SQLServerCentral Article

Using Java to Encrypt Passwords

,

Using Java to Encrypt Passwords

  • A set of Java classes for encrypting passwords

  • Uses the powerful java Cryptography API

  • Need to download JCE 1.2 from http://www.javasoft.com

    • Then make sure that you have placed jce1_2-do.jar in the CLASSPATH.

      You can decompress the jar, but then it expands into multiple paths and you have

      more configuration work to do. So just add the jar file to the CLASSPATH. The

      CLASSPATH can be changed in System/Environment tab in the Control

      Panel.

  • If you need a COM dll then use Visual J++ to put a COM wrapper around them.

    After you have created a COM object you can use an SQL Server stored procedure

    or an ASP page to invoke it.

  • Enciphering and ciphering data depend on having a key. If you change the key

    then all your passwords will not work. Also if someone can get your key they can

    get all your passwords. So the table or file holding the key must be guarded

    with extreme care.

  • The connection is made using the ODBC-JDBC Bridge, since this is the most

    available driver. However, for any real java database work you will need a

    commercial JDBC driver such as WebLogic.

    • Please make sure that your ODBC connection has the following

      unchecked: "Use ANSI nulls,padding and warning". If it is

      checked then you will have a string with nulls appended to the size of the

      VARCHAR.

  • The passwordSecure.java creates a command line program with a sampler of the

    methods available. Normally the calling program would have a web interface, but

    it is simpler to present it this way.

  • If you have further questions please contact me at Les Smith/FONT>

  • The classes:

    • GetConnection.java used for connecting to

      the database

    • GenKeys.java: used for generating a key. You need

      to run at least once. If you run again you invalidate existing passwords.

    • Encrypt.java: used to encrypt a string using the

      generated key

    • PasswordSecure.java: a calling class.

      Calls encrypt or decrypt. Example: java passwordSecure les test. Argument 0 is

      the login name. Argument 1 is the password.


Return to Les Smith's Home

 

Rate

You rated this post out of 5. Change rating

Share

Share

Rate

You rated this post out of 5. Change rating