Constant result for encryption of string in Java
https://stackoverflow.com/questions/9751831
-
24-05-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I would like to encrypt a string ( user's email ) and always obtain the same resulting string I am saving the user's email as login user name, because I have searches on that field ( for example, user's email already exists when registering. Or select user's password where email = 'abc' )
For password encryption and decryption I use Jasypt which does the job.
String encryption, I can encrypt and decrypt but I haven't found a way to have the decryption constant.
I have searched a lot for the solution but none seem to address my problem. It is possible I am not using the right keywords, I am not familiar with encryption.
I don't have to use Jasypt for the string encryption. anything that transforms "hello@hello.com" into "@ABC#EFG" every time would be great.
I have also tried scrambling the bytes of the string using different scrambling algorithms according to length of string, first letter etc. Unfortunately, it stops working when I save the encrypted string in MySQL. From what I understand, every byte which ends up having a Unicode value that MySQL doesn't like is not saved correctly ( it works fine when I use a string present in the test class, but not when I actually save encrypted String and retrieve from DB )
Any ideas - links to solution?
Thanks very much in advance, Dan
Solution
Just have a look at any hash methods. MD5, SHA-1, SHA-256 can be obtained using MessageDigest. Just get the bytes of your original strings (using getBytes("UTF-8")), and you should have always the same result.
OTHER TIPS
You need to use a fixed salt generator.
http://www.jasypt.org/api/jasypt/1.8/org/jasypt/salt/FixedStringSaltGenerator.html
Essentially when you are setting up things like your algorithm, or password, you'll have another password you generate and use in the fixed salt generator. From there you will get the same result each time you encrypt a string.
As a side note, having the same encrypted string each time oddly enough doesn't result in case sensitive searches. Searching for Miller against the encrypted version of "Miller" won't return the record. It's only when you save the data as lowercase that you have a chance at ignoring case sensitivity. For example, hibernate: Restrictions.eq(fieldname, value).ignoreCase(). That will match your searching string against the encrypted version of the lower case string fine, no matter what the case sensitivity is you search for.
Why not simply use the MD5 hash of the string? Just make sure you convert all alphabet characters into either uppercase or lowercase, as those will result in different output.
Have a look at the Apache Commons Codec library. Specifically the MD5 algorithm in the DigestUtils. There are also various other digests in the Apache Commons Codec library like SHA etc.
If I understood the problem right, you have to see to the hash methods, for example in the Java Cryptography Architecture or may be this topic will be usefull for you (I've not seen it deeply)
