Hello,
Through several articles, I would like present the cryptographic mechanisms, types of keys, certificate, types of algorithms …etc:
- PRESENTATION : Concepts of Cryptography (concepts, types of keys symmetric/asymmetric, …)
- The principles of SSL
- The principles of Signature and Certificate
- The principles of Hardware Security Module HSM
- Encoding with base64, base64url, rfc-4648
- Encryption with Blowfish (Anonymization)
- Encryption with AES/CBC, AES/EBC (Encryption of files)
- Encryption with PBEWithMD5AndDES (Encryption of files)
- Encryption with RSA (asymmetric keys private and public)
- KeyStore, JCEKS, SecretKey, PrivateKey, PublicKey, Certificate
- Example, Use of SecretKey, PrivateKey, PublicKey, CSV file (CryptoTools, GenericObfuscationFile)
Encoding base64, base64url, rfc-4648
- Presentation
Base64 is an encoding using 65 characters mainly used in the messages transfer on Internet. The goal is not to keep information secret, but rather to ensure that it’s able to be properly consumed.
An alphabet of 65 characters is used to allow the representation of 6 bits by a character. The 65th character (sign “=”) is used only as a final complement in the coding process of a message.
Disadvantages
This coding increases the size of the data: the size of the data is increased by at least one third. The “white” characters (space, tab, line break) increase the size even more.With this encoding, even the readable characters in the original data are encrypted illegibly. If the majority of the characters of an initial text are already readable, it is possible to envisage coding only the problematic characters.
Advantages
Advantages The advantage of base64 encoding is not to be found in the representation of textual data, but especially in the representation of binary data.When one wants to represent binary data (an image, an executable) in a textual document, such as an email, the hexadecimal transcription in ASCII of the bytes would multiply the size by two, base64 encoding makes it possible to limit this increase.
Base64url
RFC 4648 provides an alternative for encoding compatible with file names and URIs. In fact, the 62 (+) and 63 (/) characters can cause problems with some file systems and URIs. The solution chosen consists of replacing these characters with a minus (-) and an underlined (_) respectively. The complement character remains “=”, but can be ignored. - Solution and Tools
Summary, Base64 encoding allows to have an output string without special characters: conversion of bytes into characters.
* Use of sun.misc.BASE64Decoder and sun.misc.BASE64Encoder
* Use of org.apache.commons.codec.binary.Base64 (commons-codec-X.Y.jar) : With the usage of Base64 from Apache Commons, who can be configured to URL safe
* Other solution since JAVA 8 : use of java.util.Base64 : http://farenda.com/java/java-base64-url/ - Example Base64
01/**02* Use of sun.misc.BASE64Decoder and sun.misc.BASE64Encoder03*/04privatestaticString sun_misc_base64Encode(byte[] bytes) {05returnnewsun.misc.BASE64Encoder().encode(bytes);06}07privatestaticbyte[] sun_misc_base64Decode(String property)throwsIOException {08returnnewsun.misc.BASE64Decoder().decodeBuffer(property);09}1011/**12* Use of org.apache.commons.codec.binary.Base64 (commons-codec-X.Y.jar)13*/14privatestaticString apache_commons_codec_base64Encode(byte[] bytes) {15returnnewString(neworg.apache.commons.codec.binary.Base64().encode(bytes));16}17privatestaticbyte[] apache_commons_codec_base64Decode(String property)throwsIOException {18returnneworg.apache.commons.codec.binary.Base64().decode(property.getBytes());19}
…here the main method:01publicstaticvoidmain(String[] args) {02try{03String str ="123456ds fds àçèé#&çer çer "+System.getProperty("line.separator")+" ^rrr 7897ezrz";04//05{06System.out.println("-------- Use of sun.misc.BASE64Decoder and sun.misc.BASE64Encoder ");07System.out.println("Original="+ str);08String strEnc = sun_misc_base64Encode(str.getBytes());09System.out.println("Encoded="+ strEnc);10String strDec =newString(sun_misc_base64Decode(strEnc));11System.out.println("Decoded="+ strDec);12System.out.println("Decoded is equal to Original="+ (strDec.equals(str)));13}14{15System.out.println("-------- Use of org.apache.commons.codec.binary.Base64 (commons-codec-X.Y.jar) ");16System.out.println("Original="+ str);17String strEnc = apache_commons_codec_base64Encode(str.getBytes());18System.out.println("Encoded="+ strEnc);19String strDec =newString(apache_commons_codec_base64Decode(strEnc));20System.out.println("Decoded="+ strDec);21System.out.println("Decoded is equal to Original="+ (strDec.equals(str)));22}23{24System.out.println("-------- Use of sun.misc.BASE64Decoder and sun.misc.BASE64Encoder and org.apache.commons.codec.binary.Base64 (commons-codec-X.Y.jar) ");25System.out.println("Original="+ str);26String strEnc = sun_misc_base64Encode(str.getBytes());27System.out.println("Encoded="+ strEnc);28String strDec =newString(apache_commons_codec_base64Decode(strEnc));29System.out.println("Decoded="+ strDec);30System.out.println("Decoded is equal to Original="+ (strDec.equals(str)));31}323334}catch(Exception ex) {35ex.printStackTrace();36}37}
…here the outputs:
-------- Use of sun.misc.BASE64Decoder and sun.misc.BASE64Encoder
Original=123456ds fds àçèé#&çer çer
^rrr 7897ezrz
Encoded=MTIzNDU2ZHMgZmRzIODn6OkjJudlciDnZXIgDQogXnJyciA3ODk3ZXpyeg==
Decoded=123456ds fds àçèé#&çer çer
^rrr 7897ezrz
Decoded is equal to Original=true
-------- Use of org.apache.commons.codec.binary.Base64 (commons-codec-X.Y.jar)
Original=123456ds fds àçèé#&çer çer
^rrr 7897ezrz
Encoded=MTIzNDU2ZHMgZmRzIODn6OkjJudlciDnZXIgDQogXnJyciA3ODk3ZXpyeg==
Decoded=123456ds fds àçèé#&çer çer
^rrr 7897ezrz
Decoded is equal to Original=true
-------- Use of sun.misc.BASE64Decoder and sun.misc.BASE64Encoder and org.apache.commons.codec.binary.Base64 (commons-codec-X.Y.jar)
Original=123456ds fds àçèé#&çer çer
^rrr 7897ezrz
Encoded=MTIzNDU2ZHMgZmRzIODn6OkjJudlciDnZXIgDQogXnJyciA3ODk3ZXpyeg==
Decoded=123456ds fds àçèé#&çer çer
^rrr 7897ezrz
Decoded is equal to Original=true
- Example Base64Url
01publicstaticString encode(finalbyte[] content) {02finalString base64string =newBASE64Encoder().encode(content);0304System.out.println("Before base64url : "+ base64string);0506String base64urlString = base64string.replace('+','-');// 62nd char of encoding07base64urlString = base64urlString.replace('/','_');// 63rd char of encoding0809while(base64urlString.endsWith("=")) {// Remove any trailing '='s10base64urlString = base64urlString.substring(0, base64urlString.length() -1);11}1213System.out.println("After base64url : "+ base64urlString);1415returnbase64urlString;16}1718publicstaticbyte[] decode(finalString content)throwsIOException {19String base64string = content.replace('-','+');// 62nd char of encoding20base64string = base64string.replace('_','/');// 63rd char of encoding2122if(base64string.length() %4==2) {23base64string +="==";24}elseif(base64string.length() %4==3) {25base64string +="=";26}2728System.out.println("Before base64 decode : "+ base64string);2930returnnewBASE64Decoder().decodeBuffer(base64string);31}
…here the main method:01privatestaticfinalString VALUE ="Hello world !";0203publicstaticvoidmain(String[] args) {04try{05finalString encodedValue = Base64Url.encode(VALUE.getBytes());06System.out.println("Original="+ VALUE);07System.out.println("Encoded="+ encodedValue);08finalbyte[] decodedValue = Base64Url.decode(encodedValue);09System.out.println("Decoded="+newString(decodedValue));10System.out.println("Decoded is equal to Original="+ (VALUE.equals(newString(decodedValue))));11}catch(IOException e) {12e.printStackTrace();13}14}
…here the outputs:
Before base64url : SGVsbG8gd29ybGQgIQ==
After base64url : SGVsbG8gd29ybGQgIQ
Original=Hello world !
Encoded=SGVsbG8gd29ybGQgIQ
Before base64 decode : SGVsbG8gd29ybGQgIQ==
Decoded=Hello world !
Decoded is equal to Original=true
Sources : base64.zip
That’s all!!!
Huseyin OZVEREN