Thread: Simple string encrypt and decrypt

Hi

I am wanting to encrypt a string which contains a password, the encrypted string will be saved within an external .txt file so it would be best for it to be encrypted.

Has anyone used something similar?

The encryption does not have to be really complex but enough to through a user off if they look at the text.

I would be looking for the simplest solution as possible and dont want to be writing complex classes to handle the encryption and decryption of a single string.


I was thinking about using a 'Shift' encryption which basically moves the letter along the alphabet by a defined amount, e.g. the letter 'A' with a shift of 6 would equal a 'G'. But this may be too simple?


Thanks

How critical is the data being protected by the password? If there is a password, it must be important.

For important data, the simple Caesar Cipher you describe is not good enough. There are many "simple" ciphers, but all can be broken, some more easily than others. Review the Cipher class and work a few tutorials. I started with this one, but there are others.

Hi Greg

Thanks for the info, the data is not really critical, the password is for the database in which it is held so really it should have half decent encryption applied to the password.

I looked at the tutorial you posted and looks like it would do all that I require, however how would this work as I am guessing I would need to store the 'secret key' as well as the encrypted text so I could decrypt the text. the 'secret key' seems to be a SecretKey object so how would I store the secret key?

Key Management/Key Storage is (IMO) the harder topic, but start simple and get more complicated as the security requirements dictate and as you get smarter. By starting simple, I mean store the key locally or in your code "hidden" as best you can. No, this isn't ideal or the approach you'd deploy widely - in fact, it's more of a backdoor - but it's a starting point. In the meantime, study the options for key management and storage and determine what will work best for your app and its intended use/environment.

I'm writing an app for which I'll have to solve this problem, and I haven't figured it out yet. It's seems the mobile environments, like Android, must have a reasonable approach, but I haven't learned them yet. The various Linux desktop environments use a local key/password manager that is locked (and I assume encrypted), requiring the user to enter a single password (the master key?) to unlock and decrypt. Once opened, the manager then provides the necessary passwords/keys to all applications that know how to use it and have permission to do so.

If you come across some great solutions in your study, let me know.