quasi random (kaolinfire) wrote,
quasi random

security -- hip deep in *something*

so............ damn. Spent the last two or so hours hip deep in java security stuff, basically. I'm all OVER both java.security and javax.crypto. what I can't find is a encoding that does public/private key. It took me a long time to figure that out, so far as I can tell.

Cipher implementations available include:
'DESede' 'DES' 'TripleDES' 'PBEWithMD5AndDES' 'PBEWithMD5AndTripleDES' 'Blowfish'

Keypair implementations available include:
'DiffieHellman' 'RSA' 'DSA' '' 'OID.1.2.840.10040.4.1' 'DH' '1.2.840.10040.4.1'

I *have* found an example that uses a DH keypair exchange to then generate a shared DES secret key which can then be used to both encrypt and decrypt.

is this overkill?? the main concern is I use a lot of "defaults" in all of this, and it's mostly stuff I don't understand the internal mechanisms of. And ostensibly HALF of this would be done in the java I "just learned" and half would be done in c/c++ that I have yet to learn but am fairly confident can handle anything java has. however, I have no guarantees that the defaults of the c/c++ libraries would agree with the java defaults. I wasn't too worried with just a "simple"??? private/public generation, send public, encode message with public, send encoded message, decode with private... all I want is to validate one password and I don't give a DAMN if the rest of the conversation is broadcast on times square!



seriously, I'm about to just send the sucker in plain text and to hell with the alamo!

maybe I should sleep on that thought. Or work on some part that doesn't require anything fancy. or... yeah. I can work on it and hope the security fills itself in at some later date. productive good.

(Ideally, RSA would show up among the Ciphers and just make life happy and dandy... maybe it's in the newer crypto stuff released with jdk14?? guh. hmm.)

  • feedback loops

    Ah, feedback loops. I was kind of out of sorts, yesterday, and for some reason had a lot of diet coke (to try to feel better, though I "knew" it…

  • What would I say?

    What would I say, if I were here? It's 2014, almost 2015—though on and off this year, I've been sure it was 2015. Something about that number. Next…

  • a list of games....

    A friend recently asked for a list of all the games I have available. And I'd made most of this list up a week ago, for someone else, and figured,…

  • Post a new comment


    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.