CODEWITHSUNDEEP
javaencryptiongwtjava.security
Sasikumar Kasaram
Sasikumar Kasaram

Reputation: 1

I need to encrypt the password from client side using java gwt but import java.security is not available

when i try to compile in java gwt its displaying the issues below

  1. The import java.security cannot be resolved
  2. MessageDigest cannot be resolved to a type
  3. NoSuchAlgorithmException cannot be resolved to a type

note: versions used gwt 2.0 java 6 (jre 1.6) tried in 1.8 as well

public static String EncryptPassowrd(String password)
    {
        String encryptedPassword = "";
        byte[] actualBytes = password.toString().getBytes();
        byte[] newbytes = new byte[actualBytes.length * 2];
        for (int i = 0; i < actualBytes.length; i++)
        {
            newbytes[2 * i] = actualBytes[i];
            newbytes[2 * i + 1] = 0;
        }
        try
        {
            MessageDigest md = MessageDigest.getInstance("SHA-1");
            md.reset();
            md.update(newbytes);
            byte[] encryptedbytes = md.digest();
            for (int i = 0; i < encryptedbytes.length; i++)
            {
                encryptedPassword = encryptedPassword == "" ? Integer.toString((encryptedbytes[i] & 0xff) + 0x100, 16).substring(1) : encryptedPassword + "-"
                    + Integer.toString((encryptedbytes[i] & 0xff) + 0x100, 16).substring(1);
            }
            return encryptedPassword.toUpperCase();
        }
        catch (NoSuchAlgorithmException e)
        {
            // Do Nothing
        }
        return "";
    }

Upvotes: 0

Views: 241

Answers (2)

DarkScrolls
DarkScrolls

Reputation: 621

java.security is not included in the subset of the Java runtime library that GWT emulates, as it was already mentioned.

Although you could use GWT-Crypto to go around it, password encryption is not secure, especially on the client side - check GWT-Crypto own wiki. Instead, the plain text password should be sent over an encrypted channel (SSL) and processed securely on the server (for example, hashed with bcrypt). Since hash functions are one-way function, you won't be able to "decrypt" the hashes. In order to authenticate your user, you can run the password through the hash function again in order to compare with the hash that is stored in the database.

Upvotes: 5

vanje
vanje

Reputation: 10383

The package java.security is not part of GWT's standard library emulation.

So you cannot use such classes in GWT client side code. Use special GWT encryption libraries like gwt-crypto instead.

Upvotes: 1

Related Questions