dummies guide to java encryption

Discussion in 'Java' started by Andy Fish, Jun 21, 2004.

  1. Andy Fish

    Andy Fish Guest

    Hi,

    In my java app I want to include a licence key (see previous post for
    detailed information on the futility of this approach :) and I need to stop
    someone tampering with the key so I need to use some combination of message
    hash and encryption. ideally the encryption should be asymmetric so that the
    encryption key which goes out with the program (to decrypt the licence key )
    is not the same as the one that is used to generate the licence key in the
    first place.

    so I'm looking for some APIs like

    String encrypt (String plaintext, String password)
    String decrypt (String cyphertext, String password)
    String computeHash(String plaintext, [String password])

    Obviously I'm not expecting it to be quite this easy but reading the JCE
    documentation it's far from obvious to me how to go about this. I see that
    there is a DSA algorithm called SHA1withRSA that sounds like it should do
    both in one step, but I can't figure out how to use it.

    The only JCE tutorial I've seen uses this:

    KeyGenerator kg = KeyGenerator.getInstance(...);
    Key key = kg.generateKey();

    but I need to save the key and use it later. I can't see any mechanism for
    generating a key from a passphrase or deserialising an existing key from a
    string or byte array.

    Can anyone point me at a simple tutorial or example of doing things like
    encryption and message hashing using JCE?

    As a subsidiary question, I ran some sample code to list all the provider
    information and there were 5 separate providers (SUN, SunJSSE, SunRsaSign,
    SunJCE, and SunJGSS). can I safely assume these will all be present on any
    installation of Sun's java 1.4? - the documentation only mentioned SunJCE.

    Andy
    Andy Fish, Jun 21, 2004
    #1
    1. Advertising

  2. "Andy Fish" <> wrote in message
    news:XQzBc.1694$...
    > Hi,
    >
    > In my java app I want to include a licence key (see previous post for
    > detailed information on the futility of this approach :) and I need to

    stop
    > someone tampering with the key so I need to use some combination of

    message
    > hash and encryption. ideally the encryption should be asymmetric so that

    the
    > encryption key which goes out with the program (to decrypt the licence

    key )
    > is not the same as the one that is used to generate the licence key in the
    > first place.
    >
    > so I'm looking for some APIs like
    >
    > String encrypt (String plaintext, String password)
    > String decrypt (String cyphertext, String password)
    > String computeHash(String plaintext, [String password])


    I found Java Cryptography by Knudson to be good.

    Cheers,
    Matt Humphrey http://www.iviz.com/
    Matt Humphrey, Jun 21, 2004
    #2
    1. Advertising

  3. Andy Fish

    Roedy Green Guest

    On Mon, 21 Jun 2004 11:42:47 GMT, "Andy Fish"
    <> wrote or quoted :

    >Can anyone point me at a simple tutorial or example of doing things like
    >encryption and message hashing using JCE?


    Encryption is based on the idea the Bad Guys don't have the key. In
    the case of licensing, they do. Otherwise the program could not run.

    See my http://mindprod.com/products.html#WRAPPER
    which does digital signing, encryption and armouring.

    You could for example digitally sign your license file that contains
    the capabilities. You can verify in your program that the licence file
    could only have been created by you, the holder of the corresponding
    private key. However, the hacker can simply remove the code that does
    that check. Most licensing schemes use a simplified variant of this,
    e.g. doing a checksum of the licence or treat the licence as a big
    binary number and do a modulo some prime. This only stops casual
    cheats who are not prepared to hack the code.

    You could for example encrypt the licence file. If the program
    contains the key to decrypt it, so has the hacker.

    Your best defence is to require frequent updates. Then you can keep
    changing the security schemes to keep the hackers on their toes and
    eventually wear them out.

    see http://mindprod.com/jgloss/obfuscator.html

    --
    Canadian Mind Products, Roedy Green.
    Coaching, problem solving, economical contract programming.
    See http://mindprod.com/jgloss/jgloss.html for The Java Glossary.
    Roedy Green, Jun 21, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. moko

    Caching for dummies

    moko, Dec 11, 2003, in forum: ASP .Net
    Replies:
    1
    Views:
    330
    Suresh
    Dec 11, 2003
  2. elearning
    Replies:
    0
    Views:
    339
    elearning
    Apr 1, 2006
  3. elearning
    Replies:
    1
    Views:
    271
  4. James Mills
    Replies:
    1
    Views:
    765
    rantingrick
    Aug 3, 2010
  5. Mark Tolonen
    Replies:
    0
    Views:
    529
    Mark Tolonen
    Aug 3, 2010
Loading...

Share This Page