The requirements on this task are vague, but I will try and fill in
as much as I understand it.
They want me to "use SSL Certificates to encrypt data files on the
disk, and use SSL certificates to decrypt the data files when needed."
This is something I have never done before, nor have I found any
references searching google on how to do this. With your additional
tips, I may be able to get the right hits on google now.
It will be X509 certificates. The same cert they would be using from
a keystore for handling HTTPS and a SSLSocket. The key will be
retrieved from a webservice call.
They do not want to do PGP (I suggested it), and I would prefer to
use the built in Java JCE and not use bouncy or cryptix.
This is the example code I have come up with...but it doesn't work.
FileOutputStream out = new FileOutputStream("encrypted.txt");
FileInputStream in = new FileInputStream("clear.txt");
CipherOutputStream cos = new CipherOutputStream(out, ecipher);
byte[] buffer = new byte[2048];
int bytesRead = 0;
while ((bytesRead = in.read(buffer)) != -1) {
cos.write(buffer, 0, bytesRead);
}
cos.close();
in.close();
out = new FileOutputStream("decrypted.txt");
in = new FileInputStream("encrypted.txt");
CipherInputStream cis = new CipherInputStream(in, dcipher);
buffer = new byte[2048];
bytesRead = 0;
while ((bytesRead = in.read(buffer)) != -1) {
out.write(buffer, 0, bytesRead);
}
cis.close();
out.close();
}
Thanks,
Ben
On Apr 21, 2008, at 5:43 PM, Bruno Harbulot wrote:
Hi Ben,
Ben Spink wrote:
A client is wanting to use SSL certificates to encrypt files on
disk. When needed, use the cert to decrypt he file.
Presumably, you mean X.509 certificates. You can encipher data
using the public key of the certificate (Certificate.getPublicKey
()). You obviously won't be able to decipher it without having the
private key (which isn't part of the certificate).
Is this possible? To me it doesn't make sense. I can do this
using other methods like DES or PGP via java, but I can't think of
any way of using the cert in this process or using SSL.
This is not strictly related to SSL, but you can get the remote
certificate using SSL, and then extract the public key and use
something like PGP. How to get it may depend on how you set up the
client or the server. For example, if it's a bespoke server, you
may be able to get remote certificate from
SSLSession.getPeerCertificateChain(); if it's a Servlet or a
Restlet, there are request attributes from which you can get the
certificate.
I thought of wrapping a sslsocket and catching the encrypted data
before it was decrypted, but this seems like it wouldn't work as I
wouldn't expect the data to be decryptable.
This doesn't seem to make much sense...
Could you describe your scenario more precisely? When you said "use
SSL certificates", did you mean "X.509 certificates + private key
stored in a PKCS#12 file"? Is it all done locally? If so, this
doesn't have much to do with SSL, but something like BouncyCastle
could help you build are PGPSecretKey from a pair of X.509
certificate and private key, which could help you use the OpenPGP
API of BouncyCastle (I've done something like that and it works).
This could allow you to encipher and decipher locally.
If it's not local, I think the only case that makes sense would be
to have the remote peer use the public key of your local
certificate (which it would have obtained during the establishment
of the SSL session) to encipher data, which you would only be able
to decipher at a later time using your private key (locally). This
is in fact a variant of the previous case, since you would use the
public key to encipher anyway.
Best wishes,
Bruno.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
