|
|
|
Author: Craig Stancl |
Revision History
Version |
Date |
Description of ChangesĀ |
Author |
|---|---|---|---|
1.0 |
5/14/10 |
Initial Version Approved via Design Review |
Team |
Encryption is the process of taking data (called cleartext) and a short string (a key), and producing data (ciphertext) meaningless to a third-party who does not know the key. Decryption is the inverse process: that of taking ciphertext and a short key string, and producing cleartext.
LexGrid utilizes the java security API for encryption and decryption of the database passwords. The Security API is a core API of the Java programming language, built around the java.security package (and its subpackages). This API is designed to allow developers to incorporate both low-level and high-level security functionality into their programs.
The Java Cryptography Architecture encompasses the parts of the Java 2 SDK Security API related to cryptography, as well as a set of conventions and specifications provided in this document. It includes a "provider"architecture that allows for multiple and interoperable cryptography implementations.
Cipher cipher = Cipher._getInstance_("PBEWithMD5AndDES");
|
"PBEWithMD5AndDES" is the widely used algorithm used for the encryption process. Other available algorithms are "PBEWithHmacSHA1AndDESede", "AES", "Blowfish", "DES", "DESede" etc.
cipher.init(<MODE>, _<KEY>_, <_PBEParameterSpec_>); |
A Cipher object obtained via getInstance must be initialized for one of four modes, which are defined as final integer constants in the Cipher class. The modes can be referenced by their symbolic names, which are shown below along with a description of the purpose of each mode:
cipherBytes = cipher.doFinal(<text to encrypt/decrypt>);
Passwords in LexEVS are encrypted /decrypted in one step (single-part operation) by passing the text to encrypt/decrypt as a parameter.
Following are the steps to encrypt the password of LexEVS database.