Hey! Thanks for reiterating my message
I love the way you encourage ppl at Dani-Web.

And we ve got a couple of workarounds I see. Nice.

Hello everyone , thanks a lot for your answers ,

Wow .. I've learn so many things, i will try these techniques during the coming days !!

Again, thanks a lot, I will let know if my problem has been solved.

Hello, the reason why I want to save the key : because I want to seperate the encryption and decryption process.

Let say, that the sender encrypt the message using a specific key and the receiver need this key to decrypt the message at the other end.

You see, I just want to have the key ... but the problem is that I am unable to store the key and use it at the other .. thanks.

OK, lets go thru this one more time:
At the server generate a public/private key pair, and store them.
Client connects, requests server's public key.
Client generates a random session key, encrypts it using the server's public key, and sends it to the server.
Server uses its private key to decrypt the session key.
Client and server now use the session key to encrypt all following traffic, starting with a logon etc.

Thanks for the answer James, but the problem is that ... i don't want to use the private/public key. I want to use the example I gave in the first post. I just want to have a way to store the key .. or use the same key to decrypt.

Forget the chat program for the time being. I just want to use DES to encrypt and decrypt file. But the encryption and the decryption should be seperated and for that i must find a way to store the key. Hope you understand my question.

I will surely use the public/private key in the coming weeks but for the time I want to use DES .. its for learning purposes.

Thanks a lot for your answers guys.

If you just want to store the key, use Preferences, like I suggested n posts ago. I understand what you WANT to do, but I really think it's not realistic - you'll have to send the key to the client unencrypted, which is pointless. Still, good luck.

Thanks for the answer, yepp you are right .. but I just want to use DES for some other purposes, just want to know how it works, I am currently working on the FTP part .... in the coming weeks I will surely implement the private/public, if i have enough time of course, again, thanks for the answer.

The key is just a string of random bytes. You can store it any which way you like-- it's just a boring old string of bytes. To actually get the bytes, you have a couple of options:

(1) Just generate the string of random bytes yourself, using SecureRandom, then init your Cipher with a SecretKeySpec wrapper around those bytes:


(2) The "proper" way (but slightly overengineered for this purpose) is to use a KeyGenerator to generate the key, then a SecretKeyFactory to convetr it into a keyspec object from which you can pull out the bytes:


You can also cheat slightly in this case. If you call getEncoded() on the SecretKey, you'll actually get the selfsame bytes as via the factory.

Strictly, the KeyGenerator is the "correct" way because it is supposed to know about certain weak keys/constraints on key creation for your particular algorithm. As I recall, DES has 4 weak kes out of the total 2^56, so in practice you really don't need to worry. AES (and, ideally, whatever algorithm you pick) has no known weak keys -- you really can just generate a random string of bytes.

Incidentally, I assume you know that DES is not secure by today's standards (actually, it wasn't very secure by yesterday's standards...) and much slower and less secure than practically any other algorithm in the universe. You may be interested in some stuff I've written about Java cryptography, including the security and performance of different algorithms. I'd also recommend you read the stuff about block modes (the example uses AES, but the information leak problem applies to DES too).