How to do AES encryption&decryption in java?

show you the code: Base64 UrlEncoder for query parameter the key and iv are configured in properties in base64 format. So I use Base64 Decoder decode them before create SecretKeySpec and IvParameterSpec. new SecretKeySpec(Base64.getDecoder().decode(aliasKey), "AES"), new IvParameterSpec(Base64.getDecoder().decode(aliasIv))); Since I am using AES to encrypt query parameter which will be transport via internet. so I use Base64 UrlEncoder for encrption and UrlDecoder for decryption. return Ba

Post, Code and Quiet Time. How to do AES encryption&decryption in java? By Errong Leng – 27 Apr 2023 – View online → Photo by Museum of New Zealand - Te Papa Tongarewa / Unsplash show you the code: @Override public String aesEncrypt(String input) { try { Cipher cipher = Cipher.getInstance(aliasAlgorithm); cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(Base64.getDecoder().decode(aliasKey), "AES"), new IvParameterSpec(Base64.getDecoder().decode(aliasIv))); byte[] cipherText = cipher.doFinal(input.getBytes(StandardCharsets.UTF_8)); return Base64.getUrlEncoder().encodeToString(cipherText); } catch (Exception e) { log.error("alias encrypt error", e); throw null; } } @Override public String aesDecrypt(String encryption) { try { Cipher cipher = Cipher.getInstance(aliasAlgorithm); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(Base64.getDecoder().decode(aliasKey), "AES"), new IvParameterSpec(Base64.getDecoder().decode(aliasIv))); byte[] plainText = cipher.doFinal(Base64.getUrlDecoder().decode(encryption)); return new String(plainText); } catch (Exception e) { log.error("alias decrypt error", e); throw null; } } view raw AESCipher.java hosted with ❤ by GitHub Base64 UrlEncoder for query parameter the key and iv are configured in properties in base64 format. So I use Base64 Decoder decode them before create SecretKeySpec and IvParameterSpec. new SecretKeySpec(Base64.getDecoder().decode(aliasKey), "AES"), new IvParameterSpec(Base64.getDecoder().decode(aliasIv))); Since I am using AES to encrypt query parameter which will be transport via internet. so I use Base64 UrlEncoder for encrption and UrlDecoder for decryption. return Base64.getUrlEncoder().encodeToString(cipherText); byte[] plainText = cipher.doFinal(Base64.getUrlDecoder().decode(encryption)); References: https://social.msdn.microsoft.com/Forums/en-US/f62047bc-9027-48d5-b613-d417179be582/best-encryption-for-query-string?forum=aspmvc https://en.wikipedia.org/wiki/Advanced_Encryption_Standard Post, Code and Quiet Time. © 2023 – Unsubscribe

How to write integration tests against LDAP in your spring boot java application?

The answer is to use an embedded ldap server. spring-ldap-test bring an embedded ldap server based on ApacheDS or UnboundID. In this post, I will demo how I use UnboundID and spring-ldap-test to do testing against an embedded LDAP server. The UnboundID LDAP SDK for Java is a fast, powerful, user-friendly, and completely free Java library for communicating with LDAP directory servers. It offers better performance, better ease of use, and more features than other Java-based LDAP APIs. It is act

Post, Code and Quiet Time. How to write integration tests against LDAP in your spring boot java application? By Errong Leng – 22 Apr 2023 – View online → Photo by Mathias Reding / Unsplash The answer is to use an embedded ldap server. spring-ldap-test bring an embedded ldap server based on ApacheDS or UnboundID. In this post, I will demo how I use UnboundID and spring-ldap-test to do testing against an embedded LDAP server. The UnboundID LDAP SDK for Java is a fast, powerful, user-friendly, and completely free Java library for communicating with LDAP directory servers. It offers better performance, better ease of use, and more features than other Java-based LDAP APIs. It is actively being developed and enhanced by Ping Identity and is a critical component of their Directory Server and other identity management software. Dependencies <dependency> <groupId>org.springframework.ldap</groupId> <artifactId>spring-ldap-test</artifactId> <version>${version}</version> <scope>test</scope> </dependency> <dependency> <groupId>com.unboundid</groupId> <artifactId>unboundid-ldapsdk</artifactId> <version>3.1.1</version> <scope>test</scope> </dependency> Configure Embedded LDAP server spring.ldap.embedded.base-dn=DC=com spring.ldap.embedded.credential.username=uid=admin spring.ldap.embedded.credential.password=secret spring.ldap.embedded.ldif=classpath:embedded-ldap-schema.ldif spring.ldap.embedded.validation.enabled=false Notes: please don't specify a port for the embedded LDAP server, it will find a free port for use. Otherwise your tests might failure due to port already been bind or used. Because each spring boot test will start an embedded LDAP server. Init LDAP data via LDIF schema The LDAP Data Interchange Format (LDIF) is a standard plain text data interchange format for representing Lightweight Directory Access Protocol (LDAP) directory content and update requests. LDIF conveys directory content as a set of records, one record for each object (or entry). It also represents update requests, such as Add, Modify, Delete, and Rename, as a set of records, one record for each update request. LDIF was designed in the early 1990s by Tim Howes, Mark C. Smith, and Gordon Good while at the University of Michigan. LDAP Data Interchange Format - Wikipedia Wikimedia Foundation, Inc.•Contributors to Wikimedia projects Below employee.ldif create a few entries to be pop to the LDAP server. dn: DC=com objectClass: domain objectClass: domainDNS objectClass: top dc: ca dn: OU=Users,DC=com objectClass: organizationalUnit objectClass: top instanceType: 4 dn: CN=ue1,OU=Users,DC=com objectClass: user givenName: ue1 mail: ue1@bestbuycanada.ca sn: ue1 userPrincipalName: ue1@domain.ca dn: CN=ue2,OU=Users,DC=com objectClass: user givenName: ue2 mail: ue1@bestbuycanada.ca sn: ue2 userPrincipalName: ue2@domain.ca dn: CN=ue3,OU=Users,DC=com objectClass: user givenName: ue3 mail: ue3@bestbuycanada.ca sn: ue3 userPrincipalName: ue3@domain.ca view raw employee.ldif hosted with ❤ by GitHub That is all. Then in your spring boot tests, you should have an embedded LDAP server with the above employees entries. The LdapTemplate bean will be automatically configured for you too. I will write another post to guide you how to use LdapTemplate to do pagination search against your LDAP server. Stay tuned! Apache Directory Studio I strong recommend this tool to explore your LDAP server directory while you build your spring boot java application with Spring LDAP framework. Apache Directory Studio is a complete directory tooling platform intended to be used with any LDAP server however it is particularly designed for use with ApacheDS. It is an Eclipse RCP application, composed of several Eclipse (OSGi) plugins, that can be easily upgraded with additional ones. These plugins can even run within Eclipse itself. Welcome to Apache Directory Studio — Apache Directory References 15. Testing UnboundID LDAP SDK for Java The UnboundID LDAP SDK for Java is a fast, powerful, user-friendly, and completely free Java library for communicating with LDAP directory servers. It offers better performance, better ease of use,… LDAP.com Post, Code and Quiet Time. © 2023 – Unsubscribe

How to do PGP decryption in Java?

In my previous post, I mentioned how to encrypt data with PGP public key. In this post, I will tell you how to decrypt the data with PGP private key. You need a PGP key pair to test the encryption and decryption and see it works. Check this post to generate the PGP key pair. Read|Load PGPPrivateKey from file don't forget the deps before you write your code. Check the encrypt post for it. Notes: The userId is the Real name + email address in format like: `Real <Email>` , you were asked to pro

Post, Code and Quiet Time. How to do PGP decryption in Java? By Errong Leng – 22 Apr 2023 – View online → Photo by Xavier von Erlach / Unsplash In my previous post, I mentioned how to encrypt data with PGP public key. In this post, I will tell you how to decrypt the data with PGP private key. You need a PGP key pair to test the encryption and decryption and see it works. Check this post to generate the PGP key pair. Read|Load PGPPrivateKey from file don't forget the deps before you write your code. Check the encrypt post for it. import java.io.IOException; import java.io.InputStream; import java.util.Iterator; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPrivateKey; import org.bouncycastle.openpgp.PGPSecretKey; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; import org.bouncycastle.openpgp.bc.BcPGPSecretKeyRingCollection; import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilder; import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider; public class PGPHelper { private PGPSecretKey getSignKey(final String userId, final InputStream input) throws IOException, PGPException { final PGPSecretKeyRingCollection pgpSec = new BcPGPSecretKeyRingCollection( org.bouncycastle.openpgp.PGPUtil.getDecoderStream(input)); final Iterator keyRingIter = pgpSec.getKeyRings(); while (keyRingIter.hasNext()) { final PGPSecretKeyRing keyRing = (PGPSecretKeyRing) keyRingIter.next(); final Iterator keyIter = keyRing.getSecretKeys(); while (keyIter.hasNext()) { final PGPSecretKey key = (PGPSecretKey) keyIter.next(); final Iterator idIter = key.getUserIDs(); while (idIter.hasNext()) { final String userID = idIter.next().toString(); if (userID.contains(userId) && key.isSigningKey()) { return key; } } } } throw new IllegalArgumentException(String.format("Can't find sign key in key ring with user id %s", userId)); } public PGPPrivateKey loadPrivateKey(final InputStream input, final String userId, final char[] passPhrase) throws IOException, PGPException { final PGPSecretKey secretKey = getSignKey(userId, input); return secretKey.extractPrivateKey( new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider()).build(passPhrase)); } } view raw PGPPrivateKey.java hosted with ❤ by GitHub Notes: The userId is the Real name + email address in format like: `Real <Email>` , you were asked to provide these when you create the PGP key pair. Remember the password too. Decrypt Data import java.io.InputStream; import org.bouncycastle.openpgp.PGPEncryptedData; import org.bouncycastle.openpgp.PGPEncryptedDataList; import org.bouncycastle.openpgp.PGPLiteralData; import org.bouncycastle.openpgp.PGPObjectFactory; import org.bouncycastle.openpgp.PGPPrivateKey; import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData; import org.bouncycastle.openpgp.bc.BcPGPObjectFactory; import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory; import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory; import org.bouncycastle.util.io.Streams; public class PGPHelper { public byte[] decrypt(String userId, String password, byte[] pgpEncryptedData) { try { PGPPrivateKey pgpPrivateKey = loadPrivateKey(privateKey.getInputStream(), userId, password.toCharArray()); PGPObjectFactory pgpFact = new BcPGPObjectFactory(pgpEncryptedData); PGPEncryptedDataList encList = (PGPEncryptedDataList) pgpFact.nextObject(); // find the matching public key encrypted data packet. PGPPublicKeyEncryptedData encData = null; for (PGPEncryptedData pgpEnc : encList) { PGPPublicKeyEncryptedData pkEnc = (PGPPublicKeyEncryptedData) pgpEnc; if (pkEnc.getKeyID() == pgpPrivateKey.getKeyID()) { encData = pkEnc; break; } } if (encData == null) { throw new IllegalStateException("matching encrypted data not found"); } // build decryptor factory PublicKeyDataDecryptorFactory dataDecryptorFactory = new BcPublicKeyDataDecryptorFactory(pgpPrivateKey); InputStream clear = encData.getDataStream(dataDecryptorFactory); byte[] literalData = Streams.readAll(clear); clear.close(); // check data decrypts okay if (encData.verify()) { // parse out literal data PGPObjectFactory litFact = new BcPGPObjectFactory(literalData); PGPLiteralData litData = (PGPLiteralData) litFact.nextObject(); return Streams.readAll(litData.getInputStream()); } throw new IllegalStateException("modification check failed"); } catch (Exception e) { throw new RuntimeException("fail to decrypt", e); } } view raw PGPDecrypt.java hosted with ❤ by GitHub BcPublicKeyDataDecryptorFactory (Bouncy Castle Library 1.64 API Specification) Post, Code and Quiet Time. © 2023 – Unsubscribe

How to do PGP encryption in Java?

In order to do PGP encryption, you need the PGP public key file. In this post I will tell how to encrypt data with PGP public key in Java. Dependencies Welcome to the home of the Legion of the Bouncy Castle. A fun place to stay, if you've got some time to kill. bouncycastle.orgHome of open source libraries of the Legion of the Bouncy Castle and their Java cryptography and C# cryptography resources https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70 The Bouncy Castle Cry

Post, Code and Quiet Time. How to do PGP encryption in Java? By Errong Leng – 22 Apr 2023 – View online → Photo by Allec Gomes / Unsplash In order to do PGP encryption, you need the PGP public key file. In this post I will tell how to encrypt data with PGP public key in Java. Dependencies Welcome to the home of the Legion of the Bouncy Castle. A fun place to stay, if you've got some time to kill. bouncycastle.org Home of open source libraries of the Legion of the Bouncy Castle and their Java cryptography and C# cryptography resources https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.70 The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up. https://mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15on/1.70 The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 and up. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs. Read PGPPublicKey from file Now we have The Bouncy Castle Java APIs, let's try to load the PGP public file into PGPPublicKey object. The main idea is iterator the keys in the ring collection and find the key isEncryptionKey. import java.io.FileInputStream; import java.io.IOException; import java.util.Iterator; import lombok.val; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPUtil; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator; public class PGPHelper { PGPPublicKey readPublicKey(String publicKeyFilePath) throws IOException, PGPException { val in = PGPUtil.getDecoderStream(new FileInputStream(publicKeyFilePath)); PGPPublicKeyRingCollection pgpPub = new PGPPublicKeyRingCollection(in, new BcKeyFingerprintCalculator()); PGPPublicKey key = null; Iterator rIt = pgpPub.getKeyRings(); while (key == null && rIt.hasNext()) { PGPPublicKeyRing kRing = (PGPPublicKeyRing) rIt.next(); Iterator kIt = kRing.getPublicKeys(); while (key == null && kIt.hasNext()) { PGPPublicKey k = (PGPPublicKey) kIt.next(); if (k.isEncryptionKey()) { key = k; } } } if (key == null) { throw new IllegalArgumentException("Can't find encryption key in key ring."); } return key; } } view raw PGPHelper.java hosted with ❤ by GitHub Encrypt Data import java.io.ByteArrayOutputStream; import java.io.FileInputStream; import java.io.IOException; import java.io.OutputStream; import java.util.Date; import java.util.Iterator; import lombok.val; import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags; import org.bouncycastle.openpgp.PGPEncryptedDataGenerator; import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPLiteralData; import org.bouncycastle.openpgp.PGPLiteralDataGenerator; import org.bouncycastle.openpgp.PGPUtil; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator; import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder; import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator; public class PGPHelper { public byte[] encrypt(byte[] data, PGPPublicKey pgpPublicKey) { try { PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator( new BcPGPDataEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256) .setWithIntegrityPacket(true)); encGen.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(pgpPublicKey)); ByteArrayOutputStream out = new ByteArrayOutputStream(); // create an indefinite length encrypted stream OutputStream cOut = encGen.open(out, new byte[4096]); // write out the literal data PGPLiteralDataGenerator lData = new PGPLiteralDataGenerator(); OutputStream pOut = lData.open( cOut, PGPLiteralData.BINARY, PGPLiteralData.CONSOLE, data.length, new Date()); pOut.write(data); pOut.close(); cOut.close(); return out.toByteArray(); } catch (Exception e) { throw new RuntimeException(e.getCause()); } } PGPPublicKey readPublicKey(String publicKeyFilePath) throws IOException, PGPException { val in = PGPUtil.getDecoderStream(new FileInputStream(publicKeyFilePath)); PGPPublicKeyRingCollection pgpPub = new PGPPublicKeyRingCollection(in, new BcKeyFingerprintCalculator()); PGPPublicKey key = null; Iterator rIt = pgpPub.getKeyRings(); while (key == null && rIt.hasNext()) { PGPPublicKeyRing kRing = (PGPPublicKeyRing) rIt.next(); Iterator kIt = kRing.getPublicKeys(); while (key == null && kIt.hasNext()) { PGPPublicKey k = (PGPPublicKey) kIt.next(); if (k.isEncryptionKey()) { key = k; } } } if (key == null) { throw new IllegalArgumentException("Can't find encryption key in key ring."); } return key; } } view raw PGPEncrypt.java hosted with ❤ by GitHub Key points: PGPEncryptedDataGenerator::addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(pgpPublicKey)); PGPLiteralDataGenerator::open That is it. Hope you find it helps. I will write another post for PGP decryption. Post, Code and Quiet Time. © 2023 – Unsubscribe