Tagged Questions

65
votes
15answers
15k views

Lessons learned and misconceptions regarding encryption and cryptology

Cryptology is such a broad subject that even experienced coders will almost always make mistakes the first few times around. However encryption is such an important topic, often we can't afford to ...
8
votes
5answers
2k views

How can I decrypt data with Java, without hard-coding the key?

I hope this is not a chicken-egg problem or reinventing the wheel but here goes. I have a Java application that needs to access a password protected file (actually during the application startup). The ...
8
votes
3answers
24k views

How can I export my private key from a Java Keytool keystore?

I would like to export my private key from a Java Keytool keystore, so I can use it with openssl. How can I do that?
3
votes
4answers
358 views

Base64 conversion for byte array in encryption

I am using ECC algorithm for security. Now the concern is I am placing the data in web page after encryption of the data in hex format and transmit to server and then it decrypts the data, but when I ...
3
votes
1answer
476 views

Storage of 'secrets', keystores, HSMs and the rest

I've been digging for the past few days into storage of sentitive data. If I store this data in a database, I believe the general accepted practice is to store sensitive data encrypted, for various ...
3
votes
1answer
375 views

Securing sensitive data in a DB,is using H2 worth it?

I am designing a web application at the moment, and one of the requirements is to secure the user credentials as well as their roles. Now ofc besides the usual pwd hashing + salt +.... I was thinking ...
2
votes
4answers
737 views

Bouncy Castle - document signed by sender and only readable by receiver?

I am building an application that requires secure data transfer. In particular, the sender has a data file that needs to be sent to the receiver. It is required that only the receiver be able to read ...
2
votes
2answers
296 views

What is the correct way to assess and compare Certicom's products to the alternatives?

I'm investigating Certicom's API because they are "free" with the Blackberry implementations, and have come to realize that I have several alternatives for implementing crypto such as BouncyCastle, ...
1
vote
1answer
316 views

Best Practices for Storing Digital Certificate

I'm building an application where certain sensitive files need to be digitally signed before being stored in the file system using ASN.1 encoding, so they can be verified against a digital certificate ...
1
vote
2answers
2k views

Encrypting string in javascript and decryption in java

I would like to know if someone know any library to do encryption in javascript and decryption in java. I have already tried many API, But getting not not getting same values in java. I want ...
1
vote
1answer
70 views

Implementing a commitment scheme in java

Are there any implementations of cryptographic commitment schemes available as API/libraries in Java? I looked around in the security package and couldn't find much. Any help is appreciated. Thanks
1
vote
2answers
922 views

where can find sample coding for use of Bouncy Castle(java)?

I had found bcprov-ext-jdk16-145.jar and bcprov-jdk16-145.zip. I wish to use the IDEA encryption to encrypt XML, but i haven't found any sample of coding in JAVA. Can anyone tell me how to call the ...
0
votes
0answers
7 views

Why SecureRandomSpi or other SPI (Service Provider Interface) in java security are abstract not interface? [migrated]

SecureRandomSpi is Service Provider Interface. All the abstract methods in this class must be implemented by each service provider who wishes to supply the implementation of a cryptographically strong ...
0
votes
0answers
113 views

Encryption in Messaging/RAbbitMQ/SOA [closed]

I'm a student and now 2nd time poster, please excuse any lacking detail on my part. For my exams I'm doing a cross-platorm application using RabbitMQ for messaging. It'll serve as POC for both SOA ...