Mark
asked on
need to encrypt password
I am trying to encrypt a password in Java/jsp. I have not really found a straightforward example searching EE. Can someone give me a sample code fragment to do this? Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks ysnky, that 1st example was the shortest, simplest example I've come across. I'll leave this question open for a bit in case someone thinks this technique is a bad idea. I'm used to languages where encrypting things is more-or-less built in, so all of this "digesting" business is new for me.
Here it is for reference:
private byte[] pwCrypt(String pw)
{
java.security.MessageDiges
d = java.security.MessageDiges
d.reset();
d.update(pw.getBytes());
return d.digest();
}
Here it is for reference:
private byte[] pwCrypt(String pw)
{
java.security.MessageDiges
d = java.security.MessageDiges
d.reset();
d.update(pw.getBytes());
return d.digest();
}
Just to clarify... This example you posted is actually hashing the password. If you need to decrypt it back to the original String, you won't be able to.
But I guess you won't really need to to that!
But I guess you won't really need to to that!
ASKER
brunoguimaraes: Yes, all I want is one-way encryption. I've got to be honest, Java's "encryption" methods are the most complex and over-engineered things I've ever seen. Unix/Linux gives C a simple one-liner call: *crypt(const char *key, const char *salt);, and you can get even fancier using md5sum, also implemented as a single line of code. I don't see why Java had to implemented it at the professional crytographer level for simple things like one-way password one-way!
Now, it seems, it is a bit of a chore to convert byte[]'s to Strings, which I need to save me results. AND, someone said that digest() function might not return printable characaters (does that matter for a Java string?). So, I am trying to figure out how to get a String. Even your initial example, brunoguimaraes, eft me with byte[]s. I'm getting ready to forget about it and just use password.hashCode(), which might be good enough.
If someone can give me a SIMPLE byte[] to String conversion, I will be glad to split points.
Now, it seems, it is a bit of a chore to convert byte[]'s to Strings, which I need to save me results. AND, someone said that digest() function might not return printable characaters (does that matter for a Java string?). So, I am trying to figure out how to get a String. Even your initial example, brunoguimaraes, eft me with byte[]s. I'm getting ready to forget about it and just use password.hashCode(), which might be good enough.
If someone can give me a SIMPLE byte[] to String conversion, I will be glad to split points.
String orgStr = "experts";
byte[] bAry = orgStr.getBytes("UTF8");
String newStr = new String(bAry, "UTF8");
System.out.println("org str:" + orgStr + ", new str:" + newStr);
byte[] bAry = orgStr.getBytes("UTF8");
String newStr = new String(bAry, "UTF8");
System.out.println("org str:" + orgStr + ", new str:" + newStr);
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ysnky: your suggestion (if I did it right) gabe me an exception. Not sure why:
An error occurred at line: 15 in the jsp file: /include/crypt.inc
Unhandled exception type UnsupportedEncodingExcepti
12: e.printStackTrace();
13: }
14:
15: return new String(d.digest(), "UTF8");
brunoguimaraes: I've downloaded the class you linked, but I'm new at this. Where do I install it? There isn't a 'make' or 'install' file giving instructions.
An error occurred at line: 15 in the jsp file: /include/crypt.inc
Unhandled exception type UnsupportedEncodingExcepti
12: e.printStackTrace();
13: }
14:
15: return new String(d.digest(), "UTF8");
brunoguimaraes: I've downloaded the class you linked, but I'm new at this. Where do I install it? There isn't a 'make' or 'install' file giving instructions.
ASKER
You know what guys, this is way too much work for what should be simple. I'm leery of download a class that probably won't exist in "vanilla" installations.
When I use ysnky's referenced code and do return new String(digestedBytes); I get a 10 digit string, just like using hasCode (though possibly a different 10 bytes). So I'm just gonna do:
private String pwCrypt(String pw)
{
return "" + pw.hashCode();
}
This gives me 9 1/2 signed digits for 4 billion possible combinations. Finite, to be sure, but good enough.
When I use ysnky's referenced code and do return new String(digestedBytes); I get a 10 digit string, just like using hasCode (though possibly a different 10 bytes). So I'm just gonna do:
private String pwCrypt(String pw)
{
return "" + pw.hashCode();
}
This gives me 9 1/2 signed digits for 4 billion possible combinations. Finite, to be sure, but good enough.
I know you'll use hashCode(), but here's a function to convert an array of bytes to an hexadecimal String (no downloads needed):
public static String toHexString(byte[] bytes) {
if( bytes == null ) return null;
String hexDigits = "0123456789abcdef";
StringBuffer sbuffer = new StringBuffer();
for (int i = 0; i < bytes.length; i++) {
int j = ((int) bytes[i]) & 0xFF;
sbuffer.append(hexDigits.c
sbuffer.append(hexDigits.c
}
return sbuffer.toString();
}
public static String toHexString(byte[] bytes) {
if( bytes == null ) return null;
String hexDigits = "0123456789abcdef";
StringBuffer sbuffer = new StringBuffer();
for (int i = 0; i < bytes.length; i++) {
int j = ((int) bytes[i]) & 0xFF;
sbuffer.append(hexDigits.c
sbuffer.append(hexDigits.c
}
return sbuffer.toString();
}
hey jmarkfoley, where did you get exception, send the full code?
Open in new window