Password-Based Encryption Example
Let's write a simple class that does password-based encryption and decryption. We'll use an iteration count
of 1000, and a random 8-byte or 64-bit salt. When we write the ciphertext out, the first 64 bits will be the
salt that we need to use to create the key to decrypt it. When we decrypt, we'll use those 64 bits as the salt
and we'll only decrypt the ciphertext that begins after the 64th bit. Note that the salt isn't being kept secret
– it's just different for each batch of text that we're going to encrypt.
We want the output of the example to be displayable on the screen. To accomplish that, we're going to
BASE 64 encode the output, which transforms binary data into ASCII characters.
BASE64 Encoding
Binary data is typically stored in bytes of 8-bits. Standard ASCII is only 7 bits though, so if we want to
display binary as ASCII, we're going to lose at least one bit per byte. BASE64 encoding is a way of
overcoming this problem. 8-bit bytes are converted to 6-bit chunks and then into characters. Six bits are
used so that some control characters can be used indicating when the data ends. The encoded characters
can then be displayed on the screen and converted back into binary with no difficulty. Of course, since
we're moving from an 8-bit chunk to a 6-bit chunk, we're going to have more chunks – 3 bytes becomes 4
characters and vice-versa.
There is a BASE64 encoder and decoder in the sun.misc package. Since this is not included in a java.*
package, its location could change in a future release of Java.
For that reason, we have provided a BASE64 encoder and decoder in Appendix C of this book.
We can use it as a drop-in replacement for the sun.misc implementation, by changing the import
statement in PBE.java from:
import sun.misc.*;
to
import com.isnetworks.base64.*;
and include the BASE64 classes in the classpath.
Our code example will have two options: encryption and decryption. Encryption will require a password
and some plaintext, and decryption a password and some encrypted data. We'll create a salt for the
encryption and prepend it to the ciphertext after it's been encrypted, like so:
When decrypting, we'll take that block of encrypted data and separate it into the salt and the ciphertext.
Then we can use the password and the salt to initialize a cipher that can decrypt the ciphertext into the
original plaintext message like this:
New on the Java Boutique:
New Review:
Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling
API boasts simplicity, ease-of-integration, a well-rounded feature
set, and it's free!
New Applet:
Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA
sequences into three useful formats.
Elsewhere on internet.com:
WebDeveloper Java
Lots of Java information on webdeveloper.com
WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.
ScriptSearch Java
Hundreds of free Java code files to download.
jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.
