[jira] Commented: (CLK-608) Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, byte[] key16)

Mon, 15 Mar 2010 12:05:53 -0700 

    [ 
https://issues.apache.org/jira/browse/CLK-608?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12845465#action_12845465
 ] 

Andrei Ionescu commented on CLK-608:
------------------------------------

Why not a better solution like:
http://www.jcryption.org/

> Add ClickUtils.encode(Object, byte[] key16) and ClickUtils.decode(String, 
> byte[] key16)
> ---------------------------------------------------------------------------------------
>
>                 Key: CLK-608
>                 URL: https://issues.apache.org/jira/browse/CLK-608
>             Project: Click
>          Issue Type: Improvement
>          Components: core
>            Reporter: Andrey Rybin
>            Priority: Minor
>
> ClickUtils has handy methods encode(Object) and decode(String), but it is 
> possible for client to corrupt our internal state in saved objects.
> If you will add also encode(Object, byte[] key16) and 
> ClickUtils.decode(String, byte[] key16), which will encipher serialized, 
> gzipped object before base64 encoding and decipher after base64 decoding, 
> then objects will be safe and we can store all sensitive information on 
> client side.
> Encipher/decipher are easy in Java:
>   private static final String DEFAULT_CRYPT_ALGORITHM = "AES";
>   public static byte[] encrypt (@NotNull final byte[] src, @NotNull final 
> byte[] key16) throws IllegalArgumentException {
>     final Key sks = new SecretKeySpec(key16, 
> DEFAULT_CRYPT_ALGORITHM);//throws IAE
>     try {
>       final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
>       cf.init(Cipher.ENCRYPT_MODE, sks);
>       //byte[] out = cf.update(buf, 0, n);
>       return cf.doFinal(src);
>     } catch (Throwable e) {
>       throw new IllegalArgumentException("encrypt failed for "+ 
> toHexString(key16) +'='+ sks, e);
>     }//t
>   }//encrypt
>   public static byte[] decrypt (@NotNull final byte[] src, @NotNull final 
> byte[] key16) throws IllegalArgumentException {
>     final Key sks = new SecretKeySpec(key16, 
> DEFAULT_CRYPT_ALGORITHM);//throws IAE
>     try {
>       final Cipher cf = Cipher.getInstance(DEFAULT_CRYPT_ALGORITHM);
>       cf.init(Cipher.DECRYPT_MODE, sks);
>       //byte[] out = cf.update(buf, 0, n);
>       return cf.doFinal(src);
>     } catch (Throwable e) {
>       throw new IllegalArgumentException("decrypt failed for "+ 
> toHexString(key16) +'='+ sks, e);
>     }//t
>   }//decrypt

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to