>We receive credit card information (and we are using SSL) and we would
>simply like to encrypt the data before we place it in the database and
>decrypt it after retrieving it. Now I have written my own two-way
>encryption
>algorithm but we would rather be able to tell our customers that we
>use some sort of recognized standard. I searched through the archives
>for this list and I spent considerable time reading about the Java
>Cyptography Extensions but I failed to find a simple example of encrypting
>and then decrypting a String. All I could find was stuff about
>public/private key pairs and certificates, but I'm not planning on sending
>the data accross a network so this doesn't seem to help.
>
>Suggestions?
Why do you need to decrypt the number?
You have the encrypted number in your database.
You receive a number that is not encrypted.
If you want to validate this number,
you are not going to decrypt what is in the database,
but you are going to encrypt the number you received
and check it against the encrypted number in the database.
You can encrypt 'byte[] number' as follows:
MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
messageDigest.update(number);
byte[] encryptedNumber = messageDigest.digest();
(Maybe you'll have to change the byte[]'s into Strings)
I used the Secure Hash algorithm (SHA-1) in this example,
but you can choose any algorithm you want in your application.
Hope this helps,
Bruno
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
