Here's how I do it - and I generally use "SHA" as my algorithm:
/**
* Encode a string using algorithm specified in web.xml and return the
* resulting encrypted password. If exception, the plain credentials
* string is returned
*
* @param password Password or other credentials to use in
authenticating
* this username
* @param algorithm Algorithm used to do the digest
*
* @return encrypted password
*/
public static String encodePassword(String password, String algorithm) {
byte[] unencodedPassword = password.getBytes();
MessageDigest md = null;
try {
// first create an instance, given the provider
md = MessageDigest.getInstance(algorithm);
} catch (Exception e) {
log.error("Exception: " + e);
return password;
}
md.reset();
// call the update method one or more times
// (useful when you don't know the size of your data, eg. stream)
md.update(unencodedPassword);
// now calculate the hash
byte[] encodedPassword = md.digest();
StringBuffer buf = new StringBuffer();
for (int i = 0; i < encodedPassword.length; i++) {
if (((int) encodedPassword[i] & 0xff) < 0x10) {
buf.append("0");
}
buf.append(Long.toString((int) encodedPassword[i] & 0xff, 16));
}
return buf.toString();
}
-----Original Message-----
From: Jeff Sexton [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2003 4:25 PM
To: [EMAIL PROTECTED]
Subject: Alternate password encyption code?
I need to use my own bit of java to encrypt passwords for a JDBCRealm. I
have no idea what approach is best to take with this, anyone have any
suggestions?
Thanks
Jeff Sexton
The ODS Companies
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
