DES Encryption Java for the Basic authentication PHP

[Johnny]

Hi,

I'm new of this group...

My name's Thomas.

I need an algorithm to encrypt a string with the DES encryption, that
works whit the basic auth in PHP.
I've tried some algorithms but the output don't works whit php....

May someone help me??

Thanks a lot everybody....

Bye

 

[RedGrittyBrick]

My name's Thomas.
Hmm.



I need an algorithm to encrypt a string with the DES encryption, that
works whit the basic auth in PHP.
I've tried some algorithms but the output don't works whit php....

There's really only one algorithm for DES. It has several modes of
operation. Maybe you could find out which mode PHP uses?

http://www.itl.nist.gov/fipspubs/fip81.htm

 

[Lew]

There's really only one algorithm for DES. It has several modes of
operation. Maybe you could find out which mode PHP uses?

http://www.itl.nist.gov/fipspubs/fip81.htm

Thomas, please provide an SSCCE of the sort of thing you've tried.
<http://www.physci.org/codes/sscce.html>

 

[Johnny]

Thomas, please provide an SSCCE of the sort of thing you've tried.
<http://www.physci.org/codes/sscce.html>

------------------------------------------------------------

import javax.crypto.*;
public class DesEncrypter {
Cipher ecipher;
Cipher dcipher;

DesEncrypter(SecretKey key) {
try {
ecipher = Cipher.getInstance("DES");
dcipher = Cipher.getInstance("DES");
ecipher.init(Cipher.ENCRYPT_MODE, key);
dcipher.init(Cipher.DECRYPT_MODE, key);

} catch (javax.crypto.NoSuchPaddingException e) {
} catch (java.security.NoSuchAlgorithmException e) {
} catch (java.security.InvalidKeyException e) {
}
}

public String encrypt(String str) {
try {
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes("UTF8");

// Encrypt
byte[] enc = ecipher.doFinal(utf8);

// Encode bytes to base64 to get a string
return new sun.misc.BASE64Encoder().encode(enc);
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (java.io.IOException e) {
}
return null;
}

public String decrypt(String str) {
try {
// Decode base64 to get bytes
byte[] dec = new
sun.misc.BASE64Decoder().decodeBuffer(str);

// Decrypt
byte[] utf8 = dcipher.doFinal(dec);

// Decode using utf-8
return new String(utf8, "UTF8");
} catch (javax.crypto.BadPaddingException e) {
} catch (IllegalBlockSizeException e) {
} catch (java.io.IOException e) {
}
return null;
}
public static void main(String args[]){
try {
SecretKey key =
KeyGenerator.getInstance("DES").generateKey();
DesEncrypter encrypter = new DesEncrypter(key);
System.out.println(encrypter.encrypt("ciao"));

} catch (Exception e) {
e.printStackTrace();
}

}

}

 

[=?ISO-8859-1?Q?Arne_Vajh=F8j?=]

I need an algorithm to encrypt a string with the DES encryption, that
works whit the basic auth in PHP.
I've tried some algorithms but the output don't works whit php....

BASIC Authentication does not use DES.

It uses a simple Bse64 encoding of usernameassword !

Arne

 

[Daniel Pitts]

BASIC Authentication does not use DES.

It uses a simple Bse64 encoding of usernameassword !

Arne

To clarify. Base authentication is not secure against eavesdropping or
packet sniffing.

 

[Johnny]

BASIC Authentication does not use DES.

It uses a simple Bse64 encoding of usernameassword !

Arne

So, why here http://it2.php.net/crypt tell me that function crypt()
uses a standard DES encryption...

I need an algorithm to produce an encryption like this

lrB4D/h6wbVTM

to have this output i called this function

crypt("ciao","lr");

Thank you all.

 

[=?ISO-8859-1?Q?Arne_Vajh=F8j?=]

So, why here http://it2.php.net/crypt tell me that function crypt()
uses a standard DES encryption...

crypt uses DES, but crypt has nothing to do with Basic Authentication.

Arne

 

[=?ISO-8859-1?Q?Arne_Vajh=F8j?=]

So, why here http://it2.php.net/crypt tell me that function crypt()
uses a standard DES encryption...

I need an algorithm to produce an encryption like this

lrB4D/h6wbVTM

to have this output i called this function

crypt("ciao","lr");

If you need the crypt functionality in Java then look at:

http://www.dynamic.net.au/christos/crypt/

crypt do use DES, but are not a simple DES.

http://en.wikipedia.org/wiki/Crypt_(Unix)

says:

#The traditional implementation uses a modified form of the DES
#algorithm. The user's password is truncated to eight characters, and
#those are coerced down to only 7-bits each; this forms the 56-bit DES
#key. That key is then used to encrypt an all-bits-zero block, and then
#the ciphertext is encrypted again with the same key, and so on for a
#total of 25 DES encryptions. A 12-bit salt is used to perturb the
#encryption algorithm, so standard DES implementations can't be used to
#implement crypt(). The salt and the final ciphertext are encoded into a
#printable string in a form of base 64.

Arne

 

[Johnny]

crypt uses DES, but crypt has nothing to do with Basic Authentication.

Arne

Oh.... and what kind of encryption does the basic auth uses??

Thomas

 

[Roedy Green]

I need an algorithm to encrypt a string with the DES encryption, that
works whit the basic auth in PHP.

Try http://mindprod.com/jgloss/authentication.html

Authenticator might handle it automagically.

 

[Roedy Green]

Oh.... and what kind of encryption does the basic auth uses??

it works like this with a clear text password (base64 armoured).

// code to add to a URLConnection GET request
// to add basic userid/password authentication.
// For JDK 1.1- where Authenticator is not available.
import com.mindprod.base64.Base64;
import java.net.URL;
import java.net.URLConnection;

//...

String userid = "Alladin";

String password = "sesame";

String stringUserIdPassword = userid + ":" + password;

byte[] byteUserIdPassword = stringUserIdPassword.getBytes( "ASCII" );

String base64UserIdPassword = new Base64().encode( byteUserIdPassword
);

urlc.setRequestProperty( "Authorization", "Basic " +
base64UserIdPassword );

urlc.connect()


However, you don't need to code that longhand. You just use an
Authenticator. See http://mindprod.com/jgloss/authentication.html

 

[=?ISO-8859-1?Q?Arne_Vajh=F8j?=]

Oh.... and what kind of encryption does the basic auth uses??

See above under >>>>.

Arne

 

[Wayne]

Oh.... and what kind of encryption does the basic auth uses??
Thomas

HTTP Basic Authentication uses no encryption at all. Here's
a simplified outline of it:

A user clicks a link in their web browser, and the web server
recognizes that URL as protected with Basic Authentication.

The web server checks the HTTP request packet for a special
header, containing the username and password in plain,
Base-64 encoded text. There is no such header originally,
so the web server returns a special type of error message
to the browser.

The web browser gets the message and prompts the user to
enter a username and password. That information is
added to the HTTP request packet, and that packet is
sent again.

Now the web server sees the correct header, and looks up
the username and password someplace. If all is well the
request is honored and the protected web page is fetched
and returned.

All subsequent requests by your web browser to that same
protected part of the web (called a "realm") will automatically
include that authentication header. So you don't get
prompted for a username and password every time.

Note there is no DES or crypt used at all. Base-64
encoding is an alternative to ASCII encoding. This
is not the same thing as using encryption!

This scheme is so insecure that it should only be used
with HTTPS, which encrypts all parts of all packets.

Now you can use this with PHP. If your PHP script returns
the correct error message to the browser when the request
packet lacks the proper basic auth header, the user
will see the same dialog box pop up requesting a
username and password, for that "realm".

There is a lot of material on the web about secure PHP
pages, http://phpsec.org/ for example.

What any of this has to do with Java, I don't know.
You can of course code up a servlet to do this, but
most of this stuff is built into Java already, as
some other posters have pointed out. Maybe you
should continue this discussion in a PHP newsgroup?
You might get more PHP experts answering you there!

-Wayne

 

[Johnny]

If you need the crypt functionality in Java then look at:

http://www.dynamic.net.au/christos/crypt/

crypt do use DES, but are not a simple DES.

http://en.wikipedia.org/wiki/Crypt_(Unix)

says:

#The traditional implementation uses a modified form of the DES
#algorithm. The user's password is truncated to eight characters, and
#those are coerced down to only 7-bits each; this forms the 56-bit DES
#key. That key is then used to encrypt an all-bits-zero block, and then
#the ciphertext is encrypted again with the same key, and so on for a
#total of 25 DES encryptions. A 12-bit salt is used to perturb the
#encryption algorithm, so standard DES implementations can't be used to
#implement crypt(). The salt and the final ciphertext are encoded into a
#printable string in a form of base 64.

Arne

Ok thank you all, I've solved my problem thi this algorithm...

http://www.dynamic.net.au/christos/crypt/JCrypt.txt

Thank you Arne..

Bye