[Esapi-user] ESAPI deprecated decrypt vs the new decrypt - getting a String to a CipherText

Kevin W. Wall kevin.w.wall at gmail.com
Sat Mar 24 13:21:25 UTC 2012


No... CrypoToken itself handles all these mechanics under the hood. Its
intent is to simplify you passing around (possibly multiple) encrypted
name/value pair attributes. So if you use CryptoToken, you would let it
handle all the encryption/decryption and you would not do it AT ALL.

However, if you really want to do if yourself, look at the Java source code
for CryptoToken. It will show you how to do to conversion between String
and CipherText.

I also think I give an example of how to do this in the User Guide I wrote.

HTH,
-kevin
Sent from my Droid; please excuse typos.
On Mar 24, 2012 8:12 AM, "Jörg Liedl" <joerg.liedl at student.htw-berlin.de>
wrote:

>  Hi Kevin,
> I can save the string into a crypto Token - but i don't see a function to
> make a crypto token to a cipher text...
> so i think this is not really helping!!
> Or am I missing something important?
>
> thanks,
> Jörg
>
>
> Am 24.03.2012 02:27, schrieb Kevin W. Wall:
>
> Jörg,
>
> Take a look at CryptoToken, which was designed for thins like this.
>
> If you find it too heavy weight, then look at its source code as an
> example to show you how to do this conversion.
>
> -kevin
> Sent from my Droid; please excuse typos.
> On Mar 23, 2012 5:24 PM, "Jörg Liedl" <joerg.liedl at student.htw-berlin.de>
> wrote:
> >
> > Hi,
> >
> > i have a small problem:
> >
> > when a user registers, i send him a email with a link to click
> >
> > it looks like:
> >
> https://domain.com/setactive.html?code=wmXgBIGwSwNrBIdSdt%2FmOcf%2Be6g3GpMg0QGMkmWWw9BmWfGWaToRqN2X0Ip1PKl5%2Bd%2F5griuEn3maAu7p8Fvtg%3D%3D
> >
> > The stuff at the end ist done by:
> >
> >            CipherText cipherText = ESAPI.encryptor().encrypt(new
> PlainText(email));
> >            String ct =
> ESAPI.encoder().encodeForURL(cipherText.getEncodedIVCipherText());
> >
> > So, of course if i klick the link, i have in my controller, not a
> ciphertext, but only a String...
> >
> > Is there any possibility to transform a String to a CipherText?
> >
> > Can't find a good way to do it...
> >
> > Thanks
> >
> > Jörg
> > _______________________________________________
> > Esapi-user mailing list
> > Esapi-user at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
> --
> Jörg Liedl
>
> Mobile:  +49 (0) 176 77 640 540
>
> Xing:    https://xing.com/profile/Joerg_Liedl
> FB:      https://fb.com/joerg.liedl
> Twitter: https://twitter.com/joerg_liedl
>
>
> _______________________________________________
> Esapi-user mailing list
> Esapi-user at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/esapi-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/esapi-user/attachments/20120324/b80c245a/attachment.html>


More information about the Esapi-user mailing list