Security (encrypt / Decrypt) Across Machines
Feb 12, 2014
I am using AES/CBC/PKCS5Padding algorithm to encrypt/decrypt, it works fine across machines, since i am not using a Facrtory to create the secret . I am using constant SecretKeySpec and iv for the ciphers. This of course heart the security , and doesn't prevent the "man of the middle" problem .
I saw that there are ways with key generation with MAC , and RSA symmetric encryption , but i am not sure how to implement it , and how to it depends on local certificates or files .
View Replies
ADVERTISEMENT
Jun 30, 2014
I want to encrypt a file and decrypt it on another host. For decryption on another host I guess I need to transfer the cipher... how can this be done? How can you write a Cipher to disk?Or am I completely on a wron track?
The following code is doing it already on one host:
package test;
import java.io.FileInputStream;import java.io.FileOutputStream;import java.io.ObjectInputStream;import java.io.ObjectOutputStream;import java.io.Serializable;import java.security.Provider;
import javax.crypto.*;import javax.crypto.spec.DESKeySpec;
[Code] ....
View Replies
View Related
Oct 28, 2014
My assignment is to write a program that will encrypt and decrypt a sentence entered by a user but the encryption is to be random using an array. Can I convert my sentence(string) from char to int then create a random array to encrypt?
import java.util.Scanner;
import java.util.Random;
/*SentenceEncryptionProgram
*/
public class SentenceEncryption {
string sentence; //sentence entered by user
[Code] ....
View Replies
View Related
May 5, 2014
I made the program below in java and compiled with javac command in Window7 (64bit machine). It simply post my machine IP and Mac address to my server application.
When i run this script with java as >java Macregister
I get what is expected, the program runs well on my machine.
When I try to run it on other machines (Win8 - 32 Bit) I get error message and nothing works.
My problem is 1) to make it compatible for all machines 2) to convert it into JAR application so that it is self executable on different machines.
I am a new to Java and am struct,
import java.net.*;
import java.io.*;
public class Macregister{
public static void main(String[] args) throws Exception {
InetAddress add=InetAddress.getLocalHost();
NetworkInterface network = NetworkInterface.getByInetAddress(add);
byte[] mac = network.getHardwareAddress();
StringBuilder sb = new StringBuilder();
[Code]...
View Replies
View Related
Jul 25, 2014
Currently my java program is reading emails along with attachments from the mailing server. It works fine as long as the email and the attachments are "not" encrypted.
The problem comes when the email and/or the attachment are encrypted.
I need to extend my application so that it should be able to handle encrypted emails and attachments as well.
I did some research and found out that for decrypting the contents i need the private key of the recipient email id and the digital signature of the sender?
If my above understanding is correct, some reference java examples / snippets where i get some insight into the java api used to perform this?
View Replies
View Related
Aug 27, 2014
I am developing a java code using netbeans for encryption decryption by RSA algorithm. Swings and file handling play a major role in these code. My encryption code is working nicely but the code for decryption is not since keys file is not being read. That is why variable mod and pri are getting null values and the following error stack is coming. I know where the problem is somewhere in void readkeys() function but cannot solve it.
Exception in thread "AWT-EventQueue-0" java.lang.NullPointerException
at java.math.BigInteger.modPow(BigInteger.java:1579)
at rsakeydecryption1.RsaKeyDecryption.decryption(RsaKeyDecryption1.java:167)
at rsakeydecryption1.RsaKeyDecryption.read_output(RsaKeyDecryption1.java:294)
at rsakeydecryption1.RsaKeyDecryption.actionPerformed(RsaKeyDecryption1.java:330)
[Code] .....
My code for decryption is
package rsakeydecryption1;
import java.math.BigInteger;
import java.util.Random;
import java.io.*;
import javax.swing.*;
[Code] ....
View Replies
View Related
Jul 29, 2014
I am trying to encrypt a string using substitution cipher, the program doesnt show any errors but the output is not what is expected. On encryption it shows random characters whereas i want it to be encrypted by another letter. This is what I have done:
/* Encryption using substitution */
import java.io.*;
public class SSExp1 {
public static void main(String args[]) {
char[] ip= new char[20];
char[] op= new char[20];
char key = '3';
String b;
[Code] .....
View Replies
View Related
Mar 23, 2013
I have an encryption utility class. Can i use it some how to encrypt password before submitting form? I heard it can be done using applet.
View Replies
View Related
Mar 13, 2014
I have to encrypt the strings present in an array to the alphabet after 2 positions
Example:
my name is x
should give an output
oa pcog ku z
Although i have taken an input but unable to increment the char in the array...
View Replies
View Related
Apr 10, 2014
I've been given an assignment for my Programming Fundamentals class that requires the user to enter a word/sentence to encrypt or decipher, as well as requiring the user to enter a key in which to encrpyt/decrypt the input by.
So a = no shift, b = a shift by 1 and so on.
But I'm completely lost as to what to do, and after searching for Vigenere Cipher topics, they look completely different to mine and (hardly) include prompts?This is my code:
/**
* @(#)VigenereCipher.java
*/
import java.util.Scanner;
public class VigenereCipher
{
public VigenereCipher()
[code]....
View Replies
View Related
Feb 26, 2014
I have a simple applet that doesn't stray outside the sandbox. It used to work fine before Java 7 but now it craps out with security warnings. It does nothing but play a game, it doesn't even save the state of the game. This is the applet, it's a very simple chess program.
The warnings and popups I'm getting are:
activate javaTM platform SE 7U?allow now?activation blocked by security settings - I never changed any security settings and as I said, this applet stays firmly in the sandbox so I can't see what the issue is.Viewing the java error window I see
Java Plug-in 10.51.2.13
Using JRE version 1.7.0_51-b13 Java HotSpot(TM) Client VM
User home directory = C:UsersMike
----------------------------------------------------
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
[code]....
why it shows the C:UsersMike directory in the above listing, there is no access to files etc.The applet plays fine if I run it in appletviewer.What do I need to do to make this simply work in anyone's browser? I have a similar problem with a (rather funky) Connect 4 program I wrote. It worked fine for years and then just stopped with the Java 7.
View Replies
View Related
Jan 29, 2015
I know that Servlets are meant to do the JDBC tasks, JSP are only for displaying the final information forwarded by the Servlet.
JSP are Servlets too, but I heard an idea that it is safer to make database operations in a Servlet.
The idea is that I have a few JSP that use JSTL tags to retrieve some database information. By doing this I was concerned that this may be bad design, though I really wanted to get in fit with the JSTL tags.
Are there any security weaknesses if doing some JDBC stuff in a JSP, by using JSTL or plain Java code in <%...%>?
P.S. In my JSP I only retrieve data, not modifying it.
View Replies
View Related
May 12, 2014
I have JSP application naming myProject ,which has been deployed in webapp folder in tomcat. I want to provide security for myProject folder. I mean, I want to protect it from copying by someone else. Is there any way to do the same. I tried by hiding the folder using one of hiding software, but when I do that, I was not able to access those files in web browser.
View Replies
View Related
Jun 3, 2015
I wanna run apps using an outdated version of Java and not have it stop me for security certificates.
View Replies
View Related
Dec 8, 2014
I have made a very simple Java applet.
<HTML>
<BODY>
<CENTER>
<APPLET CODE="HelloWorldApp.class" WIDTH="862" HEIGHT="512"></APPLET>
</CENTER>
</BODY>
</HTML>
But when i try to open it i get the message: Application Blocked. Click for details.
- The list i see doesn't work
- If i click Ignore nothing happens
- If i click reload nothing happens
When i read and search the net i have to change my java security settings. The security setting are HIGH and i cannot change that.But i can fill in an Exception Site List...The hello.html file is on my NAS : file:///X:/Lantronix/hello.html..I fill this in the exception Site list -> I get a message that it is a security risk to add this location.
View Replies
View Related
Nov 13, 2014
I've been building out a course lab project over the last few weeks, and at the time (with what we knew), it made sense to use a session level ResourceBundle to facilitate translations.
In order to validate if there is a session level ResourceBundle, I have a filter running (checking if the bundle exists, creating one if not, etc...).
The problem I now have is the final step of the project (the part most recently taught), is to add Declarative Security.
Of course, when that happens the login.jsp is called and the Filter doesn't run. It's not a problem for most scenarios, except for someone who bookmarks a link inside the secure part of the site. Then, the ResourceBundle doesn't exist and the login.jsp content that should be translated is "".
Is there a way to indicate via the web.xml that a specific Filter should be allowed before the login.jsp is displayed?
I imagine JSTL:FMT is probably the best solution, but we don't cover that until after the lab is due. I have a (messy) short-term solution of creating a temporary ResourceBundle in the login.jsp via a scriplet if the session scope ResourceBundle is null, but I was wondering if I missed something with the web.xml.
View Replies
View Related
Oct 6, 2014
I have an FX application which invokes a REST JSON webservice. It works perfect if I run it standalone. But if I try to run it over browser, it throws java security exception.
It also works fine in web if I comment some lines that invokes the webservice (code that calls the webservice using jackson.)
Java version used is JDK 1.7u67
IE plugin version : 7.0.670.1
Error log :
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
[Code] .....
Jnlp File:
<?xml version="1.0" encoding="utf-8"?>
<jnlp spec="1.0" xmlns:jfx="http://javafx.com" href="uibuilder.jnlp">
<information>
<title>UI Builder</title>
<vendor>javafx.com</vendor>
<description>XEye UI Builder</description>
[Code] ....
View Replies
View Related
Dec 21, 2014
I have several Windows 7 Enterprise machines that have already been deployed via image and need to lower the security settings for use on internal web based applications.
Is there an easy way to manipulate the configuration (a file) so that I may simply make the changes by overwriting the current configuration settings instead of, having to go to each device, opening the Java console, and changing the security settings that way?
I have attempted to login as the machine administration, make the changes on the Java console with the hopes this configuration would have migrated to all user profiles that log into the PC. Is there a "public profile" configuration file I can change and if so, what should I do.
View Replies
View Related
Dec 15, 2014
I need to write a simple client to access a WS. Things I can not do :
Modify the serverAdd external jars
The client will be part of a command line call and will run as a stand alone.
I've been searching all day and have found hundreds of vague, overly complex examples, mostly based on SOAPHandler (which tells me I need to install server components which I cannot do). I grasp the general requirements but am having difficulty figuring out how to add the security elements to the header.
What do I need to do to add the username and password tokens to the header?
This is where I am so far.
package findingLetter;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;
[Code] ....
View Replies
View Related
Apr 10, 2014
I have been trying to implement a alphanumeric security code in JAVA. Here are my specifications:
1) Numbers and letters
2) There is user input
3) In the format of NNN-LL-NNNN where N=Numbers and L=UPPERCASE letters
4) If it is incorrect print out INVALID CODE
5) If it is correct print out VALID CODE
Here is what I have produced so far...
import java.util.*;
import java.io.*;
//Class Declaration
class WorkingWithStrings
{
//Main Method
public static void main(String[] args)
{
//Takes input from user
[Code]...
I have taking the approach of invoking a separate method that will check the validity of the security code. However I am having an issue with creating a statement that checks if the middle two characters of the security code are capital letters. This could possibly tie in with my understanding of strings.
View Replies
View Related
Jan 30, 2014
I have to validate security number based on tHIS REQUEST
If the SECURITYNNUBER IS INVALID UNDER THE SECURITYNUMBER attribute,it must reject(Date & algorith). To override the normal validation,the subject must contain INVALIDSECURITYNUMBER. The incorrect ID number must still reflect in the SECURITYNUMBER attribute.
THE FIRST 6 DIGIT IS DATE
EXAMPLE 7701205334086
public boolean val_SECURITYNUMBER()
{
boolean flag = true;
String u_Securtynr = transactionFile.getS_securtynumber();
// 1. Invalid securty number if completed
if(!isBlank(u_Securtynr))
[Code] .....
View Replies
View Related
Jul 10, 2012
I have been trying to find all day long a way to secure my .ear file from modifications made by third parties... My product is packaged as an .ear file which i send for deployment to other administrators. What i am looking for is a way to "sign" my version of .ear versus the deployed version of .ear to be sure that no modification has been made to my code...
View Replies
View Related
Nov 27, 2013
I have followed the Java tutorial on JAAS Authentication and Authorization. All the sample code in the tutorials works fine also when running under a security manager. Now I am trying to modify the LoginModule class, so that it uses a password file to look up users and passwords, but as soon as I try to run the code under a security manager, I get a Security Exception. I suppose it has something to do with the code havent been granted any access to read the password file? So I tried to add this to the policy file:
grant codebase "file:./sample/module/-" {
permission java.io.FilePermission "sample/module/passwords.txt", "read";
};
It didn't do any difference. why I get this Security Exception?
The only difference from my code to the tutorial code, is that I have added the lines:
Scanner scanner = null;
try {
scanner = new Scanner(new File("src/sample/module/passwords.txt"));
} catch (FileNotFoundException e) {
e.printStackTrace();
}
to the login() method of the SampleLoginModule class...
View Replies
View Related
Aug 15, 2014
I am working on an Eclipse based project that uses WTP Eclipse plugin. Since I have switched security on in that plugin (by checking "Enable Security" check box on) I'm having multiple problems. I get a stack of security errors - attached in this post. I also show my java.policy file. Because the of the mass exceptions I list only the top, although I have attached a docx file with full thing.
Here is my java.policy file:
grant codeBase "file:${catalina.base}/wtpwebapps/App/WEB-INF/lib/hibernate-core-4.3.5.Final.jar" {
permission java.util.PropertyPermission "*", "read, write";
};
grant codeBase "file:${catalina.home}/lib/catalina.jar" {
permission java.lang.RuntimePermission "*";
[Code] ....
Exceptions:
15/08/2014 10:12:43 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path:
C:Javajdk1.6.0_33in;C:WINDOWSSunJavain;
C:WINDOWSsystem32;C:WINDOWS;
[Code] .....
View Replies
View Related
Sep 12, 2014
I have tried running the java application without adding the site to site list in java security tab. But I get a sand box message as APPLICATION BLOCKED BY SECURITY SETTINGS. How to run the java application without adding the site to site list in java security tab.
View Replies
View Related