somehow the rest of the code went astray import java.io.*; import java.security.*; import java.security.spec.*;
import javax.crypto.*; import javax.crypto.spec.*; public class PBE { public static byte[] enc(String passphrase, String source) throws Exception { String algorithm = "PBEWithMD5AndDES"; byte[] salt = new byte[8]; int iterations = 20; KeySpec ks = new PBEKeySpec(passphrase.toCharArray()); SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); SecretKey key = skf.generateSecret(ks); MessageDigest md = MessageDigest.getInstance("MD5"); md.update(passphrase.getBytes()); md.update(source.getBytes ()); byte[] digest = md.digest(); System.arraycopy(digest,0,salt,0,8); AlgorithmParameterSpec aps = new PBEParameterSpec(salt, iterations); Cipher cipher = Cipher.getInstance(algorithm); cipher.init(Cipher.ENCRYPT_MODE, key, aps); byte[] output = cipher.doFinal(source.getBytes()); byte[] result = new byte[8 + output.length]; System.arraycopy(salt, 0, result, 0, 8); System.arraycopy(output, 0, result, 8, output.length); return result; } public static byte[] dec(String passphrase, byte[] source) throws Exception { String algorithm = "PBEWithMD5AndDES"; byte[] salt = new byte[8]; int iterations = 20; KeySpec ks = new PBEKeySpec(passphrase.toCharArray()); SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); SecretKey key = skf.generateSecret(ks); System.arraycopy(source,0,salt,0,8); AlgorithmParameterSpec aps = new PBEParameterSpec(salt, iterations); Cipher cipher = Cipher.getInstance(algorithm); cipher.init(Cipher.DECRYPT_MODE, key, aps); byte[] output = cipher.doFinal(source, 8, source.length - 8); return output; } public static void main(String args[]) throws Exception { java.security.Security.addProvider(new com.sun.crypto.provider.SunJCE ()); if (args.length < 1) { System.out.println("java PBE <passphrase>"); System.exit(1); } String passphrase = args[0]; String source = "Mary had a little lamb 1234567890"; byte[] encr = enc(passphrase, source); byte[] decr = dec(passphrase, encr); System.out.println("\n\ndecrypted:"+new String(decr)+"\n\n"); } } On 5/8/07, Andrew Scott <[EMAIL PROTECTED]> wrote: > > Here is java code to do what you want.... > > As I said, java has the methods already and to write in CF is just plain > stupid. > > > import java.io.*; > import java.security.*; > import java.security.spec.*; > > import javax.crypto.*; > import javax.crypto.spec.*; > > public class PBE { > > public static byte[] enc(String passphrase, String source) throws > Exception { > > String algorithm = "PBEWithMD5AndDES"; > byte[] salt = new byte[8]; > int iterations = 20; > > KeySpec ks = new PBEKeySpec(passphrase.toCharArray()); > > > SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm); > SecretKey key = skf.generateSecret(ks); > > MessageDigest md = MessageDigest.getInstance("MD5"); > md.update(passphrase.getBytes()); > md.update(source.getBytes ()); > byte[] digest = md.digest(); > System.arraycopy(digest,0,salt,0,8); > > AlgorithmParameterSpec aps = new PBEParameterSpec(salt, iterations); > > Cipher cipher = Cipher.getInstance(algorithm); > cipher.init(Cipher.ENCRYPT_MODE, key, aps); > byte[] output = cipher.doFinal(source.getBytes()); > > byte[] result = new byte[8 + output.length]; > System.arraycopy(salt, 0, result, 0, 8); > System.arraycopy(output, 0, result, 8, output.length); > return result; > } > > > > > > On 5/8/07, Andrew Scott <[EMAIL PROTECTED]> wrote: > > > > Well sometimes reinventing the wheel is never the answer. > > > > The point is there is already Java code to do what you need, I don't > > fullt understand you requirements. But if a java programmer has given you > > information then there is obviously a connection with this already in some > > way. > > > > So maybe creating a webservice as suggested, to look at connecting to > > this java code as a service would be far better as the code already exists. > > > > But I have no idea what your environment is, where each application is > > on different servers or not so its hard to judge. But you really should look > > at leveraging exisitng code before rewrting something. > > > > > > > > On 5/8/07, Christine Davis <[EMAIL PROTECTED] > wrote: > > > > > > Dude, I'm sorry I was not clearer. I'm in an application where I need > > > to encrypt a piece of data and store it. When encrypting that data I need > > > to use a specific salt value and a specific number of iterations, I'm > > > trying > > > to get a better understanding of what a salt value is and how it should be > > > created. > > > > > > In this instance it does not make sense to have the other application > > > do the work instead of my application. If it did make sense to do that, > > > I'd > > > delete my application and be done with it > > > > > > Thanks! > > > > > > Christine Davis > > > ColdFusion Lead > > > Nations Technical Services > > > Prairie Village, KS > > > 913-748-8044 ext 4703 > > > [EMAIL PROTECTED] > > > > > > -----Original Message----- > > > From: Andrew Scott [mailto:[EMAIL PROTECTED] ] > > > Sent: Monday, May 07, 2007 11:55 AM > > > To: CF-Talk > > > Subject: Re: PBEWithMD5AndDES > > > > > > Then go back to your java developer an find out what methods of > > > communicatuon are open to you, whether it be through a url or > > > webservices. > > > Otherwise if it is convenient to you you could bring the java library > > > down > > > to you and install it on your server, provided you only use it for > > > decryption an encryption. > > > > > > On 5/8/07, Christine Davis < [EMAIL PROTECTED]> wrote: > > > > > > > > Unfortunately, the app where the code is in Java is separate from my > > > > > > > application. I'm trying to communicate with it. It is not an > > > application > > > > on my server. > > > > > > > > Christine Davis > > > > ColdFusion Lead > > > > Nations Technical Services > > > > Prairie Village, KS > > > > 913-748-8044 ext 4703 > > > > [EMAIL PROTECTED] > > > > -----Original Message----- > > > > From: Andrew Scott [mailto: [EMAIL PROTECTED] ] > > > > Sent: Monday, May 07, 2007 11:41 AM > > > > To: CF-Talk > > > > Subject: Re: PBEWithMD5AndDES > > > > > > > > If the code is already written in Java, why not look at CreateObject > > > to > > > > use > > > > it rather than rewrite it in CF? > > > > > > > > On 5/8/07, Christine Davis <[EMAIL PROTECTED]> wrote: > > > > > > > > > > Hello everyone, > > > > > > > > > > > > > > > > > > > > I'm entering the brave new world (for me) of encrypting and > > > sharing data > > > > > between a couple of different applications. We are attempting to > > > > encrypt a > > > > > password using PBEWithMD5AndDES. The Java Developer sent me the > > > > following > > > > > information: > > > > > > > > > > > > > > > > > > > > If cleartext (password) is nations1 > > > > > > > > > > then PBE encrypted is ÷ Yu5+Tpô?__ E > > > > > > > > > > and Base64 encoded is hfcJiVl1NStUcPQ/EBwgRQ== ** > > > > > > > > > > ** This (Base64) is the value to store in the external_password > > > field of > > > > > correspondence_recipient. > > > > > > > > > > > > > > > > > > > > For the example, we're using C1F9J9V5 for the password and > > > IVorSalt > > > > thing > > > > > and iterations are as follows in Java: > > > > > > > > > > > > > > > > > > > > byte[] salt = { > > > > > > > > > > (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c, > > > > > > > > > > (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99 > > > > > > > > > > }; > > > > > > > > > > int count = 20; > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > We've gotten this far: > > > > > > > > > > > > > > > > > > > > <cfscript> > > > > > > > > > > theEncrytString = "nations1"; > > > > > > > > > > thePassword = "C1F9J9V5"; > > > > > > > > > > theMethod = "PBEWithMD5AndDES"; > > > > > > > > > > theEncoding = "Base64"; > > > > > > > > > > theSalt = "???????"; //WHAT IS THIS???? HOW DO WE DO IT??? > > > > > > > > > > theIterations = 20; > > > > > > > > > > test = Encrypt(theEncrytString, thePassword, theMethod, > > > > theEncoding); > > > > > > > > > > //test = Encrypt(theEncrytString, thePassword, theMethod, > > > > > theEncoding, theSalt, theIterations); > > > > > > > > > > </cfscript> > > > > > > > > > > <cfoutput>#test#</cfoutput> > > > > > > > > > > > > > > > > > > > > Could someone please explain the IVorSalt variable, the Java code > > > above > > > > > that generates the salt byte array and what iterations are used > > > > for? Also, > > > > > I believe we need to recreate the Java code in ColdFusion for this > > > to be > > > > > shared between the two apps, how do we do that? > > > > > > > > > > > > > > > > > > > > Thanks! > > > > > > > > > > Christine Davis > > > > > ColdFusion Lead > > > > > Nations Technical Services > > > > > Prairie Village, KS > > > > > 913-748-8044 ext 4703 > > > > > [EMAIL PROTECTED] <blocked::mailto:[EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277172 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4