Encrypt GET parameters

07 Nov 2012 by in J2EE, J2EEVideo 0 Comments Tags: , , , , , , , , , , ,

Today we are going to show you how to encrypt GET parameters. HTTP GET parameter value is going to be encrypted and decrypted using javax.crypto package. This way you will be able to easily send sensitive data in your URLs.
Here is our solution

CipherHelper

package com.itcuties.samples;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

public class CipherHelper {

	// Algorithm used
	private final static String ALGORITHM = "DES";
	
	/**
	 * Encrypt data
	 * @param secretKey	-	a secret key used for encryption
	 * @param data		-	data to encrypt
	 * @return	Encrypted data
	 * @throws Exception
	 */
	public static String cipher(String secretKey, String data) throws Exception {
		// Key has to be of length 8
		if (secretKey == null || secretKey.length() != 8)
			throw new Exception("Invalid key length - 8 bytes key needed!");
		
		SecretKey key = new SecretKeySpec(secretKey.getBytes(), ALGORITHM);
		Cipher cipher = Cipher.getInstance(ALGORITHM);
		cipher.init(Cipher.ENCRYPT_MODE, key);
		
		return toHex(cipher.doFinal(data.getBytes()));
	}
	
	/**
	 * Decrypt data
	 * @param secretKey -	a secret key used for decryption
	 * @param data		-	data to decrypt
	 * @return	Decrypted data
	 * @throws Exception
	 */
	public static String decipher(String secretKey, String data) throws Exception {
		// Key has to be of length 8
		if (secretKey == null || secretKey.length() != 8)
			throw new Exception("Invalid key length - 8 bytes key needed!");
		
		SecretKey key = new SecretKeySpec(secretKey.getBytes(), ALGORITHM);
		Cipher cipher = Cipher.getInstance(ALGORITHM);
		cipher.init(Cipher.DECRYPT_MODE, key);
		
		return new String(cipher.doFinal(toByte(data)));
	}
	
	// Helper methods
	
	private static byte[] toByte(String hexString) {
        int len = hexString.length()/2;
        
        byte[] result = new byte[len];
        
        for (int i = 0; i < len; i++)
        	result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue();
        return result;
	}

	public static String toHex(byte[] stringBytes) {
		StringBuffer result = new StringBuffer(2*stringBytes.length);
        
        for (int i = 0; i < stringBytes.length; i++) {
        	result.append(HEX.charAt((stringBytes[i]>>4)&0x0f)).append(HEX.charAt(stringBytes[i]&0x0f));
        }
        
        return result.toString();
	}
	
	private final static String HEX = "0123456789ABCDEF";

	// Helper methods - end
	
	/**
	 * Quick test
	 * @param args
	 */
	public static void main(String[] args) {
		try {
			String data 		= "Secret data string. The password is 'secret'";
			String secretKey  	= "01234567";
			
			String encryptedData = cipher(secretKey, data);
		
			System.out.println("encryptedData: " + encryptedData);
			
			String decryptedData = decipher(secretKey, encryptedData);
			
			System.out.println("decryptedData: " + decryptedData);
		
		} catch (Exception e) {
			e.printStackTrace();
		}
	}
	
}

We are using DES algorithm to encrypt/decrypt data. The key has to be 8 bytes long, so the string representation of the key has to be of size 8.
Important thing is that our cipher method returns a HEX representation of the encrypted data so that it can be easily used as a HTTP GET parameter value.

Here is the usage. A string value is being encoded on the cipher-data.jsp page. This encoded string value is used as a HTTP GET parameter value – a link to decipher-data.jsp. When user clicks the link he is taken to the decipher-data.jsp page. On this page data is being decoded.

Encrypt HTTP GET Parameter values

Encrypt HTTP GET Parameter values

cipher-data.jsp

<html>
<body>
<h2>Cipher Data</h2>
	Sending 'data1' : <a href='decipher-data.jsp?param=<%=com.itcuties.samples.CipherHelper.cipher("01234567","data1")%>'>...decipher-data.jsp?param=data1(encrypted)</a><br/>
	Sending 'data2' : <a href='decipher-data.jsp?param=<%=com.itcuties.samples.CipherHelper.cipher("01234567","data2")%>'>...decipher-data.jsp?param=data2(encrypted)</a><br/>
	Sending 'data3' : <a href='decipher-data.jsp?param=<%=com.itcuties.samples.CipherHelper.cipher("01234567","data3")%>'>...decipher-data.jsp?param=data3(encrypted)</a><br/>
	<br/>
</body>
</html>

On this page data is being encrypted and sent to decipher-data.jsp page.

decipher-data.jsp

<html>
<body>
<h2>DeCipher Data</h2>

<%
	// Read parameter
	String param = request.getParameter("param");
%>

received encryptedData: <%=param%><br/>
decrypted data is: <%=com.itcuties.samples.CipherHelper.decipher("01234567",param)%><br/>
<br/>
<br/>
<a href='cipher-data.jsp'>back</a>

</body>
</html>

This page decodes HTTP GET parameter value.

Download this sample code here.

This code is available on our GitHub repository as well.

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

CAPTCHA Image

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Follow us

Bookstore

   

Like our blog?

© Copyright - Programmer's lounge