6 Replies Latest reply: Jul 25, 2014 10:24 AM by rp0428 RSS

    How to transfer a cipher

    itichy

      Hi, I want to encrypt a file and decrypt it on another host.

      For decryption on another host I guess I need to transfer the cipher... how can this be done? How can you write a Cipher to disk?
      Or am I completely on a wron track?

      The following code is doing it already on one host:

       

      package test;

      import java.io.FileInputStream;
      import java.io.FileOutputStream;
      import java.io.ObjectInputStream;
      import java.io.ObjectOutputStream;
      import java.io.Serializable;
      import java.security.Provider;

      import javax.crypto.*;
      import javax.crypto.spec.DESKeySpec;

      // Source: http://stackoverflow.com/questions/16390526/using-des-to-encrypt-and-decrypt-a-file-in-java

      public class DesTest {

      public static void main(String[] args) {
        // TODO Auto-generated method stub

       
        // Create a new key to encrypt and decrypt the file
        byte[] key = "password".getBytes();

        // Get a cipher object in encrypt mode
        Cipher cipher = null;
        try {
            DESKeySpec dks = new DESKeySpec(key);
            SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
            SecretKey desKey = skf.generateSecret(dks);
            cipher = Cipher.getInstance("DES");
            cipher.init(Cipher.ENCRYPT_MODE, desKey);
        } catch (Exception e) {
            System.err.println("[CRITICAL] Incryption chiper error");
        }

        // Encrypt the file
        try {  
         FileOutputStream fos = new FileOutputStream("test");
         CipherOutputStream cos = new CipherOutputStream(fos, cipher);
         ObjectOutputStream oos = new ObjectOutputStream(cos);
         oos.writeObject("Secret line1...\nline2...");
         oos.flush();
         oos.close();
       
        } catch (Exception e) {
            System.err.println("[CRITICAL] Error encrypting data: " + e.getMessage());
            e.printStackTrace();
        }

        // Get a cipher object in decrypt mode
        try {
            DESKeySpec dks = new DESKeySpec(key);
            SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
            SecretKey desKey = skf.generateSecret(dks);
            cipher = Cipher.getInstance("DES");
            cipher.init(Cipher.DECRYPT_MODE, desKey);
        } catch (Exception ex) {
            System.err.println("[CRITICAL] Incryption chiper error");
        }

        // Decrypt the file
        try {
            System.out.println((String) new ObjectInputStream(new CipherInputStream(new FileInputStream("test"), cipher)).readObject());
        } catch (Exception e) {
            System.err.println("[CRITICAL] Error decrypting data: " + e.getMessage());
            e.printStackTrace();
        }
      }

      }

        • 1. Re: How to transfer a cipher
          aksarben

          I assume you mean you want to send the encryption key from the sender to the receiver? The short answer is yes, it's possible. But this is more of a management problem than a technical one. The key is just data, like any other data, but it's "special" in that it represents the "keys to the kingdom" so must be protected against interception/theft.

           

          An alternative approach is public key cryptography (Google knows all about it), which removes the need to send the key, reducing your risk.

          • 2. Re: How to transfer a cipher
            EJP

            You're completely on the wrong track. If you can find a secure way to transfer the cipher key, you therefore have a secure way to transfer the data without encrypting it at all.

             

            The name of the secure way is SSL.

            • 3. Re: How to transfer a cipher
              itichy

              Thanks for the replies so far.

              What would be best practice for an application to encrypt/decrypt its configuration data on local disk? The key would need to be within the application code.

              • 4. Re: How to transfer a cipher
                rp0428
                What would be best practice for an application to encrypt/decrypt its configuration data on local disk? The key would need to be within the application code.

                Why don't you just tell us what PROBLEM you are trying to solve?

                 

                Everything you have mentioned so far has giant, gaping holes in it.

                 

                Why does 'configuration data' need to be encrypted? If your 'application code' is in Java what will prevent someone from just decompiling it to find the key?

                • 5. Re: How to transfer a cipher
                  itichy

                  Sorry for the confusing way of asking. Basically I want to store application data encrypted on the file system. Security must not be at maximum, I just want to avoid plain text files.

                  My sample program (see above) can do this, but the cipher is volatile and lost after application restart. A solution (sufficient for me) would be to store the cipher in the code. But here I don't know how to do it.

                   

                  Or what is the best practice to store application data?

                  • 6. Re: How to transfer a cipher
                    rp0428

                    Your code above already stores the password in the code. Take the password out of the code and give it to your users.

                     

                    Then when they run your application you can 'prompt' them to enter the password. Or you can have them provide the password on the command-line when they launch your application,.