Thursday, 14 August 2008

Google Keyczar - a Java encryption/decryption example

Google Keyczar is a new Google toolkit for data encryption. We saw in a previous post how to create the private and public key files for RSA encryption.

Let's now see how to use them by integrating the Keyczar library in a Java project.
It's actually extremely simple.

First, let's see the code from Bob's perspective. Bob encrypts the data using a public key which Alice has given him (and maybe other people). To do this we will use a class called BobsApp which will specifically handle encryption using the public key folder (you'll want to check its location: it should be rsakeys\publickeys\ and the rsakeys folder should be located at the same level as the BobsApp class file).


package keyczartest;

import org.keyczar.Encrypter;
import org.keyczar.exceptions.KeyczarException;

public class BobsApp
{
private Encrypter encrypter; // used to crypt

public BobsApp() throws KeyczarException
{
String publickey=this.getClass().getResource("rsakeys/publickeys").
getFile();
this.encrypter=new Encrypter(publickey);
}

public String process(String data) throws KeyczarException
{
if (data==null) return null;
return this.encrypter.encrypt(data);
}
}


Now, let's do the same thing from Alice's perspective. She will receive Bob's (and maybe other people's) encrypted messages, but she alone can decrypt them using her private key. (You'll want to check the private key folder location: it should be rsakeys and the rsakeys folder should be located at the same level as the BobsApp and AlicesApp class files).

This is the Java utility class which specifically handles decryption:

package keyczartest;

import org.keyczar.Crypter;
import org.keyczar.exceptions.KeyczarException;

public class AlicesApp
{

private Crypter crypter; // used to decrypt

public AlicesApp() throws KeyczarException
{
String privatekey=this.getClass().getResource("rsakeys").
getFile();
this.crypter=new Crypter(privatekey);
}

public String process(String data) throws KeyczarException
{
if (data==null) return null;
return this.crypter.decrypt(data);
}
}


Now, let's create our main method which we can use to run the project:

import keyczartest.AlicesApp;
import keyczartest.BobsApp;

public class Keyczarette
{
public static void main(String[] args)
{
try
{
String secretText="For Alice's eyes only. Signed: Bob";
String bobsMessage=new BobsApp().process(secretText);
System.out.println("Bob sends: " + bobsMessage);
AlicesApp app=new AlicesApp();
String alicesMessage=new AlicesApp().process(bobsMessage);
System.out.println("What Alice reads: " + alicesMessage);
}
catch (Exception e)
{
e.printStackTrace();
}
}
}


Just one last note, if you get a message like "incorrect class version, 50 should be 49" or something along those lines, it means you are not running the correct version of java (i.e. the KeyCzar classes were compiled with a later version).

Straight to the point! =D

Could it get any simpler than that?

4 comments:

Steve Weis said...

Hi Elinor. The class version error is indeed due to the fact that we're using Java 1.6. Unfortunately, that's not supported some (all?) Mac users, so we're going to post a Java 1.5 Jar soon.

Elinor said...

Hi Steve. Thank you for confirming that. I didn't realise there was a particular issue for Mac users, and was assuming most people could upgrade to 1.6 quite easily (my mistake).
In any event, I gather the 1.5 jar is already out! :-)
It's been great fun using the library, and I am looking forward to what's to come!

Anonymous said...

Hi I keep getting thrown a java.util.ConcurrentModificationException
at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:449)
at java.util.AbstractList$Itr.next(AbstractList.java:420)
at com.google.gson.MemoryRefStack.contains(MemoryRefStack.java:75)
at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:128)
at com.google.gson.JsonDeserializationVisitor.visitChild(JsonDeserializationVisitor.java:130)
at com.google.gson.JsonDeserializationVisitor.visitChildAsObject(JsonDeserializationVisitor.java:87)
at com.google.gson.JsonObjectDeserializationVisitor.visitObjectField(JsonObjectDeserializationVisitor.java:73)
at com.google.gson.ObjectNavigator.navigateClassFields(ObjectNavigator.java:179)
at com.google.gson.ObjectNavigator.accept(ObjectNavigator.java:152)
at com.google.gson.JsonDeserializationContextDefault.fromJsonObject(JsonDeserializationContextDefault.java:75)
at com.google.gson.JsonDeserializationContextDefault.deserialize(JsonDeserializationContextDefault.java:47)
at com.google.gson.Gson.fromJson(Gson.java:326)
at com.google.gson.Gson.fromJson(Gson.java:299)
at org.keyczar.KeyMetadata.read(KeyMetadata.java:151)
at org.keyczar.Keyczar.(Keyczar.java:79)
at org.keyczar.Keyczar.(Keyczar.java:113)
at org.keyczar.Encrypter.(Encrypter.java:75)
at org.keyczar.Crypter.(Crypter.java:70)


any ideas ?

Elinor said...

Hi ceaseoleo,

Well, to be perfectly honest, no not really I am afraid.

I guess you have already checked the ConcurrentModificationException javadoc but have you tried the KeyCzar discussion group? It's definitely the place where the experts seem to convene.

In any case, feel free to send me your java source file (please do NOT zip) at elinor DOT hurst AT gmail DOT com. I'll be more than happy to take a look (I looove tinkering).

In any event, let me know how it goes ;-)

Elinor

Online Marketing
Add blog to our blog directory blog search directory Blog Directory Blogarama - The Blog Directory