Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
Posts: 108
Registered: ‎01-29-2009
My Device: BlackBerry 8700g
My Carrier: Tigo

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

Hi, Bro.

 

Yes i am using https connection. But, this is a level of security implement for my manager.

 

Any suggestions?

 

Thanks

 

Jorge Luis Frias B

Leader on Development
BlackBerry/iPhone Technologies
New Developer
Posts: 4
Registered: ‎11-03-2009
My Device: Not Specified

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

Hi, Is this issue solved? I'm facing the same problem.

Encrypt string in BB and decrypt it on .NET C# webservice.

 

My best regards,

 

Filipe Dias

Developer
Posts: 108
Registered: ‎01-29-2009
My Device: BlackBerry 8700g
My Carrier: Tigo

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

Hi my Friend, Bad news, I am not solved this issue any suggestion. Jorge Luis
Jorge Luis Frias B

Leader on Development
BlackBerry/iPhone Technologies
Developer
Posts: 19,636
Registered: ‎07-14-2008
My Device: Not Specified

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

I really don't understand what the problem is here.

 

Take the password, encrypt it on the BlackBerry, Base64 encode, send to your Server, Server base 64 decodes, then decrypts.  Job done.

 

As noted in one of my previous posts, the biggest issue is making sure that the encryption on both sides is the same.  So you are best writing encryption and decryption routines at both ends and making sure they both encrypt and decrypt the same password in the same way.

 

Also as noted MD5 is not an encryption algorithm.  You want something like DES or AES.  However if you use one of the symmetric encryption algorithms, you are going to have to have some key management, so perhaps you are better using some public key encryption.

 

So can you explain again what the problem is?

Developer
Posts: 108
Registered: ‎01-29-2009
My Device: BlackBerry 8700g
My Carrier: Tigo

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

Hi Peter and Team

I have the following  issue,

- I have an application development on JDE.
- This application not run by BES Server, run over differents carrier provider around the world with diffrents server BIS o BES, in five continents.
- This application send a url with a querystring with diferents values.
- The querystring is process by a web services development on C# ASP.NET.
- The web services valid the information and make diferents actions on BD of my company.
- The politic of security implement by my company define that the password should be encrypted betwen two points (BlackBerrys with app to web services, independent of technologies).


So, this is a concept of solution:

Take the password, encrypt it on the BlackBerry, Base64 encode, send to your Server, Server base 64 decodes, then decrypts.  Job done.

 

 - I have used the following code for implement:

/**
 * CryptoDemo.java
 * A simple crypto example
 *
 * Copyright © 1998-2008 Research In Motion Ltd.
 *
 * Note: For the sake of simplicity, this sample application may not leverage
 * resource bundles and resource strings.  However, it is STRONGLY recommended
 * that application developers make use of the localization features available
 * within the BlackBerry development platform to ensure a seamless application
 * experience across a variety of languages and geographies.  For more information
 * on localizing your application, please refer to the BlackBerry Java Development
 * Environment Development Guide associated with this release.
 */

package com.rim.samples.device.cryptodemo;

import java.io.*;
import net.rim.device.api.crypto.*;
import net.rim.device.api.util.*;
import net.rim.device.api.ui.*;
import net.rim.device.api.ui.component.*;
import net.rim.device.api.ui.container.*;

/**
 * This class provides demonstrates basic functionality of the crypto library with
 * a very basic compilation of cypto code.  For more information on how to write
 * crypto code please see the javadocs and check out our tutorial in the Developers
 * Knowledge Base. The javadocs contain additional sample code to assist you.
 */
class CryptoDemo extends UiApplication
{
   
    private RichTextField _status;

    /**
     * Entry point for Application.
     */
    public static void main( String[] args )
    {
        CryptoDemo theApp = new CryptoDemo();
        theApp.enterEventDispatcher();
    }

    /**
     * Constructor
     */
    private CryptoDemo()
    {
        MainScreen screen = new MainScreen();
        screen.setTitle(new LabelField("Crypto Demo", LabelField.ELLIPSIS | LabelField.USE_ALL_WIDTH));

        _status = new RichTextField("Select 'Go' from the menu to perform the test.");
        screen.add(_status);
       
        // Add the menu item.
        screen.addMenuItem(new MenuItem("Go" , 100, 10)
        {
            public void run()
            {
                go();
            }
        });

        pushScreen(screen);
    }

    /**
     * <p> The test method containing the sample code.
     * <p> We want to create a sample that will encrypt and decrypt
     * test data to demonstrate how a simple crypto example can be
     * implemented.
     */
    private void go()
    {
        try
        {
            // We are going to use TripleDES as the algorithm for encrypting and decrypting
            // the data. It is a very common algorithm and was chosen for this reason.

            // Here is the data that we are going to encrypt.
            String message = "jorge";

            byte[] ba = "70789198PABLOHERBASCAMPOS".getBytes();
                       
            // Create a new random TripleDESKey.
            TripleDESKey key = new TripleDESKey(ba);
             
                      
            // Create the encryption engine for encrypting the data.
            TripleDESEncryptorEngine encryptionEngine = new TripleDESEncryptorEngine( key );

            // Due to the fact that in most cases the data that we are going to encrypt will
            // not fit perfectly into the block length of a cipher, we want to use a padding
            // algorithm to pad out the last block (if necessary). We are going to use PKCS5
            // to do the padding for us.
            PKCS5FormatterEngine formatterEngine = new PKCS5FormatterEngine( encryptionEngine );

            // Use the byte array output stream to catch the encrypted information.
            ByteArrayOutputStream outputStream = new ByteArrayOutputStream();

            // Create a block encryptor which will help us use the triple des engine.
            BlockEncryptor encryptor = new BlockEncryptor( formatterEngine, outputStream );

            // Encrypt the actual data.
            encryptor.write( message.getBytes() );

            // Close the stream. This forces the extra bytes to be padded out if there were
            // not enough bytes to fill all of the blocks.
            encryptor.close();

            // Get the actual encrypted data.
            byte[] encryptedData = outputStream.toByteArray();

            // End of Encryption.
            //-----------------------------------------------------------------------------------------------
            // Beginning of Decryption.

            // We are now going to perform the decryption.  We want to ensure that the
            // message we get back is same as the original. Note that since this is a
            // symmetric algorithm we want to use the same key as before.
            TripleDESDecryptorEngine decryptorEngine = new TripleDESDecryptorEngine( key );

            // Create the unformatter engine that will remove any of the padding bytes.
            PKCS5UnformatterEngine unformatterEngine = new PKCS5UnformatterEngine( decryptorEngine );

            // Set up an input stream to hand the encrypted data to the block decryptor.
            ByteArrayInputStream inputStream = new ByteArrayInputStream( encryptedData );

            // Create the block decryptor passing in the unformatter engine and the
            // encrypted data.
            BlockDecryptor decryptor = new BlockDecryptor( unformatterEngine, inputStream );

            // Now we want to read from the stream. We are going to read the data 10 bytes
            // at a time and then add that new data to the decryptedData array.  It is
            // important to note that for efficiency one would most likely want to use a
            // larger value than 10.  We use a small value so that we can demonstrate
            // several iterations through the loop.
            byte[] temp = new byte[10];
            DataBuffer db = new DataBuffer();
           
            for( ;; )
            {
                int bytesRead = decryptor.read( temp );
               
                if( bytesRead <= 0 )
                {
                    // We have run out of information to read, bail out of loop.
                    break;
                }
               
                db.write(temp, 0, bytesRead);
            }

            // Now we want to ensure that the decrypted data is the same as the data we
            // passed into the encryptor.
            byte[] decryptedData = db.toArray();
           
            if( Arrays.equals( message.getBytes(), decryptedData ) )
            {
                // They are the same.
                _status.setText("Test Passed.  The message is identical. \n\n Text: " + message + "\n\n Text Encrypt: " + message.getBytes());
               
            }
            else
            {
                // They differ.
                _status.setText("Test Failed.  The messages are different. ");
            }
        }
        catch( CryptoTokenException e )
        {
            System.out.println(e.toString());
        }
        catch (CryptoUnsupportedOperationException e)
        {
            System.out.println(e.toString());
        }
        catch( IOException e )
        {
            System.out.println(e.toString());
        }
   }
}

 

 

I have define the value of KEY static:

 

 

 

// Here is the data that we are going to encrypt.
   String message = "jorge";

   byte[] ba = "70789198PABLOHERBASCAMPOS".getBytes();
                       
// Create a new random TripleDESKey.

   TripleDESKey key = new TripleDESKey(ba);
             
// Create the encryption engine for encrypting the data.

   TripleDESEncryptorEngine encryptionEngine = new TripleDESEncryptorEngine( key );

 

 

When this app run and the code with KEY static show diferents values:

 

 

I have implement the same KEY value on C# ASP.NET and i have an result static, when i run the decryp method all time show the same result.

 

Any ideas, any sugestions, do you understand my problem?

 

 

Thanks for your comments.

 

Jorge Luis

Jorge Luis Frias B

Leader on Development
BlackBerry/iPhone Technologies
Developer
Posts: 19,636
Registered: ‎07-14-2008
My Device: Not Specified

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

I don't fully understand your problem, but I'm guessing that you don't understand encryption.  I don't either, so this is not a problem!  But I think I understand enough to get it going.

 

Anyway you are trying to use a symmetric encryption method.  The two most famous of these I think are DES and AES..  You seem to be using DES because that is what the sample used.  I would use AES, as it is more efficient.  But that is not important, both ends just have to use the same algorithm. 

 

With this sort of encryption, you use 3 things:

a) a key - that both parties know

b) an Initialization Vector, that both parties know

c) The plain text, that one party encrypts to create cipher text and the other party decrypts to recreate the plain text.

 

So your code in ASP and your code on the BlackBerry have to agree on the key and the initialization vector.  If these don't match, then the whole process falls apart.  They also have to agree on some other parameters of the encryption processing, the Mode and the Padding used. 

 

In your code you have this:

TripleDESKey key = new TripleDESKey(ba);

 

You don't want this.  You want to supply your algorithm with a key that you know, not a random one. 

 

So recode your BlackBerry code and your ASP code and make sure they are both using the same key and initialization Vector.  This is not a trivial exercise, you can problems with people coding

key = "ABCDEFGHIJKLM".getBytes();

and then encoding method on the conversion of the String to bytes being different at both ends (one ASCII, one EBCDIC say).  So specify what ever you can in as low level as you can. 

 

Make sure they are using the same Mode and Padding too. 

 

The above is a pretty rubbish explanation.  There are loads of good explanations of this process on the Internet.  Have a look. 

 

Highlighted
New Contributor
Posts: 9
Registered: ‎04-27-2010
My Device: any model
My Carrier: mobile app

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

I am also facing same problem.

 

I want to encrypt the user and pwd in blackberry elipse plugin and decrypt the data asp.net with c#.

 

Can anybody help us???????

New Contributor
Posts: 9
Registered: ‎04-27-2010
My Device: any model
My Carrier: mobile app

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

Hi ,

 

It is very basic but till now no one anwserd.

 

I also need to encrypt user and pwd in blackberry eclipse plugin and decrypt it into asp.net with c#.

 

 

Developer
Posts: 19,636
Registered: ‎07-14-2008
My Device: Not Specified

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

There are three steps involved here

 

a) Encrypting the data

b) Sending the data to the Server

c) Decrypting the data on the Server

 

We are not c# programmers here (though I'm sure there are some c# skills around but that is not the point of this forum!), so we can really only help with the first two steps.  Which of these steps is causing you a problem?

 

Developer
Posts: 108
Registered: ‎01-29-2009
My Device: BlackBerry 8700g
My Carrier: Tigo

Re: Encrypt password on BB JDE 4.6.1 - Decrypt password on ASP.NET - C#

Hi Peter,

 

i undertand the steps, but i cannot implemnt these. Because, i have used the code posted in the past commnets and the values generated on blackberry application every time that is run, the sresult is different.

 

By example if you use these values "abcdef...0123..." and Key =[jlf3256389] for generete the password encrypted on blackberry application, the result values is different every time and if i use the same values on my web application for decrypt the password. the result never is same.

 

You can understand my issue.

 

Could you send for my a sample concret about this issue?

 

Thanks

Jorge

 

 

 

 

Jorge Luis Frias B

Leader on Development
BlackBerry/iPhone Technologies