password encrytion and decryption

[Deepa]

Hi,

I want to encrypt and decrypt the password .
I have the code for encrytion but can anyone help me to get the code
for decrytion using the same API's.

I have used the following code for Encryption

****************************************************************************************************

package com.netapp.hraf.helper;

//import com.certicom.tls.provider.MessageDigest;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
//import org.myorg.SystemUnavailableException;
import sun.misc.BASE64Encoder;
import sun.misc.CharacterEncoder;

public final class PasswordServiceHelper
{
public static PasswordServiceHelper instance;

public PasswordServiceHelper()
{
}

public synchronized String encrypt(String plaintext) throws Exception
{
MessageDigest md = null;
try
{
md = MessageDigest.getInstance("SHA"); //step 2
}
catch(NoSuchAlgorithmException e)
{
throw new Exception(e.getMessage());
}
try
{
md.update(plaintext.getBytes("UTF-8")); //step 3
}
catch(UnsupportedEncodingException e)
{
throw new Exception(e.getMessage());
}

byte raw[] = md.digest(); //step 4
String hash = (new BASE64Encoder()).encode(raw); //step 5
System.out.println("the password in hash is "+hash);
return hash; //step 6
}

public static synchronized PasswordServiceHelper getInstance() //step
1
{
if(instance == null)
{
instance = new PasswordServiceHelper();
}
return instance;
}
}


****************************************************************************************************

Thanks,
Deepa

 

[Babu Kalakrishnan]

I want to encrypt and decrypt the password .
I have the code for encrytion but can anyone help me to get the code
for decrytion using the same API's.

I have used the following code for Encryption

You have to understand that MessageDigests such as SHA or MD5 are one
way hash functions - and it is generally not possible to retrieve the
original message if you have just the hash value available.

If you need this only for authentication, use of a one way hash would
be good enough - but the procedure for authentication would be to ask
the user for the password, compute the digest of the entered value and
compare it with the hashed original password.

On the other hand, if you need to encrypt the password (or any other
message) and have the capability to retrieve the original message
later, you should look at a crypto algorithm rather than a Hash - Check
out the docs for the javax.crypto package.

BK

 

[EJP]

Hi,

I want to encrypt and decrypt the password .

You probably don't want to do that at all. You probably want to
calculate and store a message digest on the password and on password
entry attempts, and just compare the digests rather than the passwords.

If passwords can't be decrypted at all, you have eliminated one very
large source of insecurity.