Im creating a banking system for a university assignment. Basically I have been struggling with encrypting user data. Its a first year assignment (in a 3 year bachelor) please bear this in mind when commenting x)))

//The constructor sets the global veriable key to a user defined value.
        
        //The method byteToString adds the byte[] to a string char by char.

         /**
	 * Cant handle special characters.
	 * Encrypts by adding the key value to each byte in the given string.
	 * @param stringIn, string to be encrypted
	 * @return the string representation of the encrypted string.
	 */
	public String encrypt(String stringIn) {
		byte[] arrayIn = stringIn.getBytes();
		for(int i = 0;i<arrayIn.length;i++) {
			arrayIn[i] =(byte) (arrayIn[i]+key);
		}
		System.out.println("encrypted**** "+byteToString(arrayIn));
		return byteToString(arrayIn);
	}
	
	/**
	 * Cant handle special characters.
	 * Decrypts a encrypted string. Needs to be the same key value.
	 * @param stringIn, encrypted string to be decrypted
	 * @return Decrypted string
	 */
	public String decrypt(String stringIn) {
		byte[] arrayIn = stringIn.getBytes();
		for(int i = 0;i<arrayIn.length;i++) {
			arrayIn[i] =(byte) (arrayIn[i]-key);
		}
		System.out.println("decrypted**** "+byteToString(arrayIn));
		return byteToString(arrayIn);
	}

what is key?

It's a byte value the constructor declares as a private variable for the class.

how does a constructor declare a private variable for a class? that it initializes it, ow-key ... but declaring?

my point is, can it take any value of byte, or are there limits?
if it's limited to a small number, the encryption is quite easy to crack.

well, for a basic encryption, it 'll work. have been playing around writing an encryption of my own a while back, was a bit bored. if you really want a good encryption, you must be sure that

- having both the encrypted text and the methods to encrypt/decrypt it are not enough to actually read an encrypted text, unless you are the intended recipient, or the sender.

make sure key is not set by the class itself.
for instance, when writing my encrytpions (which were still quite basic) the user had to connect with his eID and provide a keyword, which both would be used in encrypting/decrypting the message.

Ye sorry i did mean it initializes the key value..

And ye the key value is limited to 25.

It wouldn't be enough to have the methods and the encrypted text you would need the key as well (which is at the moment hard coded into the class handling the data). But ye since the key can only be between 1 and 25 that would be fairly easy to crack.

Any ideas on how to make it more secure? I have seen alot of people rearranging the strings, taking the two first and last letters and swapping them around. Logical i cant see that helping in this instance, since the problem is that you only need the methods and the key to crack the encryption which swapping the strings around wouldn't really solve.

that is only so if all the variables used by the swapping are static. what if, for instance, some of the encryptions depend on a password provided by the user? or the number of places you shift the characters by?

if you want it to be a bit more secure,
1. add several encryption methods
2. do not allow all the variables to be hardcoded, since in the end, all the applications "out there" can be decompiled.

I'm pretty sure there are tons of sites out there, or wiki pages that explain encryption methods.
Last year I was bored, bought a book about encryption methods, well, the old kind, used over hundreds of years ago, and had a lot of fun writing some of them in Java, so I know it's doable :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.