Encryption : Encryption is the science of encoding and decoding secret messages.The message or information (referred to as plain text) is encrypted using an encryption algorithm, turning it into an unreadable cipher text . This is usually done with the use of an encryption key, which specifies how the message is to be encoded. Any adversary that can see the cipher text should not be able to determine anything about the original message. An authorized party, however, is able to decode the cipher text using a decryption algorithm, that usually requires a secret decryption key, that adversaries do not have access to.
Here is the idea,how this can be done , for example password encryption.
- First accept user password.
- Encrypt password using random salt.
- Store the salt and encrypted password.
- For verification accept password from user.
- Fetch and decode salt for user.Already stored above.
- Encrypt user entered password using decoded salt.
- Now compare encrypted password with already stored encrypted password.Then take the action accordingly.
Below code demonstrates how to encrypt strings(password) using java.
package com.test;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
/**
* This class contains code for encryption demo.
*
* @author Jagdev
*
*/
public class EncryptionTest {
/**
* @param args
* @throws NoSuchAlgorithmException
* @throws IOException
*/
public static void main(String[] args) throws NoSuchAlgorithmException,
IOException {
// String password
String password = "Jagdev";
// Hash function iterations
int iterationNb = 5000;
// SecureRandom object that implements the SHA1PRNG Random Number
// Generator (RNG) algorithm
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
// Salt generation 64 bits long
byte[] bSalt = new byte[8];
random.nextBytes(bSalt);
MessageDigest digest = MessageDigest.getInstance("SHA-1");
digest.update(bSalt);
byte[] input = digest.digest(password.getBytes("UTF-8"));
for (int i = 0; i < iterationNb; i++) {
input = digest.digest(input);
}
BASE64Encoder endecoder = new BASE64Encoder();
// encode the password using BASE64Encoder
String encodedPassword = endecoder.encode(input);
System.out.println("Encoded password is " + encodedPassword);
System.out.println("Salt is = " + new String(bSalt));
// encode the salt using BASE64Encoder
String encodedSalt = endecoder.encode(bSalt);
//Code for encode string using decoded salt.
BASE64Decoder decoder = new BASE64Decoder();
// decode the encodedSalt
byte[] decodedSalt = decoder.decodeBuffer(encodedSalt);
// reset the digest
digest.reset();
// update the digest using decoded salt
digest.update(decodedSalt);
input = digest.digest(password.getBytes("UTF-8"));
for (int i = 0; i < iterationNb; i++) {
input = digest.digest(input);
}
String encodedpassword = endecoder.encode(input);
System.out.println("Encoded password is " + encodedpassword);
System.out.println("Decoded salt is = " + new String(decodedSalt));
}
}
No comments:
Post a Comment