Encrypting passwords in web application

Asked

Viewed 261 times

0

I am developing a web application in play framework 1.4 and implemented the critptography of passwords using CRYPTO, but it is not encrypting and consequently decrypting, where I am wrong?

In the Employees class, when registering a new user the encryption method has been implemented.

@With(Seguranca.class)
public class Funcionarios extends Controller {

final static String chave = "0123456789abcdef";
private static final String ALGORITMO = "AES";
private static byte[] mensagemEncriptada;
private static byte[] mensagemDescriptada;
private static SecretKey key;

public static void formFuncionarios() {
    render();
}

public static void salvarFuncionarios(@Valid Funcionario funcionario, String senha) throws Exception {

    if (validation.hasErrors() || !funcionario.senha.equals(senha)) {
        params.flash();
        validation.keep();
        formFuncionarios();
    }
    String mensagem = "Cadastro realizado com sucesso!";
    flash.success(mensagem);
    funcionario.senha = criptografar(senha);
    System.out.println(senha);
    funcionario.save();
    listagemFuncionarios(null);
}

 public static String criptografar(String mensagem) throws Exception {

    key = new SecretKeySpec(chave.getBytes(), "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, key);

    mensagemEncriptada = cipher.doFinal(mensagem.getBytes());

    return StringUtils.trim(Base64.encodeBase64String(mensagemEncriptada));
}
}

and in my Model work in the authenticate method where it is verified if the user is logged in he decrypts the encrypted password.

package models;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;

import play.data.validation.MinSize;
import play.data.validation.Required;
import play.db.jpa.Model;
import sun.util.calendar.BaseCalendar.Date;

@Entity
public class Funcionario extends Model {

final static String chave = "0123456789abcdef";
private static final String ALGORITMO = "AES";
private static byte[] mensagemEncriptada;
private static byte[] mensagemDescriptada;
private static SecretKey key;

public String nome;

public String funcao;

public String nivelAcesso;

public String login;
@MinSize(4)
public String senha;

public String email;


@Enumerated(EnumType.STRING)
public Status status;

public Funcionario() {
    status = Status.ATIVO;
}

public boolean autenticar() throws Exception {
    Funcionario u = Funcionario.find("login = ? and senha = ?", login, descriptografar(senha)).first();

    if (u == null) {
        return false;
    } else {
        return true;
    }
}


public static String descriptografar(String mensagem) throws Exception {

    key = new SecretKeySpec(chave.getBytes(), "AES");
    Cipher cipher = Cipher.getInstance("AES");
    cipher.init(Cipher.ENCRYPT_MODE, key);
    mensagemDescriptada = cipher.doFinal(mensagem.getBytes());

    return StringUtils.trim(Base64.encodeBase64String(mensagemDescriptada));
}
}
java web-application cryptography play-framework

1 answer

1


Try switching in decryption method():

cipher.init(Cipher.ENCRYPT_MODE, key);

For: 

cipher.init(Cipher.DECRYPT_MODE, Key);

Browser other questions tagged java web-application cryptography play-framework

You are not signed in. Login or sign up in order to post.