I need to encrypt a complete java object. I am having a code which i have seen on internet which shows how to encrypt and decrypt text not the java object. So i was confused whether this is possible to encrypt complete java object. The code which i am using is below.
package security;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
/**
* This class defines methods for encrypting and decrypting using the Triple DES
* algorithm and for generating, reading and writing Triple DES keys. It also
* defines a main() method that allows these methods to be used from the command
* line.
*/
public class TripleDesEncryptionDecryption {
/**
* The program. The first argument must be -e, -d, or -g to encrypt,
* decrypt, or generate a key. The second argument is the name of a file
* from which the key is read or to which it is written for -g. The -e and
* -d arguments cause the program to read from standard input and encrypt or
* decrypt to standard output.
*/
private static final String UNICODE_FORMAT = "UTF8";
public static final String DESEDE_ENCRYPTION_SCHEME = "DES/ECB/NoPadding";
private KeySpec myKeySpec;
private SecretKeyFactory mySecretKeyFactory;
private Cipher cipher;
byte[] keyAsBytes;
private String myEncryptionKey;
private String myEncryptionScheme;
SecretKey key;
static String stringToEncrypt="";
public void setKey(String myKey) throws Exception
{
myEncryptionKey = myKey ;
myEncryptionScheme = DESEDE_ENCRYPTION_SCHEME;
keyAsBytes = myEncryptionKey.getBytes(UNICODE_FORMAT);
myKeySpec = new DESedeKeySpec(keyAsBytes);
mySecretKeyFactory = SecretKeyFactory.getInstance(myEncryptionScheme);
cipher = Cipher.getInstance(myEncryptionScheme);
key = mySecretKeyFactory.generateSecret(myKeySpec);
}
/**
* Method To Encrypt The String
*/
public String encrypt(String unencryptedString) {
String encryptedString = null;
try {
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] plainText = unencryptedString.getBytes(UNICODE_FORMAT);
byte[] encryptedText = cipher.doFinal(plainText);
BASE64Encoder base64encoder = new BASE64Encoder();
encryptedString = base64encoder.encode(encryptedText);
} catch (Exception e) {
e.printStackTrace();
}
return encryptedString;
}
/**
* Method To Decrypt An Ecrypted String
*/
public String decrypt(String encryptedString) {
String decryptedText=null;
try {
cipher.init(Cipher.DECRYPT_MODE, key);
BASE64Decoder base64decoder = new BASE64Decoder();
byte[] encryptedText = base64decoder.decodeBuffer(encryptedString);
byte[] plainText = cipher.doFinal(encryptedText);
decryptedText= bytes2String(plainText);
} catch (Exception e) {
e.printStackTrace();
}
return decryptedText;
}
/**
* Returns String From An Array Of Bytes
*/
private static String bytes2String(byte[] bytes) {
StringBuffer stringBuffer = new StringBuffer();
for (int i = 0; i < bytes.length; i++) {
stringBuffer.append((char) bytes[i]);
}
return stringBuffer.toString();
}
/**
* Testing The DESede Encryption And Decryption Technique
*/
public static void main(String args []) throws Exception
{
TripleDesEncryptionDecryption myEncryptor= new TripleDesEncryptionDecryption();
String encrypted=myEncryptor.encrypt(stringToEncrypt);
String decrypted=myEncryptor.decrypt(encrypted);
System.out.println("String To Encrypt: "+stringToEncrypt);
System.out.println("Encrypted Value :" + encrypted);
System.out.println("Decrypted Value :"+decrypted);
}
}
There is a Java-class called SealedObject
(doc) which exactly does what you want to achieve.
This class enables a programmer to create an object and protect its confidentiality with a cryptographic algorithm.
There is only one restriction for the Object to encrypt, it must be Serializable
.
MyObject myObj = new MyObject(); // must be serializable
Cipher cipher;
/* initialize fully with IV, key and Cipher.ENCRYPT_MODE */
/* encrypt `myObj` */
SealedObject sealedObj = new SealedObject(myObj, cipher);
/* decrypt `sealedObj` */
MyObjct decryptedObj = (MyObject) sealedObj.get(key); // `key` = encryption-key
Basically this class does the serialization with ObjectOutputStream
and ByteArrayOutputStream
for you and automatically tracks the algorithm used for encryption.
You can encrypt bytes. Text is bytes, you can serialize a Java object to bytes, so technically it's possible (for example with an ObjectOutputStream
connected to a ByteArrayOutputStream
).
However it sounds strange, why do you think you need to encrypt an object, instead of the essential data inside an object?
来源:https://stackoverflow.com/questions/25399785/encrypt-complete-object-with-triple-des