6

the Play Framework 2.0 provides the lib Crypto, see code: https://github.com/playframework/Play20/blob/master/framework/src/play/src/main/scala/play/api/libs/Crypto.scala

So If want to sign a value I can use:

Crypto.sign(username);

But how to decrypt the username again? There is not method unsign or decrypt? Or am I missing something here?

asked Apr 13, 2012 at 17:17

3 Answers 3

6

The API is for creating a signature, a SHA1 hash (as you can see in the code you link to). The purpose of that is not to be reversible (unsigned) but to be used as verification of authenticity.

For example, if you have signed an authentication token, you can make sure that it had not been tampered with by checking that Crypto.sign(token) == tokenSignature.

If you want encryption and decryption, check out Crypto.encryptAES/Crypto.decryptAES (added in Play 2.1).

Daniel Darabos
27.6k10 gold badges109 silver badges122 bronze badges
answered Apr 16, 2012 at 11:01
Sign up to request clarification or add additional context in comments.

2 Comments

what the benefit of it , we can also check bymyString=password
Please note that Crypto.encryptAES is vulnerable to malleability attacks unless it is combined with a MAC for authentication, because it uses AES-CTR. What you probably want is AES-GCM. Crypto will be deprecated in 2.5.x and there's a migration guide for moving off it: playframework.com/documentation/2.5.x/CryptoMigration25
1

What exactly are you trying to do? You only sign a value to ensure that it wasn't altered. The point is that you cannot "unsign" it easily.

If you want to encrypt and decrypt a value within your app, you have to use an encryption algorithm from javax.crypto.

answered Apr 14, 2012 at 18:35

1 Comment

Thanks for your time, I want to decrypt a username and password, and in Play! 1.2.4 I have used the Crypto class for that.. And then at request time I want to show the username and password, so I need to decrypt it again. But I understand that I need to use additional classes for this purpose...
1

If you need encrypt/decrypt functionality you can try to add http://www.jasypt.org/.

org.jasypt.util.text.BasicTextEncryptor allows the user to encrypt and decrypt text data using a normal-strength algorithm. In order to be able to encrypt and decrypt.

Than you can do something like this:

...
BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
textEncryptor.setPassword(myEncryptionPassword);
...
String myEncryptedText = textEncryptor.encrypt(myText);
String plainText = textEncryptor.decrypt(myEncryptedText);
...
answered Apr 18, 2012 at 12:02

2 Comments

Yes, indeed I came across this one :-). And I will try to use it in my project, thanks anyway for sharing.
I wouldn't use jasypt, because it invents its own crypto: security.stackexchange.com/a/65240

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.