 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / November 2007DES Encryption Java for the Basic authentication PHP
Hi, I'm new of this group... My name's Thomas. I need an algorithm to encrypt a string with the DES encryption, that works whit the basic auth in PHP. I've tried some algorithms but the output don't works whit php.... May someone help me?? Thanks a lot everybody.... Bye > My name's Thomas. Hmm. > I need an algorithm to encrypt a string with the DES encryption, that > works whit the basic auth in PHP. > I've tried some algorithms but the output don't works whit php.... There's really only one algorithm for DES. It has several modes of operation. Maybe you could find out which mode PHP uses? http://www.itl.nist.gov/fipspubs/fip81.htm Johnny wrote: >> My name's Thomas. >> I need an algorithm to encrypt a string with the DES encryption, that >> works whit the basic auth in PHP. >> I've tried some algorithms but the output don't works whit php.... > There's really only one algorithm for DES. It has several modes of > operation. Maybe you could find out which mode PHP uses? > > http://www.itl.nist.gov/fipspubs/fip81.htm Thomas, please provide an SSCCE of the sort of thing you've tried. <http://www.physci.org/codes/sscce.html>  SignatureLew > Johnny wrote: > >> My name's Thomas. [quoted text clipped - 11 lines] > -- > Lew ------------------------------------------------------------ import javax.crypto.*; public class DesEncrypter { Cipher ecipher; Cipher dcipher; DesEncrypter(SecretKey key) { try { ecipher = Cipher.getInstance("DES"); dcipher = Cipher.getInstance("DES"); ecipher.init(Cipher.ENCRYPT_MODE, key); dcipher.init(Cipher.DECRYPT_MODE, key); } catch (javax.crypto.NoSuchPaddingException e) { } catch (java.security.NoSuchAlgorithmException e) { } catch (java.security.InvalidKeyException e) { } } public String encrypt(String str) { try { // Encode the string into bytes using utf-8 byte[] utf8 = str.getBytes("UTF8"); // Encrypt byte[] enc = ecipher.doFinal(utf8); // Encode bytes to base64 to get a string return new sun.misc.BASE64Encoder().encode(enc); } catch (javax.crypto.BadPaddingException e) { } catch (IllegalBlockSizeException e) { } catch (java.io.IOException e) { } return null; } public String decrypt(String str) { try { // Decode base64 to get bytes byte[] dec = new sun.misc.BASE64Decoder().decodeBuffer(str); // Decrypt byte[] utf8 = dcipher.doFinal(dec); // Decode using utf-8 return new String(utf8, "UTF8"); } catch (javax.crypto.BadPaddingException e) { } catch (IllegalBlockSizeException e) { } catch (java.io.IOException e) { } return null; } public static void main(String args[]){ try { SecretKey key = KeyGenerator.getInstance("DES").generateKey(); DesEncrypter encrypter = new DesEncrypter(key); System.out.println(encrypter.encrypt("ciao")); } catch (Exception e) { e.printStackTrace(); } } } --------------------------------------------------------- This is the code i've founded on internet, i don't know if the output is right or wrong, i only know that php basic auth don't works with this encryption.... > I need an algorithm to encrypt a string with the DES encryption, that > works whit the basic auth in PHP. > I've tried some algorithms but the output don't works whit php.... BASIC Authentication does not use DES. It uses a simple Bse64 encoding of username:password ! Arne >> I need an algorithm to encrypt a string with the DES encryption, that >> works whit the basic auth in PHP. [quoted text clipped - 5 lines] > > Arne To clarify. Base authentication is not secure against eavesdropping or packet sniffing. SignatureDaniel Pitts' Tech Blog: <http://virtualinfinity.net/wordpress/> On Nov 3, 1:17 am, Arne Vajh?j <a...@vajhoej.dk> wrote: > > I need an algorithm to encrypt a string with the DES encryption, that > > works whit the basic auth in PHP. [quoted text clipped - 5 lines] > > Arne So, why here http://it2.php.net/crypt tell me that function crypt() uses a standard DES encryption... I need an algorithm to produce an encryption like this lrB4D/h6wbVTM to have this output i called this function crypt("ciao","lr"); Thank you all. >>> I need an algorithm to encrypt a string with the DES encryption, that >>> works whit the basic auth in PHP. [quoted text clipped - 5 lines] > So, why here http://it2.php.net/crypt tell me that function crypt() > uses a standard DES encryption... crypt uses DES, but crypt has nothing to do with Basic Authentication. Arne On Nov 3, 3:29 pm, Arne Vajh?j <a...@vajhoej.dk> wrote: > > On Nov 3, 1:17 am, Arne Vajh?j <a...@vajhoej.dk> wrote: > >>> I need an algorithm to encrypt a string with the DES encryption, that [quoted text clipped - 10 lines] > > Arne Oh.... and what kind of encryption does the basic auth uses?? Thomas >Oh.... and what kind of encryption does the basic auth uses?? it works like this with a clear text password (base64 armoured). // code to add to a URLConnection GET request // to add basic userid/password authentication. // For JDK 1.1- where Authenticator is not available. import com.mindprod.base64.Base64; import java.net.URL; import java.net.URLConnection; //... String userid = "Alladin"; String password = "sesame"; String stringUserIdPassword = userid + ":" + password; byte[] byteUserIdPassword = stringUserIdPassword.getBytes( "ASCII" ); String base64UserIdPassword = new Base64().encode( byteUserIdPassword ); urlc.setRequestProperty( "Authorization", "Basic " + base64UserIdPassword ); urlc.connect() However, you don't need to code that longhand. You just use an Authenticator. See http://mindprod.com/jgloss/authentication.html SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com >>>>> I need an algorithm to encrypt a string with the DES encryption, that >>>>> works whit the basic auth in PHP. [quoted text clipped - 6 lines] > > Oh.... and what kind of encryption does the basic auth uses?? See above under >>>>. Arne >>>>> I need an algorithm to encrypt a string with the DES encryption, that >>>>> works whit the basic auth in PHP. >>>>> I've tried some algorithms but the output don't works whit php.... >>>> BASIC Authentication does not use DES. > Oh.... and what kind of encryption does the basic auth uses?? > Thomas HTTP Basic Authentication uses no encryption at all. Here's a simplified outline of it: A user clicks a link in their web browser, and the web server recognizes that URL as protected with Basic Authentication. The web server checks the HTTP request packet for a special header, containing the username and password in plain, Base-64 encoded text. There is no such header originally, so the web server returns a special type of error message to the browser. The web browser gets the message and prompts the user to enter a username and password. That information is added to the HTTP request packet, and that packet is sent again. Now the web server sees the correct header, and looks up the username and password someplace. If all is well the request is honored and the protected web page is fetched and returned. All subsequent requests by your web browser to that same protected part of the web (called a "realm") will automatically include that authentication header. So you don't get prompted for a username and password every time. Note there is no DES or crypt used at all. Base-64 encoding is an alternative to ASCII encoding. This is not the same thing as using encryption! This scheme is so insecure that it should only be used with HTTPS, which encrypts all parts of all packets. Now you can use this with PHP. If your PHP script returns the correct error message to the browser when the request packet lacks the proper basic auth header, the user will see the same dialog box pop up requesting a username and password, for that "realm". There is a lot of material on the web about secure PHP pages, http://phpsec.org/ for example. What any of this has to do with Java, I don't know. You can of course code up a servlet to do this, but most of this stuff is built into Java already, as some other posters have pointed out. Maybe you should continue this discussion in a PHP newsgroup? You might get more PHP experts answering you there! -Wayne >>> I need an algorithm to encrypt a string with the DES encryption, that >>> works whit the basic auth in PHP. [quoted text clipped - 15 lines] > > crypt("ciao","lr"); If you need the crypt functionality in Java then look at: http://www.dynamic.net.au/christos/crypt/ crypt do use DES, but are not a simple DES. http://en.wikipedia.org/wiki/Crypt_%28Unix%29 says: #The traditional implementation uses a modified form of the DES #algorithm. The user's password is truncated to eight characters, and #those are coerced down to only 7-bits each; this forms the 56-bit DES #key. That key is then used to encrypt an all-bits-zero block, and then #the ciphertext is encrypted again with the same key, and so on for a #total of 25 DES encryptions. A 12-bit salt is used to perturb the #encryption algorithm, so standard DES implementations can't be used to #implement crypt(). The salt and the final ciphertext are encoded into a #printable string in a form of base 64. Arne On Nov 3, 3:40 pm, Arne Vajh?j <a...@vajhoej.dk> wrote: > > On Nov 3, 1:17 am, Arne Vajh?j <a...@vajhoej.dk> wrote: > >>> I need an algorithm to encrypt a string with the DES encryption, that [quoted text clipped - 38 lines] > > Arne Ok thank you all, I've solved my problem thi this algorithm... http://www.dynamic.net.au/christos/crypt/JCrypt.txt Thank you Arne.. Bye >I need an algorithm to encrypt a string with the DES encryption, that >works whit the basic auth in PHP. Try http://mindprod.com/jgloss/authentication.html Authenticator might handle it automagically. SignatureRoedy Green Canadian Mind Products The Java Glossary http://mindprod.com Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.