somehow the rest of the code went astray
import java.io.*;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class PBE {
public static byte[] enc(String passphrase, String source) throws
Exception {
String algorithm = "PBEWithMD5AndDES";
byte[] salt = new byte[8];
int iterations = 20;
KeySpec ks = new PBEKeySpec(passphrase.toCharArray());
SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm);
SecretKey key = skf.generateSecret(ks);
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(passphrase.getBytes());
md.update(source.getBytes ());
byte[] digest = md.digest();
System.arraycopy(digest,0,salt,0,8);
AlgorithmParameterSpec aps = new PBEParameterSpec(salt, iterations);
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, key, aps);
byte[] output = cipher.doFinal(source.getBytes());
byte[] result = new byte[8 + output.length];
System.arraycopy(salt, 0, result, 0, 8);
System.arraycopy(output, 0, result, 8, output.length);
return result;
}
public static byte[] dec(String passphrase, byte[] source) throws
Exception {
String algorithm = "PBEWithMD5AndDES";
byte[] salt = new byte[8];
int iterations = 20;
KeySpec ks = new PBEKeySpec(passphrase.toCharArray());
SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm);
SecretKey key = skf.generateSecret(ks);
System.arraycopy(source,0,salt,0,8);
AlgorithmParameterSpec aps = new PBEParameterSpec(salt, iterations);
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.DECRYPT_MODE, key, aps);
byte[] output = cipher.doFinal(source, 8, source.length - 8);
return output;
}
public static void main(String args[]) throws Exception {
java.security.Security.addProvider(new com.sun.crypto.provider.SunJCE
());
if (args.length < 1) {
System.out.println("java PBE <passphrase>");
System.exit(1);
}
String passphrase = args[0];
String source = "Mary had a little lamb 1234567890";
byte[] encr = enc(passphrase, source);
byte[] decr = dec(passphrase, encr);
System.out.println("\n\ndecrypted:"+new String(decr)+"\n\n");
}
}
On 5/8/07, Andrew Scott <[EMAIL PROTECTED]> wrote:
>
> Here is java code to do what you want....
>
> As I said, java has the methods already and to write in CF is just plain
> stupid.
>
>
> import java.io.*;
> import java.security.*;
> import java.security.spec.*;
>
> import javax.crypto.*;
> import javax.crypto.spec.*;
>
> public class PBE {
>
> public static byte[] enc(String passphrase, String source) throws
> Exception {
>
> String algorithm = "PBEWithMD5AndDES";
> byte[] salt = new byte[8];
> int iterations = 20;
>
> KeySpec ks = new PBEKeySpec(passphrase.toCharArray());
>
>
> SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm);
> SecretKey key = skf.generateSecret(ks);
>
> MessageDigest md = MessageDigest.getInstance("MD5");
> md.update(passphrase.getBytes());
> md.update(source.getBytes ());
> byte[] digest = md.digest();
> System.arraycopy(digest,0,salt,0,8);
>
> AlgorithmParameterSpec aps = new PBEParameterSpec(salt, iterations);
>
> Cipher cipher = Cipher.getInstance(algorithm);
> cipher.init(Cipher.ENCRYPT_MODE, key, aps);
> byte[] output = cipher.doFinal(source.getBytes());
>
> byte[] result = new byte[8 + output.length];
> System.arraycopy(salt, 0, result, 0, 8);
> System.arraycopy(output, 0, result, 8, output.length);
> return result;
> }
>
>
>
>
>
> On 5/8/07, Andrew Scott <[EMAIL PROTECTED]> wrote:
> >
> > Well sometimes reinventing the wheel is never the answer.
> >
> > The point is there is already Java code to do what you need, I don't
> > fullt understand you requirements. But if a java programmer has given you
> > information then there is obviously a connection with this already in some
> > way.
> >
> > So maybe creating a webservice as suggested, to look at connecting to
> > this java code as a service would be far better as the code already exists.
> >
> > But I have no idea what your environment is, where each application is
> > on different servers or not so its hard to judge. But you really should look
> > at leveraging exisitng code before rewrting something.
> >
> >
> >
> > On 5/8/07, Christine Davis <[EMAIL PROTECTED] > wrote:
> > >
> > > Dude, I'm sorry I was not clearer. I'm in an application where I need
> > > to encrypt a piece of data and store it. When encrypting that data I need
> > > to use a specific salt value and a specific number of iterations, I'm
> > > trying
> > > to get a better understanding of what a salt value is and how it should be
> > > created.
> > >
> > > In this instance it does not make sense to have the other application
> > > do the work instead of my application. If it did make sense to do that,
> > > I'd
> > > delete my application and be done with it
> > >
> > > Thanks!
> > >
> > > Christine Davis
> > > ColdFusion Lead
> > > Nations Technical Services
> > > Prairie Village, KS
> > > 913-748-8044 ext 4703
> > > [EMAIL PROTECTED]
> > >
> > > -----Original Message-----
> > > From: Andrew Scott [mailto:[EMAIL PROTECTED] ]
> > > Sent: Monday, May 07, 2007 11:55 AM
> > > To: CF-Talk
> > > Subject: Re: PBEWithMD5AndDES
> > >
> > > Then go back to your java developer an find out what methods of
> > > communicatuon are open to you, whether it be through a url or
> > > webservices.
> > > Otherwise if it is convenient to you you could bring the java library
> > > down
> > > to you and install it on your server, provided you only use it for
> > > decryption an encryption.
> > >
> > > On 5/8/07, Christine Davis < [EMAIL PROTECTED]> wrote:
> > > >
> > > > Unfortunately, the app where the code is in Java is separate from my
> > >
> > > > application. I'm trying to communicate with it. It is not an
> > > application
> > > > on my server.
> > > >
> > > > Christine Davis
> > > > ColdFusion Lead
> > > > Nations Technical Services
> > > > Prairie Village, KS
> > > > 913-748-8044 ext 4703
> > > > [EMAIL PROTECTED]
> > > > -----Original Message-----
> > > > From: Andrew Scott [mailto: [EMAIL PROTECTED] ]
> > > > Sent: Monday, May 07, 2007 11:41 AM
> > > > To: CF-Talk
> > > > Subject: Re: PBEWithMD5AndDES
> > > >
> > > > If the code is already written in Java, why not look at CreateObject
> > > to
> > > > use
> > > > it rather than rewrite it in CF?
> > > >
> > > > On 5/8/07, Christine Davis <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > Hello everyone,
> > > > >
> > > > >
> > > > >
> > > > > I'm entering the brave new world (for me) of encrypting and
> > > sharing data
> > > > > between a couple of different applications. We are attempting to
> > > > encrypt a
> > > > > password using PBEWithMD5AndDES. The Java Developer sent me the
> > > > following
> > > > > information:
> > > > >
> > > > >
> > > > >
> > > > > If cleartext (password) is nations1
> > > > >
> > > > > then PBE encrypted is
÷ Yu5+Tpô?__ E
> > > > >
> > > > > and Base64 encoded is hfcJiVl1NStUcPQ/EBwgRQ== **
> > > > >
> > > > > ** This (Base64) is the value to store in the external_password
> > > field of
> > > > > correspondence_recipient.
> > > > >
> > > > >
> > > > >
> > > > > For the example, we're using C1F9J9V5 for the password and
> > > IVorSalt
> > > > thing
> > > > > and iterations are as follows in Java:
> > > > >
> > > > >
> > > > >
> > > > > byte[] salt = {
> > > > >
> > > > > (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,
> > > > >
> > > > > (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99
> > > > >
> > > > > };
> > > > >
> > > > > int count = 20;
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > We've gotten this far:
> > > > >
> > > > >
> > > > >
> > > > > <cfscript>
> > > > >
> > > > > theEncrytString = "nations1";
> > > > >
> > > > > thePassword = "C1F9J9V5";
> > > > >
> > > > > theMethod = "PBEWithMD5AndDES";
> > > > >
> > > > > theEncoding = "Base64";
> > > > >
> > > > > theSalt = "???????"; //WHAT IS THIS???? HOW DO WE DO IT???
> > > > >
> > > > > theIterations = 20;
> > > > >
> > > > > test = Encrypt(theEncrytString, thePassword, theMethod,
> > > > theEncoding);
> > > > >
> > > > > //test = Encrypt(theEncrytString, thePassword, theMethod,
> > > > > theEncoding, theSalt, theIterations);
> > > > >
> > > > > </cfscript>
> > > > >
> > > > > <cfoutput>#test#</cfoutput>
> > > > >
> > > > >
> > > > >
> > > > > Could someone please explain the IVorSalt variable, the Java code
> > > above
> > > > > that generates the salt byte array and what iterations are used
> > > > for? Also,
> > > > > I believe we need to recreate the Java code in ColdFusion for this
> > > to be
> > > > > shared between the two apps, how do we do that?
> > > > >
> > > > >
> > > > >
> > > > > Thanks!
> > > > >
> > > > > Christine Davis
> > > > > ColdFusion Lead
> > > > > Nations Technical Services
> > > > > Prairie Village, KS
> > > > > 913-748-8044 ext 4703
> > > > > [EMAIL PROTECTED] <blocked::mailto:[EMAIL PROTECTED]
> > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Create Web Applications With ColdFusion MX7 & Flex 2.
Build powerful, scalable RIAs. Free Trial
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJS
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:277172
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
