You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by Tauren Mills <ta...@groovee.com> on 2011/04/05 04:43:41 UTC

Creating crypto Key from string

Les,

I'm sure I'm missing something really basic, but what is the best way to
save and recreate Keys? I want to store a key somewhere so that every time
my app runs, it loads the key and uses it.

Assume I've run the following to create a Key:

AesCipherService cipherService = new AesCipherService();
Key appKey = cipherService.generateNewKey();

1. I need to save this Key as a String to put into a property file or some
other persistent storage. How can I best get a String representation of this
Key? I'm assuming something as simple as this would do the trick:
    String mykey = new String(key.getEncoded());

2. When my app starts, it loads the String representation of the Key from
the property file. I'm unclear on how to create a Key from that String.

This is all very simple to do with Salts, but looking at the JSSE docs, I'm
not seeing how to create a Key from a string.

Thanks!
Tauren

Re: Creating crypto Key from string

Posted by Tauren Mills <ta...@tauren.com>.
Thanks! Silly me, I was thinking that AesCipherService.decrypt() took a Key,
but it takes a byte[]. That makes it much easier to use.

As I was playing around with this, I was thinking that Shiro could have some
helper methods to load keys from string or file. I do like the idea of
providing the key to the cipher service initially and not having to pass it
with each encrypt or decrypt call.

In case it helps, I found the following after doing some googling:

DESedeKeySpec spec = new DESedeKeySpec("key string here".getBytes());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey key = keyFactory.generateSecret(spec);

Obviously, the code above isn't right since it uses DES, but I wasn't sure
what type of "spec" to use.

Tauren







On Mon, Apr 4, 2011 at 7:57 PM, Les Hazlewood <lh...@apache.org> wrote:

> Hi Tauren,
>
> Try this:
>
> Key key = cipherService.generateNewKey();
> String base64 = new SimpleByteSource(key.getEncoded()).toBase64();
>
> Then put the base64 string somewhere (in a props file, etc).
>
> When you need to reverse the process, you can do this:
>
> byte[] bytes = Base64.decode(encoded);
>
> You'll use the 'bytes' variable as your argument to the CipherService
> methods.
>
> Does that help?
>
> Cheers,
>
> Les
>
> P.S.  That reminds me.  I think it'd be a good idea to have a Cryptor
> interface - a component that stores the key as an internal attribute
> so encryption and decryption operations don't require a key argument.
> It would probably itself use an internal CipherService to do its
> work...
>

Re: Creating crypto Key from string

Posted by Les Hazlewood <lh...@apache.org>.
Hi Tauren,

Try this:

Key key = cipherService.generateNewKey();
String base64 = new SimpleByteSource(key.getEncoded()).toBase64();

Then put the base64 string somewhere (in a props file, etc).

When you need to reverse the process, you can do this:

byte[] bytes = Base64.decode(encoded);

You'll use the 'bytes' variable as your argument to the CipherService methods.

Does that help?

Cheers,

Les

P.S.  That reminds me.  I think it'd be a good idea to have a Cryptor
interface - a component that stores the key as an internal attribute
so encryption and decryption operations don't require a key argument.
It would probably itself use an internal CipherService to do its
work...