Wednesday, January 28, 2009

Java Cryptography

I had to do some investigation on text cryptography, so I decided to do a quick refreshment in the topic by putting together a short API (called Encryption) using Java, one of my favorite programming language. I compared my Encryption API output against another Encrypted API I developed in PHP. PHP is relevantly a new computer language but fast establishing itself in the software engineering world (see my blog on PHP Cryptography). Both Java and PHP did a great job at encrypting string and were very easy to develop. However, after only a few hours of researching between Java Cryptography Architecture and PHP Cryptography Architecture, I'm more comfortable with coding security module that will handle security messaging in Java than PHP. I have to also state that because I have done many years of Java programming and only have only a few months of PHP programming, I am bias toward Java. This topic will definitely be revisit again for quite sometime, so take this first blog with a grain of salt (no pun intended).

Source Code:

(see javadoc on Encryption at

* A class for illustrating MD5 and SHA encryption process and comparing encryption data
* @version 0.1 27 January 2009
* @author Jay Suttiruttana
* Compiler: J2SE v1.6.0.03
* Development Platform: Linux 32 bits Kernel / X86-64
* license: GNU LGPL
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.

import java.math.*;

public class Encryption{

public Encryption(){}

* Encrypt password in any of the following algorithms: MD2, MD5, or SHA-1
* @param password and algorithm
* @return encrypted password hash
* @throws none
public String encryptPassword(String _pwd, String _algorithm){
String encryptedPwd = null;

MessageDigest mdEnc = MessageDigest.getInstance(_algorithm);
mdEnc.update(_pwd.getBytes(), 0, _pwd.length());
encryptedPwd = new BigInteger(1, mdEnc.digest()).toString(16);
catch (Exception e){
return encryptedPwd;

* Validate password using any of the following algorithms: MD2, MD5, or SHA-1
* @param encrypted password hash, password, and algorithm
* @return encrypted password
* @throws none
public boolean validatePassword(String _encPwd, String _pwd, String _algorithm){
boolean validateFlag = false;

if (encryptPassword(_pwd, _algorithm).equals(_encPwd)){
validateFlag = true;

return validateFlag;

Source code: (for testing Encryption API)

class TestEncryption{

public static void main(String argv[]){
String password = null;
String algorithm = null;
String encryptedPassword = "98f6bcd4621d373cade4e832627b4f6"; //hash MD5 for string "test"
if (argv.length == 2){
password = argv[0];
algorithm = argv[1];
else {
System.out.println("Error: missing argument ");

Encryption enc = new Encryption();

//Illustrate MD5 password encryption
System.out.println("original password: "+password);
System.out.println("encrypt "+algorithm+"[pwd]: "+enc.encryptPassword(password, algorithm));

//checking system password
System.out.print("\nChecking system password:");
if (enc.validatePassword(encryptedPassword, password, algorithm)){
System.out.println("[access granted]");
System.out.println("[access denied]");

Example output:

% java TestEncryption test MD2
original password: test
encrypt MD2[pwd]: dd34716876364a02d0195e2fb9ae2d1b

Checking system password:[access denied]

% java TestEncryption test MD5
original password: test
encrypt MD5[pwd]: 98f6bcd4621d373cade4e832627b4f6

Checking system password:[access granted]

No comments:

Post a Comment