Java AES encryption/decryption always return the same content -

-

i wrote little test case aes encryption , decryption. plan read text file, encrypt key , decrypt again. problem is, text same, wrong password not result in unreadable text.

where problem in code or did make fundamental mistake ?

main.java

import javax.crypto.spec.secretkeyspec;  public class main {     public static void main(string[] args) throws exception {         new main();     }      public main() throws exception {         reader reader = new reader();         string text = reader.readfile("/home/benjamin/test.txt");         system.out.println("original text before encryption: " + text);          // user verschlüsselt und speichert ab         crypto crypto = new crypto();         secretkeyspec secretkey = crypto.generatesecretkey("123456aa");         byte[] encryptedtext = crypto.encrypt(text, secretkey);          // user b lädt datei und kennt das passwort         crypto crypto2 = new crypto();         secretkeyspec secretkey2 = crypto2.generatesecretkey("1kkk23456aajbhhjbhjb");         byte[] decryptedtext = crypto2.decrypt(encryptedtext, secretkey2);         system.out.println("original text after encryption: " + new string(decryptedtext, "utf-8"));     } }

crypto.java

import java.security.messagedigest; import java.util.arrays;  import javax.crypto.cipher; import javax.crypto.spec.secretkeyspec;   public class crypto {     public secretkeyspec generatesecretkey(string password) throws exception {         messagedigest shahash = messagedigest.getinstance("sha-1");         byte[] key = shahash.digest();         key = arrays.copyof(key,  16);         return new secretkeyspec(key, "aes");     }      public byte[] encrypt(string text, secretkeyspec secretkey) throws exception {         cipher cipher = cipher.getinstance("aes");         cipher.init(cipher.encrypt_mode, secretkey);         return cipher.dofinal(text.getbytes());     }      public byte[] decrypt(byte[] encryptedtext, secretkeyspec secretkey) throws exception {         cipher cipher = cipher.getinstance("aes");         cipher.init(cipher.decrypt_mode, secretkey);         return cipher.dofinal(encryptedtext);     } }

this problem:

public secretkeyspec generatesecretkey(string password) throws exception {     messagedigest shahash = messagedigest.getinstance("sha-1");     byte[] key = shahash.digest();     key = arrays.copyof(key,  16);     return new secretkeyspec(key, "aes"); }

you don't use password anywhere within generatesecretkey, it'll create same secret key every time...

if change to:

public secretkeyspec generatesecretkey(string password) throws exception {     messagedigest shahash = messagedigest.getinstance("sha-1");     byte[] key = shahash.digest(password.getbytes("utf-8"));     key = arrays.copyof(key,  16);     return new secretkeyspec(key, "aes"); }

then fail expected when given wrong password. doesn't mean it's best way of creating secret key, or of rest of crypto code appropriate, don't have enough experience comment on that.


Comments

Post a Comment

Popular posts from this blog

java - activate/deactivate sonar maven plugin by profile? -

-
i use sonar plugin executes if activated in maven profile. sonar runs on every compile. the problem build fail other team members not have sonar application installed locally. pom.xml checked in team members same copy including sonar configuration, don't want them modify purpose of disabling sonar (they might inadvertently check modified copy in). please advise how configure maven (.m2/settings.xml) and/or pom.xml sonar feature can enabled/disabled local profile. here sonar configuration in each project's pom.xml: <plugin> <groupid>org.codehaus.mojo</groupid> <artifactid>sonar-maven-plugin</artifactid> <version>1.0</version> <executions> <execution> <id>make-sonar</id> <phase>compile</phase> <goals> <goal>sonar</goal> </goals> </execution> </executions> ...
Read more

python - TypeError: can only concatenate tuple (not "float") to tuple -

-
i'm new python, question might easy, anyway, patience: as trying call newton-raphson method calculate implied volatility in black-scholes formula call/put option pricing, first thing is, newton method in scipy.optimize seems calculate function's zeros, in black-scholes formula, want function's value option price, not zero. (i'm new here programming, i'm not sure techniques.) should write function things like: def f(sigma, price): return bsformula(s0,k,r,t,q,sigma) - price then, while calling newton method, takes args=() 1 parameter in function, write this: value = newton(bsprice2, 0.5, args=price) but error message: file "bs.py", line 36, in bsimpvol value = newton(bsprice2, 0.5, args=float(price)) file "/usr/lib/python2.7/dist-packages/scipy/optimize/zeros.py", line 143, in newton q0 = func(*((p0,) + args)) typeerror: can concatenate tuple (not "float") tuple could tell me why that? how fix it? apprecia...
Read more

java - What is the difference between String. and String.this. ? -

-
this question has answer here: meaning of .this , .class in java 2 answers i'll straight point. im still learning bit of syntax , want know difference between code is code a: public class buttonz extends jbutton{ public buttonz(){ settext(new string(string.valueof(i))); } } please ignore fact i undeclared, not lost. code b: public class buttonz extends jbutton{ public buttonz(){ settext(new string(string.this.charat(i))); } } what don't yet understand difference in typing string.this , string. i under assumption when use dot operator on class accessing it's static methods(and/or variables if they're not hidden). i have studied little bit , have concluded when using string. accessing string static methods.. when using string.this. i'm accessing methods class buttonz extendi...
Read more