Keywords: DES DES3 Acme Crypto Cipher BlockCipher Encrypt Decrypt Lauren wrote: > I am looking for good ideas on how to best do the following: We have two > different applications running that need to pass authentication information > ... I was thinking of encrypting the information and then passing it ... Hi Lauren, There are a few ways you can do this. 1. The easiest is if both servers can access the same database. If so, you can just stick any user info into the database, along with some kind of long random number for an identifier. Send the long random number to the second server, which can then retrieve the database user info row and delete it. 2. Shared-key encryption, where both servers share the same key. This is a fine solution if both servers are similarly secure, and you can trust both website apps to "be in on the secret". This is sometimes called symmetric (or single key) encryption. 3. Public-private-key encryption, where there are four keys: Server1 public & private, and Server2 public & private. This is sometimes called asymmetric with signatures. Server1 encrypts the user info using Server2 public, and signs the resulting message using Server1 private. Then Server2 uses Server1 public to authenticate the message, and finally decrypts it using Server2 private. As you might imagine, this approach is more complex. I assume you understand how to do #1. I am sending a sample solution to #2. I am guessing that you don't need #3, but if so, I can build it up for you. When you pass your string, be sure to include a timestamp and some kind of random ID. These will prevent a hacker from copying the URL string and "replaying" the URL later. Your second server should keep track of expired IDs. Download these files: http://www.netdynamics.com/java/src/com/sun/netdynamics/demo/DesDemo.java http://www.netdynamics.com/java/src/com/acme/crypto/DesCipher.java http://www.netdynamics.com/java/src/com/acme/crypto/BlockCipher.java http://www.netdynamics.com/java/src/com/acme/crypto/Cipher.java http://www.netdynamics.com/java/src/com/acme/crypto/CryptoUtils.java http://www.netdynamics.com/java/src/com/acme/Utils.java Cheers, Joel ____________________________________________________________________________ Joel Henderson [EMAIL PROTECTED] - 1-800-558-2197 Sun NetDynamics Web Manager http://sun.com/netdynamics/ _________________________________________________________________________ For help in using, subscribing, and unsubscribing to the discussion forums, please go to: http://www.netdynamics.com/support/visitdevfor.html For dire need help, email: [EMAIL PROTECTED]
