CODEWITHSUNDEEP
javapassword-encryptiontink
Manish Mehta
Manish Mehta

Reputation: 71

Password encryption using google/tink

Good day, I have used google/tink to encrypt a password for storing in a DB using these steps :

// 1. Generate the key material.
KeysetHandle keysetHandle = 
    KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM);

// 2. Get the primitive.
Aead aead = AeadFactory.getPrimitive(keysetHandle);

// 3. Use the primitive to encrypt a plaintext,
byte[] ciphertext = aead.encrypt(plaintext, aad);

It basically converts password into the bytes, but when i convert it into string to store into the DB, It stores the encrypted password in this format : -�@~�k�D߶{׼�.

But i want to store the password in the format like 11As7737Cs9ue9oo09 using tink encryption.

Is there any way to do it?

Upvotes: 4

Views: 2562

Answers (2)

Nick H
Nick H

Reputation: 8992

I agree with everyone here that you SHOULD NOT store passwords in the clear.

However, to answer your question because I think it's a common problem when you get some cipher text and the string is unreadable. Say you wanted to store non password data encrypted, and readable. You would need to Base64 encode your cipher text.

When you retrieve your Base64 encoded data back from the database, you would then need to Base64 decode the String and then run it through your decryption process. Building on your example,

String readable = new String(java.util.Base64.getEncoder().encode(cipherText));

byte[] bytesToDecrypt = java.util.Base64.getDecoder().decode(readable.getBytes());

Upvotes: 3

Thai Duong
Thai Duong

Reputation: 168

Manish, you might not want to encrypt the passwords. You want to hash them. Tink doesn't support password hashing yet, but we can add support if there's enough interest.

Could you please file for a feature request at https://github.com/google/tink/issues/new?

Upvotes: 6

Related Questions