quasi random (kaolinfire) wrote,
quasi random
kaolinfire

security -- hip deep in *something*

so............ damn. Spent the last two or so hours hip deep in java security stuff, basically. I'm all OVER both java.security and javax.crypto. what I can't find is a encoding that does public/private key. It took me a long time to figure that out, so far as I can tell.

Cipher implementations available include:
'DESede' 'DES' 'TripleDES' 'PBEWithMD5AndDES' 'PBEWithMD5AndTripleDES' 'Blowfish'

Keypair implementations available include:
'DiffieHellman' 'RSA' 'DSA' '1.3.14.3.2.12' 'OID.1.2.840.10040.4.1' 'DH' '1.2.840.10040.4.1'

I *have* found an example that uses a DH keypair exchange to then generate a shared DES secret key which can then be used to both encrypt and decrypt.

is this overkill?? the main concern is I use a lot of "defaults" in all of this, and it's mostly stuff I don't understand the internal mechanisms of. And ostensibly HALF of this would be done in the java I "just learned" and half would be done in c/c++ that I have yet to learn but am fairly confident can handle anything java has. however, I have no guarantees that the defaults of the c/c++ libraries would agree with the java defaults. I wasn't too worried with just a "simple"??? private/public generation, send public, encode message with public, send encoded message, decode with private... all I want is to validate one password and I don't give a DAMN if the rest of the conversation is broadcast on times square!

...

eep?

seriously, I'm about to just send the sucker in plain text and to hell with the alamo!

maybe I should sleep on that thought. Or work on some part that doesn't require anything fancy. or... yeah. I can work on it and hope the security fills itself in at some later date. productive good.

(Ideally, RSA would show up among the Ciphers and just make life happy and dandy... maybe it's in the newer crypto stuff released with jdk14?? guh. hmm.)
Subscribe

  • who wants to write this?

    "A wakeup call for budding sociopaths" or "bitter red pills for the resistant"— Okay, start here if you haven't: RT @ evilrooster: Theory:…

  • A year of poetry and fiction....

    It doesn't feel like much (I haven't been writing, mostly), and I've not been submitting like I need to, but somehow I managed to succeed…

  • a day in the life of lives...

    I know this isn't Facebook, so I shouldn't post a link and run. So, umm. The link: Michael Lewis profiles Barack Obama. It's a day-in-the-life, but…

  • Post a new comment

    Error

    default userpic

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 3 comments