I am working on a network simulator designed in java with the basic function of routing messages through a network. I am trying to take a Message object, encrypt it using an encryption utility that gives output as byte [ ] and then need it to continue performing the routing function through the network. The routing part makes use of a host of pre-defined methods that take Message type as argument. The problem I am facing is converting back from byte [ ] output to this Message type. I tried a couple of things.
First I tried to serialize the object, encrypt it and then tried to de-serialize the output and cast it into type Message. It did not work as it gave invalid stream header.
Secondly I tried to create a sub class EncryptedMessage that extended Message. I tried to cast the output of the encryption utility as type EncryptedMessage also did not work- gave the same error. I have understood that while serializing this cannot be done.
I declared a variable data of type byte[ ] in EncryptedMessage and tried to assign the byte[ ] output to this but it also did not work as I eventually needed to get the output as Message only.
Is there a simple way to convert this byte[ ] output back to type Message so that it can be used further for calling all the methods functions etc.
2
This depends entirely on how your encryption method works. There is a well-known way to serialize and deserialize a class instance in java to its byte form, however you shouldn’t mistake this for encryption. Encryption would be an operation to be performed on the byte array itself to transform it into something difficult to reverse without a proper key of some sort. In this case, retrieving the original message is simply a matter of reversing the encryption and then reinterpreting the bytes as its original class instance.
Now if you are hashing Message into a byte array, you’ll find you’ll never be able to retrieve the original message. This is done intentionally, and in fact it isn’t meant to encrypt, but rather to check the validity of sensitive data without having to necessarily keep that sensitive data in memory. For example if you wanted to make sure an entered password is correct, you could hash the password and check it with other hashed passwords on your database. You can know if the password is correct without having to save the passwords on the database.
Otherwise, I would expect you to have an encryption method (AES, TKIP, WPA2 for instance) and that encryption method would most likely require some sort of input from you. This is a private key and when you decrypt the bytes, you’d need to provide this same private key in order to retrieve the original value. You should consider the additional complication that in Java, you can’t create an instance of a type that isn’t in classpath, so you would likely need to provide the class name or interface as well.
The more sophisticated encryption method is public-key cryptography in which both ends have a public and private key. Combining their public key and your private key gives you the shared secret key required to encrypt and decrypt to and from byte arrays. However like the above method, you would also need to provide Message class or interface in order to decrypt, meaning both parties need to have Message in classpath.
4