Monday, 5 September 2011

Too simple way to encrypt/decrypt data using Java Security API

If I write this tutorial, it is because the previous seems to be very complicated for newcomers, since it deals with many aspects at the same time. Therefore, the question I want to responds is: How can I crypt my date in a simpler way, you know, as in some languages, only by giving the text to crypt and a key to use. Is it possible in Java? Don't care, it is possible and even more, it is simple to do, and the aim of this tutorial is to prove you.  

Design
Contrary from the first tutorial, we will no longer generate a random key but create one from the string key the user will give. Therefore, we will only need two methods, one for encryption and another for decryption. 
Implementation
In this implementation we use Blowfish algorithm, but you could change it without efforts. And all this methods have been marked static, since they don’t belong to any context.
The “getEncodedString” method
We'll use this method to encode our string. The code is similar to the one I presented in the previous tutorial, but here the key is not generated but given by the user
    public static String getEncodedString(String text, String key) throws
            Exception {
        SecretKeySpec keyS = new SecretKeySpec(key.getBytes(), “Blowfish”);
        Cipher cipher = Cipher.getInstance(“Blowfish”);
        cipher.init(Cipher.ENCRYPT_MODE, keyS);
        byte[] cipherText = cipher.doFinal(text.getBytes());
        return new String(cipherText);
    }
We first start by indicate which algorithm we’ll use, we therefore initialize a cypher with our key converted to array of bytes. Notice that we initialize our cypher with the encrypt mode (Cipher.ENCRYPT_MODE). We then use the doFinal method of the cypher to encrypt String, and as with the previous method we convert result to String before returning it.
The “getDecodedString” method
This method works as the previous, the only difference is the initialization mode of the cypher.
    Public static String getDecodedString(String text, String key) throws
            Exception {
        SecretKeySpec keyS = new SecretKeySpec(key.getBytes(), “Blowfish”);
        Cipher cipher = Cipher.getInstance(“Blowfish”);
        cipher.init(Cipher.DECRYPT_MODE, keyS);
        byte[] newPlainText = cipher.doFinal(text.getBytes());
        return new String(newPlainText);
    }
As with the first method, we first start by indicate which algorithm we’ll use, we therefore initialize a cypher with our key converted to array of bytes. Notice that we initialize our cypher with the decrypt mode (Cipher.DECRYPT_MODE). We then use the doFinal method of the cypher to decrypt String, and as with the previous method we convert result to String before returning it.
Conclusion
In this very short tutorial, we have presented a way to use Java Security API to encrypt and decrypt data in a very simple way. This tutorial show a simple way to use Java Security API. But you should be asking, why have I started by showing a more complicated method before this one: It is simple due to what my friend wanted to do. He wanted a secure and simple way to encrypt its data. By using a key randomly generated, its security was reinforce. I hope, this tutorial will be helpful...