Solved

Java Base64Encoder Class . What is the Purpose of a cipher?

Posted on 2011-02-15
22
937 Views
Last Modified: 2012-05-11
Hello,  I require to create a base64Encoded Key value.  I have been looking at the following
article.

http://www.wikijava.org/wiki/Secret_Key_Cryptography_Tutorial

I then created a class to create my one off base64Encoded key (as in the attached code snippet)

On running the class it produces a string as follows:

VGVzdCBzdHJpbmcgZm9yIGNvbnZlcnNpb24gdG8gYSByZXF1aXJlZCBCYXNlNjRFbmNvZGVkIGtl
eSB2YWx1ZQ==

To me that looks like a correct Base64 Encrypted string. Therefore I'm thinking job done.

However the above referenced article discusses ciphers.
What are the ciphers being referenced here/ Do I actually need to create one when just creating the actual encryption key?

I would have thought that what my class has produced is enough & thus a key that I can use & pass onto others. Is this correct?

Thanks in advance
import java.io.UnsupportedEncodingException;
import sun.misc.BASE64Encoder;


public class KeyGenerator {
	public String keyVal;	

    public static void main(String[] args) {

    	KeyGenerator keyGen =new KeyGenerator();
    	
    	try {
    	  System.out.println("String val = " + keyGen.encrypt());
    	} catch (UnsupportedEncodingException e) {
    	    e.printStackTrace();
    	}
    	

    }
    
    //create constructor
    public KeyGenerator(){
    }
    	
    public String encrypt() throws UnsupportedEncodingException{
      String message = "Test string for conversion to a required Base64Encoded key value";	
     	
	  // Get a cipher object.
	  //Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
	  //cipher.init(Cipher.ENCRYPT_MODE, message);

	  // Gets the raw bytes to encrypt, UTF8 is needed for
	  // having a standard character set
	  byte[] stringBytes = message.getBytes("UTF8");

	  // encrypt using the cypher
	  //byte[] raw = cipher.doFinal(stringBytes);

	  // converts to base64 for easier display.
	  BASE64Encoder encoder = new BASE64Encoder();
	  String base64 = encoder.encode(stringBytes);

	  return base64;
   }	  
  	  	
	
}

Open in new window

0
Comment
Question by:speedygonzalez
  • 8
  • 7
  • 6
  • +1
22 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 34900006
>>a key that I can use & pass onto others.

For what purpose? If you're talking about PKI technology, then you need to generate a key pair and give people your public key.

This only need be done once and is therefore not normally done programatically except for special purposes.
0
 
LVL 7

Expert Comment

by:garypfirstech
ID: 34900122
I'm not sure what you're using your base64 encoded key for.  In the wiki positing that you reference, the base64 encoding is applied after the encryption and before the decryption.  It's sole purpose in that article is to make the encoded value readable.  Base64 encoding translates unreadable binary values (and everything else) into readable values.  If you're not concerned with encryption, you can ignore the encryption  part of the article and use your class as is.
0
 
LVL 92

Accepted Solution

by:
objects earned 313 total points
ID: 34901604
The cipher is what does the actual encryption, all your code does is base64 encode a string (which is not encrypting it, nor does it use a key)
What it should be doing is encrypting that string. Then base64 is only used to convert the encrypted bytes into a string, simply for display/transport purposes. Its not actually part of the encryption
0
 
LVL 92

Expert Comment

by:objects
ID: 34901622
> To me that looks like a correct Base64 Encrypted string

its just a base64 string :)
and easily decoded
0
 
LVL 92

Expert Comment

by:objects
ID: 34901637
The string encrypted with the (DES) cipher on the other hand  requires a key to decrypt it
0
 

Author Comment

by:speedygonzalez
ID: 34905235
Hi All, Thanks for the help.

Sorry, I note there are still some questions among your responses.

What I need to do is the following:

- Create a Base64SecretKey to use in an encryption process. This Base64SecretKey  is stored on my system & I give it to a customer

How I use it:
I encrypt a string of data on my side as follows:
- The Base64EncodedKey is deoded to get my secretkey
- This secretkey is then used to encrypt a string (using an AES/CBC/PKCS5Padding algorithm) to get Cipher text
- I then encode the CipherText to base64 to create a Base64CipherText
- I pass this to my customer

The customer decodes the Base64CipherText using the same process (in reverse) with the Base64SecretKey I have provided to them as the secretkey.


What I need to do first of all is the create the Base64SecretKey.  Is what I am doing as per my original question enough?  I.E. if I encode a string (or a random alphanumeric string if I create one) to Base64. Can that then be used as my Base64SecretKey?

Can a Base64SecretKey just be an aplhanumeric string (encoded to base64). Or does it require something else?

Thanks again!

 
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 34905265
>>This Base64SecretKey  is stored on my system & I give it to a customer

That's insecure, as the key can be intercepted/copied. You should do it the secure way using PKI, which means using the customer's public key (which anyone can have) to encrypt. Only the customer can decrypt it (with his private key)
0
 
LVL 92

Assisted Solution

by:objects
objects earned 313 total points
ID: 34905342
> I.E. if I encode a string (or a random alphanumeric string if I create one) to Base64. Can that then be used as my Base64SecretKey?

theres no point, you may as well just use the original string.
base64 is an insecure means to convert between byte array and string as I explained above.

Its the encrypted bytes you want to use base64 encoding on (to turn it to a string for easier management).
0
 

Author Comment

by:speedygonzalez
ID: 34905494
Hi Objects.

Thanks for the advice.  I'm still confused to be honest though.  

The process detailed above is what was defined by the analyst so I'm going to just create what was asked for

I bascially just have to create a Base64Secretkey
is what I am doing enough (to give them a Base64Encoded string as a key). Or does a key have to be something else?
What makes a Base64Secretkey different from a Base64 Encoded String? If is it a one off string that I made up & encoded to Base64, is this enough to forma  key?

Thanks again!
0
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 187 total points
ID: 34905535
The 'analyst' has defined a procedure that's not secure.

You can actually forget the base64 element - that's obviously confusing you - as it's just an implementation detail.

You have to give a key to a customer (that's the insecure bit), which they will use to decode something that's been encoded with it. That's all there is to it.
0
 
LVL 92

Assisted Solution

by:objects
objects earned 313 total points
ID: 34905571
> What makes a Base64Secretkey different from a Base64 Encoded String? If is it a one off string that I made up & encoded to Base64, is this enough to forma  key?

Its the base64 encoded byte arrayt representation of the key that you have generated
see "Generate the encryption key" in the example
your code does not generate any key
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:speedygonzalez
ID: 34905587
Thanks CEHJ & sorry guys if I'm coming off a bit dumb on this.


My whole question come down to the following: Can the key be anything at all then as long as it is Base64 encrypted? I.E. can I just make up a string or some other value and say to use it as a key?

Whether the analyst is right or wrong I don't mind for now.  As he has asked for a Base64SecretKey. Can I just Base64 encrypt a string and say that's the Base64SecretKey. Or Is a Base64SecretKey soemthing else?  I'm not familiar with SecretKey's at all & just wonder if that's all I need to do for this defined process

Thanks again.  Much appreciated!
0
 
LVL 92

Assisted Solution

by:objects
objects earned 313 total points
ID: 34905596
something like this:

      KeyGenerator generator = KeyGenerator.getInstance("DES");
      generator.init(new SecureRandom());
      Key key = generator.generateKey();
        byte[] keyBytes = key.getEncoded();
        BASE64Encoder encoder = new BASE64Encoder();
        String base64key = encoder.encode(keyBytes);
0
 
LVL 92

Assisted Solution

by:objects
objects earned 313 total points
ID: 34905610
> Can the key be anything at all then as long as it is Base64 encrypted?

no, see my earlier comments

> I.E. can I just make up a string or some other value and say to use it as a key?

again no, see the code I posted above for generating a key
0
 

Author Comment

by:speedygonzalez
ID: 34905670
Thanks Objects,  That's a very good help. It's much clearer now.

I'll get cracking on code to generate a key & will let u all know how I get on.

Cheers.
0
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 187 total points
ID: 34905694
>>KeyGenerator generator = KeyGenerator.getInstance("DES");

in your case, that should be
KeyGenerator generator = KeyGenerator.getInstance("AES");

Open in new window

0
 

Author Comment

by:speedygonzalez
ID: 34905919
Hi All,

Thanks for all the help. I can create an encryption a a secret key now & then base encrypt it using Objects advice.

One final question I have is:
is there a recommend algorithm I should use for my sSecretkey creation?

The following are documented

http://download.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA

Would DESede for example be better to use than DES or does this even matter?

Thanks
0
 

Author Comment

by:speedygonzalez
ID: 34905934
Ah sorry, just seen your response CEHJ now also (hadn't refreshed my page).

Is AES the best one to use then?

Thanks All.
0
 
LVL 86

Assisted Solution

by:CEHJ
CEHJ earned 187 total points
ID: 34905948
>>Would DESede for example be better to use than DES or does this even matter?

You wouldn't use either. You've already specified AES:

>>- This secretkey is then used to encrypt a string (using an AES/CBC/PKCS5Padding algorithm) to get Cipher text

You'd use the code i just posted
0
 

Author Comment

by:speedygonzalez
ID: 34906052
Thanks CEHJ, oh I see. If AES/CBC/PKCS5Padding is required then "AES" is the required algorithm for the secret key used?

Thanks
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 34906153
Yes
0
 

Author Comment

by:speedygonzalez
ID: 34906391
Thans Guys. Will award the points to objects & CEHJ.

Thanks all. I've learned a good bit about encryption from this as well!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now