-2

The goal of this is not for security, but for obscurity so the casual user will not be able to determine what the email address is.

I don't want to display an email address in the URL like:

www.example.com/?id=johnsmith@example.com

I would like to encrypt the email address, with the goal of:

  1. the encrypted text should be encodable to be in a querystring
  2. the length should be as short as possible
  3. should not be easily decryptable e.g. using md5
  4. I can decrypt the value back

Can someone suggest an ecryption algorith that would meet the above criteria?

clickbait
  • 2,818
  • 1
  • 25
  • 61
Blankman
  • 259,732
  • 324
  • 769
  • 1,199
  • Why don't you just use `?id=42` and store the actual address in your db server side? It's way shorter, and 100% decryption proof. – that other guy Jul 09 '17 at 18:48
  • 1
    MD5 is not decryptable, so do you want to actually retrieve the original address? – Artjom B. Jul 09 '17 at 18:48
  • @thatotherguy I don't have a database for this simple app – Blankman Jul 09 '17 at 18:51
  • @ArtjomB. yes, I updated my question saying exactly that thanks! – Blankman Jul 09 '17 at 18:52
  • You could encrypt it using anything (like AES) and then encode it using base64 (or any other format, like HEX). But maybe it will not be as short as you want. How short do you need it? – MiguelKVidal Jul 09 '17 at 18:55
  • @MiguelKVidal ideally like much longer that the original text, at most double I would say. So input is 10 chars, encrypted can be 20. – Blankman Jul 09 '17 at 18:56
  • If you really don't need security, then take a look at @Nishit-Kothari answer – MiguelKVidal Jul 09 '17 at 18:59
  • 4
    Do you really need to have it in the query string at all? Why not use HTTPS and POST? This sounds like a horrible attempt at a horrible workaround. – Kayaman Jul 09 '17 at 19:12
  • You could just use HTTPS and everything except the host portion of the request would be encrypted during transit including the querry string. The only catch is the whole URL may get into the server logs. – zaph Jul 09 '17 at 20:26
  • @zaph it is so the visitor can't see the email, or know what it is. it isn't a security risk but just want to make it difficult – Blankman Jul 09 '17 at 21:13
  • @Kayaman it may sound like it, but it isn't. It is only done to prevent the visitor from entering the email address directly, I want to force them to click the link instead so I can track it. that's all. it isn't a security risk at all either don't worry. – Blankman Jul 09 '17 at 21:14

2 Answers2

2

When you talk about encryption you would have bytes, and not characters. Bu you can encode those bytes as characters using Base64. For example:

import javax.xml.bind.DatatypeConverter;

// Encrypt if you really need to encrypt it
// I am assuming you have a method that receive a String, encrypt it and return the byte[] encrypted.
// If you don't know how to encrypt, just ask a new question about how to do it in Java.
byte[] b = encrypt( "email@example.com" );
String encoded = DatatypeConverter.printBase64Binary( b );

// Otherwise, just encode it
b = "email.example.com".getBytes(java.nio.charset.StandardCharsets.UTF_8);
encoded = DatatypeConverter.printBase64Binary( b );
MiguelKVidal
  • 1,498
  • 1
  • 15
  • 23
1

If your aim is not to deal with Security aspect of it then you can achieve it through Base64 encoding and decoding of String

 final String encodedValue =  new BASE64Encoder().encode("johnsmith@example.com".getBytes());
System.out.println("encodedValue = "+encodedValue );
final String decodedValue =  new String(new BASE64Decoder().decodeBuffer(encodedValue));
System.out.println("decodedValue = "+decodedValue);
Nishit Kothari
  • 37
  • 1
  • 4