT_MODE, secretKey);  

     InputStream fis = new ByteArrayInputStream(fileData);//Here I am getting file data as byte array. You can convert your file data to InputStream  by other way too.

    File dataFile = new File(dataDir,fileName); //dataDir is location where my file is stored
    if(!dataFile.exists()){
        cis = new CipherInputStream(fis,encrypt);  
        try {
            fos = new FileOutputStream(dataFile);  
              byte[] b = new byte[8];  
              int i;
              while ((i=cis.read(b)) != -1) {  
                  fos.write(b, 0, i);  
             }                
            return fileName;
        } finally{
            try {
                if(fos != null)
                {
                 fos.flush();  
                 fos.close();  
                }
                 cis.close();  
                 fis.close(); 
            } catch (IOException e) {
                //IOException
            }
        }
    }              
    return "";

For decryption:

    CipherInputStream cis; 
    FileOutputStream fos = null;
    FileInputStream fis = null;

    File dataFile = new File(dataDir,fileName); // here I am getting encrypted file from server
    File newDataFile = new File(dataDir,fileName+"_TEMP"); // I am creating temporary decrypted file

    byte key[] = "abcdEFGH".getBytes();   
    SecretKeySpec secretKey = new SecretKeySpec(key,"DES"); 

    Cipher decrypt =  Cipher.getInstance("DES/ECB/PKCS5Padding");  
    decrypt.init(Cipher.DECRYPT_MODE, secretKey);  

    try {         
       fis = new FileInputStream(dataFile);
    } catch(Exception e) {  
        //Exception
    }  

    if(dataFile.exists()){
        cis = new CipherInputStream(fis,decrypt);  
        try {
            fos = new FileOutputStream(newDataFile);  
              byte[] b = new byte[8];  
          int i;
              while ((i=cis.read(b)) != -1) {  
                  fos.write(b, 0, i);  
             }                
            return newDataFile;
        } finally{
            try {
                if(fos != null)
                {
                 fos.flush();  
                 fos.close();                   }
                 cis.close();  
                 fis.close(); 
            } catch (IOException e) {
                //IOException
            }
        }
    }

i am using your code so now tell me how to encrypt the above xml and decrypt the response from server — , Dec 06 '11 at 06:30
check URL 1. http://developer.android.com/reference/javax/crypto/spec/SecretKeySpec.html#SecretKeySpec(byte[], java.lang.String) and 2. http://docs.oracle.com/javase/1.4.2/docs/api/javax/crypto/CipherSpi.html — Balaji Khadake, Dec 07 '11 at 06:24
but still i am not clear that what is DES and DES/ECB/PKCS5Padding?? — , Dec 07 '11 at 06:38
please tell me about instance used in encryption and decryption : DES/ECB/PKCS5Padding ? — , Dec 07 '11 at 07:52
let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/5651/discussion-between-user775-and-balaji-k) — , Dec 07 '11 at 10:13
The proposed solution is not cryptographically correct and I would seriously advise you not to follow any other advise of Balaji K (sorry, but that's how it is). DES and ECB are incorrect algorithms for this kind of encryption, and for client/server you will also need integrity and authentication control. I'll try and get back on this, will flag it in the mean time. — Maarten Bodewes, Dec 08 '11 at 00:12
There are three to four ways of performing the encryption. You cannot just perform encryption without verification in a client/server model because of padding Oracle attacks. The first way is to use simple String encryption and Mac, but basically you would be creating your own proprietary protocol. You could use XML encrypt + XML signature (as included in e.g. WS-security, but those protocols are ridden with pitfalls. Finally, you could use CMS or PGP "containers" to encrypt, although the last one is probably not a good idea. I'll make a simple example for the first method. — Maarten Bodewes, Dec 13 '11 at 14:39
Before I go on, are you sure you cannot simply enable SSL? That would be by far the most logical path to follow. Please reply before I show you how to encrypt XML/Strings, or accept the answer of Artem. — Maarten Bodewes, Dec 13 '11 at 14:52

Encrypting and decrypting xml

5 Answers5