Java – encrypt / decrypt user name and password from a configuration file

by

As I understand anyhow in order to call 3rd party web service you pass password as plain text and no security certificates are involved.

Then I would say the easiest approach would be to store password in encrypted format (via java encryption mechanism) when the encryption/decryption key is just hard coded in the code.

I would definitely store it on the server side (file system or db) rather then distribute and maintain it on the multiple clients.

Here is how that could work with “DES” encryption:

// only the first 8 Bytes of the constructor argument are used 
// as material for generating the keySpec
DESKeySpec keySpec = new DESKeySpec("YourSecr".getBytes("UTF8")); 
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey key = keyFactory.generateSecret(keySpec);
sun.misc.BASE64Encoder base64encoder = new BASE64Encoder();
sun.misc.BASE64Decoder base64decoder = new BASE64Decoder();
.........

// ENCODE plainTextPassword String
byte[] cleartext = plainTextPassword.getBytes("UTF8");      

Cipher cipher = Cipher.getInstance("DES"); // cipher is not thread safe
cipher.init(Cipher.ENCRYPT_MODE, key);
String encrypedPwd = base64encoder.encode(cipher.doFinal(cleartext));
// now you can store it 
......

// DECODE encryptedPwd String
byte[] encrypedPwdBytes = base64decoder.decodeBuffer(encryptedPwd);

Cipher cipher = Cipher.getInstance("DES");// cipher is not thread safe
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] plainTextPwdBytes = (cipher.doFinal(encrypedPwdBytes));

More Related Contents:

  1. How to convert fuzzy hash string to a file? [closed]
  2. How to convert a letter to an another letter in Java [duplicate]
  3. Initial bytes incorrect after Java AES/CBC decryption
  4. Problems converting byte array to string and back to byte array
  5. How do I use 3DES encryption/decryption in Java?
  6. Which Cipher Suites to enable for SSL Socket?
  7. Recommendations on a free library to be used for zipping files [closed]
  8. Image encryption/decryption using AES256 symmetric block ciphers [closed]
  9. Encryption of video files?
  10. Converting Secret Key into a String and Vice Versa
  11. Converting a Java Keystore into PEM Format
  12. JSchException: Algorithm negotiation fail
  13. Java equivalent of an OpenSSL AES CBC encryption
  14. Handling Java crypto exceptions
  15. Why does my AES encryption throws an InvalidKeyException?
  16. Using SHA1 and RSA with java.security.Signature vs. MessageDigest and Cipher
  17. How to decrypt an encrypted AES-256 string from CryptoJS using Java? [closed]
  18. How do I generate a SALT in Java for Salted-Hash?
  19. How to encrypt and decrypt String with my passphrase in Java (Pc not mobile platform)? [duplicate]
  20. Size of data after AES/CBC and AES/ECB encryption
  21. javax.crypto.BadPaddingException
  22. How can I list the available Cipher algorithms?
  23. CryptoJS AES encryption and Java AES decryption
  24. java.io.IOException: Invalid Keystore format
  25. java.security.NoSuchAlgorithmException:Cannot find any provider supporting AES/ECB/PKCS7PADDING
  26. Java equivalent of C++ encryption [duplicate]
  27. Encrypt and decrypt a String in java
  28. Java AES 128 encrypting differently to openssl
  29. How are the IV and authentication tag handled for “AES/GCM/NoPadding”?
  30. AES/CBC/PKCS5Padding vs AES/CBC/PKCS7Padding with 256 key size performance java

Leave a Comment