UMSL-CS5890- Encrypting XML File

	Encrypting XMLFile

public void encryptXmlFile() throws Exception { try { XmlEncryptor xmlEncryptor = new XmlEncryptor(); String fileToBeEncrypted = "C:\\Program Files\\Apache Group\\jakarta-tomcat-4.1.27\\webapps\\cs554project\\WEB-INF\\paymentfile.xml"; String encryptedFile = "C:\\Program Files\\Apache Group\\jakarta-tomcat-4.1.27\\webapps\\cs554project\\WEB-INF\\encryptedpaymentfile.xml"; String keyFile = "C:\\Program Files\\Apache Group\\jakarta-tomcat-4.1.27\\webapps\\cs5890project\\WEB-INF\\theKey"; xmlEncryptor.encryptXmlFile(fileToBeEncrypted,encryptedFile,keyFile); // XmlEncryptor is the class that does the encryption System.out.println("Xml File encrypted successfully"); } catch(Exception e) { e.printStackTrace(); throw e; } } package edu.umkc.cs554.project.common.utilclasses; import java.io.; import java.util.; import org.w3c.dom.; import javax.xml.parsers.; import org.apache.crimson.tree.XmlDocument; import java.security.; import javax.crypto.; // From jce1_2_2.jar , All classes used here are implemented in this package public class XmlEncryptor { public void encryptXmlFile(String fileToBeEncrypted,String encryptedFile,String keyFile) { try{ // Testing the provider for TripleDES encryption support. try { Cipher testCipher = Cipher.getInstance("DESede"); }//try catch(Exception e) { // JCE provider not installed on this system. // Installing the JCE provider. System.err.println("INSTALLING PROVIDER: SunJCE"); Provider sunjceprov = new com.sun.crypto.provider.SunJCE(); Security.addProvider(sunjceprov); System.err.println("PROVIDER INSTALLED... CONTINUING"); }//catch //****BEGINNING OF Encryption PROCESSING ** // Reading the source file from disk. System.out.println("fileToBeEncrypted"+fileToBeEncrypted); FileInputStream fis = new FileInputStream(fileToBeEncrypted); byte [] aFile = new byte [fis.available()]; fis.read(aFile); // The source file is converted into a String. String aFileString = new String(aFile); // The XML Encrypted file string String aEncString = null; // The encryption key Key theKey = null; // Generating the key for encryption KeyGenerator KG = KeyGenerator.getInstance("DESede"); theKey = KG.generateKey(); // Creating a new XmlEncryption Object for encryption: XmlEncryption aXmlEnc = new XmlEncryption(); // Setting the clear Document Object aXmlEnc.setClearDoc(aFileString); // Setting the encryption key aXmlEnc.setEncKey(theKey); // Setting the required algorithm aXmlEnc.setAlgoName("DESede"); // Setting the name of the encryption key aXmlEnc.setKeyName("theKey"); // Setting the EncryptedData tag ID aXmlEnc.setEncId("Test"); // XML Encryption of the complete XML file aEncString = aXmlEnc.encryptCompleteXmlFile(); System.out.println("Xml file encrypted successfully"); // Writing the XML Encrypted file to disk try { byte[] aToFile = aEncString.getBytes(); FileOutputStream aFOS = new FileOutputStream(encryptedFile); aFOS.write(aToFile); aFOS.close(); } catch(Exception e) { System.out.println("Unable to create the encrypted file"); e.printStackTrace(); } //Writing the encryption key to a file on disk try { FileOutputStream keyFOS = new FileOutputStream(keyFile); keyFOS.write(theKey.getEncoded()); keyFOS.close(); System.out.println("Key file created successfully"); } catch(Exception e) { System.out.println("Unable to save the encryption key."); e.printStackTrace(); } //**END OF Encryption PROCESSING ** }//try catch(Exception e) { System.out.println("Unable to read the input XML file."); e.printStackTrace(); }//catch }// }// End class XmlEncryptor Symmetric Key vs Asymmetric Key Asymmetric encryption is where encryption and decryption use different keys. Symmetric Key is where the same key is used to encrypt and decrypt the data. Because both parties have the same key, the decryption essentially is performed by reversing some part of the encryption process. Symmetric key algorithms tend to be be much faster than asymmetric key algorithms. With Symmetric Keys the size of the text that can be encrypted depends on the size of the product of the two primes used to generate the public and private keys. With symmetric key algorithms you do not have a limitation on the total size of what can be encrypted. A problem with symmetric keys is that keys must be shared among parties involved in encryption or decryption. So there is the danger of interception or unauthorized sharing. <?xml version="1.0" encoding="UTF-8"?> <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="Test" Type="http://www.isi.edu/in-notes/iana/assignments/media-types/text/xml"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <KeyName>theKey</KeyName> </ds:KeyInfo> <CipherData> <CipherValue>W/HrN6WyPC7ieE41K9UVOPTD1Y0lX8/62zuxp1Z+dTekAoa+6HG6A9BxSyUABOKY cbxEx35BOrRu1J0P8EGe7mpoNWTufilvz4PkN8cI5DtnWvhamix6Dseju1au0izD qVViSPjRrDTmMUM+hItji/O5vQMHDZ4nVulrras8NlrDaTbBzq6ZMP0lpzHjFia+ ij+Xj06+N7ojM6qDpFqEGz43PqG61XGzD4jSp3l3M5y4qggZ/R7XVB0D30iktggm IFC3HwEp9PaKhdEZlvbOlRODN8sLXU+hOGIRKgFjSSZkgINwb9hyEG3ZNzvgyL2A e0ZQerfPMKwo6sGXPP+cNuqM5Ilp/fsHlN1fF2LtGk7Qyq60U9WPYk8OQtZVy37R AkxmVXG/ctXwwiavo5HdSd8EMcxTI/GwLXyyfqD16Jd4Z+8dWNU8kHtCtnqJZKcN o7re+PwzZiCqrVHzFFknc1wW0uydItc3UyVylFPWzr1OJPi40fMyx3lUlmhFxviZ GsBMuEB++hCul4ksDrjaM+iVxbrYcuJ5Ibw+3tfyVUp2ihfi130s8jYhq3vhvDuk rk6kb/a5pJ71+0RkLBboFIPQDCkMPBGG/gaMWl0TXle4v7Rfp4fvx8JFAscI13bz KMkcR73XBoNGLX190rEBT3V8vUtcKDU0TfmJB7GBUgX4lO4ltAwBTjUVmxxFHahj 3KuzFy1MLvXSmVRVx6R9TWwoqe6tOETw7BxsRMAhisAiQFeudOiFisel7ue3fTcP Qhh+j9IDvTmfgix0K6yf/Q7Yz/6MPJD4I1aMPuHslBC1uMoIBhlvwCsaTLCYRbgM 3WuXZ15iE+o4toEgGravnPbFs080bUlkVDLFv3i6Eb56jkx5RlVILhXtajkNwPaf JW/Ex2Px9+tObfK20N0Rb++a6lcXvWRBcYN3i8N7ON8vKp7hhZeDIpIvfQ7afOJN O4GQaNpSJyTooCtr5fehjOGPCv3aH890Nvk0LfVxGA4TfhldezusIW3AHBSi45Vg xXMNguYshVpVOa3fUxyyVkA/UTge9HJQXixEdFTBAm4JSR33DrBlwg==</CipherValue> </CipherData> </EncryptedData> References : http://www-106.ibm.com/developerworks/library/x-encrypt2/ http://java.sun.com/developer/JDCTechTips/2004/tt0116.html**