I'm trying to implement the RSA encryption/decryption algorithm on a text of String. However, everything I have found online either uses Cipher, or they are performing the algorithm on an integer. Could anybody give me a simple guide for implementing this on for example, a sentence?
I prefer not to use Cipher or any other libraries because I want to know how it works.
Edit: Thanks for the help everyone. I finally got it to work :)
The best thing for you to do would be to get fimiliar with the algorithm itself. Wikipedia has decent explanation on it. Then you need to implement modular operations. When you accomplish the above simply treat a message you want to encrypt as a number (rather big number in fact) and follow the operations described in wiki. A sentence (or any other character sequence) can be treated as a number as its just sequence of bytes.
RSA all depends on the large prime numbers and how they are very hard to factor. For further knowledge on the subject I'm gonna give you two resources that will explain the algorithm in further depth. I would recommend writing down which variables/methods you will want to create in java to stay organized.
Here are resources:
YouTube Clip which Explains the premise of the algorithm:
RSA Cipher Explained
More Interactive Slide Explanation:
RSA Algorithm Slide Show
Related
hello I am new to java and i want to develop a simple login application where i have to store values in db. I have read many examples for encryption and decryption but i cant understand(may be because of complex english words) what is algorithm,key, padding and why we have to use getBytes(). Can you explain in detail with examples in simple english. Which algorithm,padding is best useful for encryption and decryption.Is key a predefined fixed word or can we set our own key. Code will be much useful.
Im kinda newbie on the subject so id just recommend hashing and salting the passwords, i cannot offer much more insight, but i found this video which i found to be quite extensive and interesting on the subject, and iirc he even shows some code samples and examples, i recommend starting from there and come back with doubts from that!
The general gist of things is getting the original password string, and generate a random string with it, concatenating both, then hashing the combined form of those and storing the hashed form of both and the random string, then, when that person is going to login, you apply the same salt to the password inserted and compare it to the hashed form in your database.
This has advantages over standard hashing because the random string is unique per user, meaning all hashes, even from the same passwords, will be different, while in normal hashing, youd get the same hash for the same passwords, and thus, it would be easier to crack some if many users had the same password, which cant be done in this case, since every hash key is different.
So remember, generate random string, concat it, hash the concatted string, store the hash and the random string into the db, and compare on login.
I am actually nicely surprised, someone asked before doing it wrong way.
However what are you asking is quite broad for a single answer. I'd advice to take at least some basic course on cryptography (I'd recoment the Coursera. Even if you don't finish your course, you will get pretty good basics what and why you shoud or should not do.
simple login application where i have to store values in db
If the values you mean user passwords, then use slow salted hash, please read https://nakedsecurity.sophos.com/2013/11/20/serious-security-how-to-store-your-users-passwords-safely/
If you want to encrypt some values reversibly, there are plenty examples around, though not all are secure,
Code will be much useful
you may check
https://gusto77.wordpress.com/2017/10/30/encryption-reference-project/
what is algorithm,key, padding and why we have to use getBytes().
I will start with the bytes. Encryption works with byte arrays. So for any text you need to convert your data, keys, passwords,.. to byte arrays. As well the encrypted data are byte arrays.
For the algorithm, padding,.. I really advice you to learn about it a little more yourself.
There are ciphers (algorithm) which are considered secure today, it is more important that you use them properly.
Just for an example, commonly used is AES/CBC/PKCS5Padding
AES - cipher (encryption algorithm)
CBC - mode of operation
PKCS5Padding - padding to fit data into required block length
.Is key a predefined fixed word or can we set our own key.
Key is your secret value, you need the same key to decrypt encrypted data, but the key is yours, the best if it's random
I would like to ask if there is any possibility to do de-hashing with salt.
Because currently I using doing encrypt with salt and hash. But I want to study about de-hashing part, is it possible to do de-hashing ?
I'm assuming that by de-hashing, you mean reversing the hashing process.
Hashing is a form of one way encryption. The original message is entirely destroyed in the process of creating the hash and, therefore, it is not possible to reverse the process. If it is possible, then that is a problem with the hashing algorithm.
Or in more formal terms, Hashing algorithms, by definition, are not Bijective.
I created an encryption program and I am wondering how hard it would be for a cracker to decrypt the output from this program?
My computer is having trouble pasting the code here so here is a link where you can download it.
This encryption program works by taking the ASCII value of each character, square-rooting it, and then multiplying the result by 8.
Then, it replaces the space between each character's double with one of 500 strings which are formatted like this: (Random amount of whitespace)(Random 5-digit integer)(Random amount of whitespace).
And then finally, it replaces the decimal point with one of 500 similarly-formatted strings.
The program just does everything in reverse to decrypt the encrypted files.
What do you guys think? Thanks
Since there is no secret part of that algorithm, the "cracker" would just write a decryption algorithm you described and get the original message. It is not the algorithm complexity that makes the encryption strong. For the currently used encryption algorithms the algorithm itself is publicly available. It is a "secret" - a decryption key known only to the recipient of the encrypted message - that makes it strong. Start by looking at the article on public-key cryptography.
I assume this is just for research/fun, but a word of advice: never try to implement your own encryption scheme, use one of the existing and proven algorithms.
I am trying to make my Server more secure, using public key cryptography. I'm not looking for examples on how this works, I understand it. I need help actually encrypting my strings that i'm sending...
So, currently, I'm simply making a public/private key string by taking the current nano time, and converting it into a hexidecimal string, 20 times. It makes an output like:
8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df8ebe14df
which is fine. But how would i encrypt my message, say "hi", with this key? I've tried converting both into binary, and multiplying them, but then i couldnt un-convert them, because to do that, there have to be spaces in the binary number, but to multiply them, there cant be. can anyone help me?
Thanks in advance!
Also, let me know if you need any more info!
Take a look at this example: http://stilius.net/java/java_ssl.php
Don't try to invent your own cryptographic algorithm, I know that it sounds interesting but it's also not very safe. Try to use already implemented algorithms and protocols. I suggest you to take a look at the link. Though if you do this just for the fun of it then go ahead, if it's for a client or for something that others (than you at least) use then stick to the known protocols.
It's not just an issue of formatting or playing with binary or hexadecimal numbers here. You don't make a public/private key the way you suggested, as it wouldn't have the necessary cryptographic properties that public/private keys usually have. Also, using the current time in nano s is hardly worthy of being used as any kind of an encryption key. If you want to do this in Java, there are libraries that can do public key crypto for you, such as BouncyCastle (http://bouncycastle.org/). It's quite easy to use and implement some amount of cryptographic security into your application with it.
Based on a previous question, I am using a sequential integer as a record ID in my database. I want to obfuscate the integer IDs using Skip32. I found a Java implementation but I am uncertain of how to initialize it using the standard JCE APIs. I need to encrypt an integer and decrypt it as necessary. Can anyone show me an example of this?
The code you found belongs to the Cryptix project. You need not just this one file, but you should take the whole package. Take the JCE package, install it as a provider. Then you should be able to use
Cipher c = Cipher.getInstance("SKIPJACK");
But actually, instead of using an unsupported library like Cryptix, using the BouncyCastle library (or parts thereof) might be more recommendable. They have lots of documentation, and a SkipJack-implementation, too.
I'm not sure why you would need to use Skipjack instead of any cipher which comes with your JRE, though - just for the smaller block size?
If I understand right, Skip32 is a separate cipher (working on 4-byte blocks), just build by similar principles like Skipjack (which works on 8-byte blocks). I didn't find any specification of it, only some C and Perl source code, so I doubt there will be some Java implementation available. Have a look at Format-preserving encryption on Wikipedia, or Can you create a strong blockcipher with small blocksize, given a strong blockcipher of conventional blocksize? on Cryptography Stack Exchange, which show other ways of building a small-block cipher from a larger one.
You might find this blog post on secure permutations with block ciphers useful in figuring out how to implement it. Any block cipher with a sufficiently short block size will suffice.