You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Tauren Mills <ta...@groovee.com> on 2011/04/05 04:43:41 UTC
Creating crypto Key from string
Les,
I'm sure I'm missing something really basic, but what is the best way to
save and recreate Keys? I want to store a key somewhere so that every time
my app runs, it loads the key and uses it.
Assume I've run the following to create a Key:
AesCipherService cipherService = new AesCipherService();
Key appKey = cipherService.generateNewKey();
1. I need to save this Key as a String to put into a property file or some
other persistent storage. How can I best get a String representation of this
Key? I'm assuming something as simple as this would do the trick:
String mykey = new String(key.getEncoded());
2. When my app starts, it loads the String representation of the Key from
the property file. I'm unclear on how to create a Key from that String.
This is all very simple to do with Salts, but looking at the JSSE docs, I'm
not seeing how to create a Key from a string.
Thanks!
Tauren
Re: Creating crypto Key from string
Posted by Tauren Mills <ta...@tauren.com>.
Thanks! Silly me, I was thinking that AesCipherService.decrypt() took a Key,
but it takes a byte[]. That makes it much easier to use.
As I was playing around with this, I was thinking that Shiro could have some
helper methods to load keys from string or file. I do like the idea of
providing the key to the cipher service initially and not having to pass it
with each encrypt or decrypt call.
In case it helps, I found the following after doing some googling:
DESedeKeySpec spec = new DESedeKeySpec("key string here".getBytes());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey key = keyFactory.generateSecret(spec);
Obviously, the code above isn't right since it uses DES, but I wasn't sure
what type of "spec" to use.
Tauren
On Mon, Apr 4, 2011 at 7:57 PM, Les Hazlewood <lh...@apache.org> wrote:
> Hi Tauren,
>
> Try this:
>
> Key key = cipherService.generateNewKey();
> String base64 = new SimpleByteSource(key.getEncoded()).toBase64();
>
> Then put the base64 string somewhere (in a props file, etc).
>
> When you need to reverse the process, you can do this:
>
> byte[] bytes = Base64.decode(encoded);
>
> You'll use the 'bytes' variable as your argument to the CipherService
> methods.
>
> Does that help?
>
> Cheers,
>
> Les
>
> P.S. That reminds me. I think it'd be a good idea to have a Cryptor
> interface - a component that stores the key as an internal attribute
> so encryption and decryption operations don't require a key argument.
> It would probably itself use an internal CipherService to do its
> work...
>
Re: Creating crypto Key from string
Posted by Les Hazlewood <lh...@apache.org>.
Hi Tauren,
Try this:
Key key = cipherService.generateNewKey();
String base64 = new SimpleByteSource(key.getEncoded()).toBase64();
Then put the base64 string somewhere (in a props file, etc).
When you need to reverse the process, you can do this:
byte[] bytes = Base64.decode(encoded);
You'll use the 'bytes' variable as your argument to the CipherService methods.
Does that help?
Cheers,
Les
P.S. That reminds me. I think it'd be a good idea to have a Cryptor
interface - a component that stores the key as an internal attribute
so encryption and decryption operations don't require a key argument.
It would probably itself use an internal CipherService to do its
work...