Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1007
  • Last Modified:

Java Base64Encoder Class . What is the Purpose of a cipher?

Hello,  I require to create a base64Encoded Key value.  I have been looking at the following
article.

http://www.wikijava.org/wiki/Secret_Key_Cryptography_Tutorial

I then created a class to create my one off base64Encoded key (as in the attached code snippet)

On running the class it produces a string as follows:

VGVzdCBzdHJpbmcgZm9yIGNvbnZlcnNpb24gdG8gYSByZXF1aXJlZCBCYXNlNjRFbmNvZGVkIGtl
eSB2YWx1ZQ==

To me that looks like a correct Base64 Encrypted string. Therefore I'm thinking job done.

However the above referenced article discusses ciphers.
What are the ciphers being referenced here/ Do I actually need to create one when just creating the actual encryption key?

I would have thought that what my class has produced is enough & thus a key that I can use & pass onto others. Is this correct?

Thanks in advance
import java.io.UnsupportedEncodingException;
import sun.misc.BASE64Encoder;


public class KeyGenerator {
	public String keyVal;	

    public static void main(String[] args) {

    	KeyGenerator keyGen =new KeyGenerator();
    	
    	try {
    	  System.out.println("String val = " + keyGen.encrypt());
    	} catch (UnsupportedEncodingException e) {
    	    e.printStackTrace();
    	}
    	

    }
    
    //create constructor
    public KeyGenerator(){
    }
    	
    public String encrypt() throws UnsupportedEncodingException{
      String message = "Test string for conversion to a required Base64Encoded key value";	
     	
	  // Get a cipher object.
	  //Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
	  //cipher.init(Cipher.ENCRYPT_MODE, message);

	  // Gets the raw bytes to encrypt, UTF8 is needed for
	  // having a standard character set
	  byte[] stringBytes = message.getBytes("UTF8");

	  // encrypt using the cypher
	  //byte[] raw = cipher.doFinal(stringBytes);

	  // converts to base64 for easier display.
	  BASE64Encoder encoder = new BASE64Encoder();
	  String base64 = encoder.encode(stringBytes);

	  return base64;
   }	  
  	  	
	
}

Open in new window

0
speedygonzalez
Asked:
speedygonzalez
  • 8
  • 7
  • 6
  • +1
8 Solutions
 
CEHJCommented:
>>a key that I can use & pass onto others.

For what purpose? If you're talking about PKI technology, then you need to generate a key pair and give people your public key.

This only need be done once and is therefore not normally done programatically except for special purposes.
0
 
garypfirstechCommented:
I'm not sure what you're using your base64 encoded key for.  In the wiki positing that you reference, the base64 encoding is applied after the encryption and before the decryption.  It's sole purpose in that article is to make the encoded value readable.  Base64 encoding translates unreadable binary values (and everything else) into readable values.  If you're not concerned with encryption, you can ignore the encryption  part of the article and use your class as is.
0
 
objectsCommented:
The cipher is what does the actual encryption, all your code does is base64 encode a string (which is not encrypting it, nor does it use a key)
What it should be doing is encrypting that string. Then base64 is only used to convert the encrypted bytes into a string, simply for display/transport purposes. Its not actually part of the encryption
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
objectsCommented:
> To me that looks like a correct Base64 Encrypted string

its just a base64 string :)
and easily decoded
0
 
objectsCommented:
The string encrypted with the (DES) cipher on the other hand  requires a key to decrypt it
0
 
speedygonzalezAuthor Commented:
Hi All, Thanks for the help.

Sorry, I note there are still some questions among your responses.

What I need to do is the following:

- Create a Base64SecretKey to use in an encryption process. This Base64SecretKey  is stored on my system & I give it to a customer

How I use it:
I encrypt a string of data on my side as follows:
- The Base64EncodedKey is deoded to get my secretkey
- This secretkey is then used to encrypt a string (using an AES/CBC/PKCS5Padding algorithm) to get Cipher text
- I then encode the CipherText to base64 to create a Base64CipherText
- I pass this to my customer

The customer decodes the Base64CipherText using the same process (in reverse) with the Base64SecretKey I have provided to them as the secretkey.


What I need to do first of all is the create the Base64SecretKey.  Is what I am doing as per my original question enough?  I.E. if I encode a string (or a random alphanumeric string if I create one) to Base64. Can that then be used as my Base64SecretKey?

Can a Base64SecretKey just be an aplhanumeric string (encoded to base64). Or does it require something else?

Thanks again!

 
0
 
CEHJCommented:
>>This Base64SecretKey  is stored on my system & I give it to a customer

That's insecure, as the key can be intercepted/copied. You should do it the secure way using PKI, which means using the customer's public key (which anyone can have) to encrypt. Only the customer can decrypt it (with his private key)
0
 
objectsCommented:
> I.E. if I encode a string (or a random alphanumeric string if I create one) to Base64. Can that then be used as my Base64SecretKey?

theres no point, you may as well just use the original string.
base64 is an insecure means to convert between byte array and string as I explained above.

Its the encrypted bytes you want to use base64 encoding on (to turn it to a string for easier management).
0
 
speedygonzalezAuthor Commented:
Hi Objects.

Thanks for the advice.  I'm still confused to be honest though.  

The process detailed above is what was defined by the analyst so I'm going to just create what was asked for

I bascially just have to create a Base64Secretkey
is what I am doing enough (to give them a Base64Encoded string as a key). Or does a key have to be something else?
What makes a Base64Secretkey different from a Base64 Encoded String? If is it a one off string that I made up & encoded to Base64, is this enough to forma  key?

Thanks again!
0
 
CEHJCommented:
The 'analyst' has defined a procedure that's not secure.

You can actually forget the base64 element - that's obviously confusing you - as it's just an implementation detail.

You have to give a key to a customer (that's the insecure bit), which they will use to decode something that's been encoded with it. That's all there is to it.
0
 
objectsCommented:
> What makes a Base64Secretkey different from a Base64 Encoded String? If is it a one off string that I made up & encoded to Base64, is this enough to forma  key?

Its the base64 encoded byte arrayt representation of the key that you have generated
see "Generate the encryption key" in the example
your code does not generate any key
0
 
speedygonzalezAuthor Commented:
Thanks CEHJ & sorry guys if I'm coming off a bit dumb on this.


My whole question come down to the following: Can the key be anything at all then as long as it is Base64 encrypted? I.E. can I just make up a string or some other value and say to use it as a key?

Whether the analyst is right or wrong I don't mind for now.  As he has asked for a Base64SecretKey. Can I just Base64 encrypt a string and say that's the Base64SecretKey. Or Is a Base64SecretKey soemthing else?  I'm not familiar with SecretKey's at all & just wonder if that's all I need to do for this defined process

Thanks again.  Much appreciated!
0
 
objectsCommented:
something like this:

      KeyGenerator generator = KeyGenerator.getInstance("DES");
      generator.init(new SecureRandom());
      Key key = generator.generateKey();
        byte[] keyBytes = key.getEncoded();
        BASE64Encoder encoder = new BASE64Encoder();
        String base64key = encoder.encode(keyBytes);
0
 
objectsCommented:
> Can the key be anything at all then as long as it is Base64 encrypted?

no, see my earlier comments

> I.E. can I just make up a string or some other value and say to use it as a key?

again no, see the code I posted above for generating a key
0
 
speedygonzalezAuthor Commented:
Thanks Objects,  That's a very good help. It's much clearer now.

I'll get cracking on code to generate a key & will let u all know how I get on.

Cheers.
0
 
CEHJCommented:
>>KeyGenerator generator = KeyGenerator.getInstance("DES");

in your case, that should be
KeyGenerator generator = KeyGenerator.getInstance("AES");

Open in new window

0
 
speedygonzalezAuthor Commented:
Hi All,

Thanks for all the help. I can create an encryption a a secret key now & then base encrypt it using Objects advice.

One final question I have is:
is there a recommend algorithm I should use for my sSecretkey creation?

The following are documented

http://download.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppA

Would DESede for example be better to use than DES or does this even matter?

Thanks
0
 
speedygonzalezAuthor Commented:
Ah sorry, just seen your response CEHJ now also (hadn't refreshed my page).

Is AES the best one to use then?

Thanks All.
0
 
CEHJCommented:
>>Would DESede for example be better to use than DES or does this even matter?

You wouldn't use either. You've already specified AES:

>>- This secretkey is then used to encrypt a string (using an AES/CBC/PKCS5Padding algorithm) to get Cipher text

You'd use the code i just posted
0
 
speedygonzalezAuthor Commented:
Thanks CEHJ, oh I see. If AES/CBC/PKCS5Padding is required then "AES" is the required algorithm for the secret key used?

Thanks
0
 
CEHJCommented:
Yes
0
 
speedygonzalezAuthor Commented:
Thans Guys. Will award the points to objects & CEHJ.

Thanks all. I've learned a good bit about encryption from this as well!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 8
  • 7
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now