click-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrei Ionescu (JIRA)" <j...@apache.org>
Subject [jira] Commented: (CLK-608) Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16)
Date Mon, 15 Mar 2010 19:05:27 GMT

    [ https://issues.apache.org/jira/browse/CLK-608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12845465#action_12845465
] 

Andrei Ionescu commented on CLK-608:
------------------------------------

Why not a better solution like:
http://www.jcryption.org/

> Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16)
> ---------------------------------------------------------------------------------------
>
>                 Key: CLK-608
>                 URL: https://issues.apache.org/jira/browse/CLK-608
>             Project: Click
>          Issue Type: Improvement
>          Components: core
>            Reporter: Andrey Rybin
>            Priority: Minor
>
> ClickUtils has handy methods encode(Object) and decode(String), but it is possible for
client to corrupt our internal state in saved objects.
> If you will add also encode(Object, byte[] key16) and ClickUtils.decode(String, byte[]
key16), which will encipher serialized, gzipped object before base64 encoding and decipher
after base64 decoding, then objects will be safe and we can store all sensitive information
on client side.
> Encipher/decipher are easy in Java:
>   private static final String DEFAULT_CRYPT_ALGORITHM = "AES";
>   public static byte[] encrypt (@NotNull final byte[] src, @NotNull final byte[] key16)
throws IllegalArgumentException {
>     final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws IAE
>     try {
>       final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
>       cf.init(Cipher.ENCRYPT_MODE, sks);
>       //byte[] out = cf.update(buf, 0, n);
>       return cf.doFinal(src);
>     } catch (Throwable e) {
>       throw new IllegalArgumentException("encrypt failed for "+ toHexString(key16) +'='+
sks, e);
>     }//t
>   }//encrypt
>   public static byte[] decrypt (@NotNull final byte[] src, @NotNull final byte[] key16)
throws IllegalArgumentException {
>     final Key sks = new SecretKeySpec(key16, DEFAULT_CRYPT_ALGORITHM);//throws IAE
>     try {
>       final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
>       cf.init(Cipher.DECRYPT_MODE, sks);
>       //byte[] out = cf.update(buf, 0, n);
>       return cf.doFinal(src);
>     } catch (Throwable e) {
>       throw new IllegalArgumentException("decrypt failed for "+ toHexString(key16) +'='+
sks, e);
>     }//t
>   }//decrypt

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message