I have an assignment to decrypt AES using Java but I keep getting a pad block corrupted error. I know this problem has been addressed in multiple threads everywhere but I still can't figure it out.
I have this information given to me:
key : 0123456789abcdef
IV: 0000000000000000
encrypted string: 1ff4ec7cef0e00d81b2d55a4bfdad4ba
which should give the string "Plain text" according to the assignment.
This is my code: (IVtest array is the same as KeyIvEncrypted but with hex instead)
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.crypto.BufferedBlockCipher;
import java.util.Base64;
public class AESdecryptor {
/*
private static String[] KeyIvEncrypted = new String[]{
"ABEiM0RVZneImaq7zN3u/w==",
"AAECAwQFBgcICQoLDA0ODw==",
"ZtrkahwcMzTu7e/WuJ3AZmF09DE="
};*/
public static String[] KeyIvEncrypted = new String[]{
new String("0123456789abcdef"),
new String("0000000000000000"),
new String("1ff4ec7cef0e00d81b2d55a4bfdad4ba")
};
public static byte[][] Ivtest = {{0x0,0x1,0x2,0x3,0x4,0x5,0x6,0x7,0x8,0x9,0xa,0xb,0xc,0xd,0xe,0xf},{0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0},{0x1,0xf,0xf,0x4,0xe,0xc,0x7,0xc,0xe,0xf,0x0,0xe,0x0,0x0,0xd,0x8,0x1,0xb,0x2,0xd,0x5,0x5,0xa,0x4,0xb,0xf,0xd,0xa,0xd,0x4,0xb,0xa}};
public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidAlgorithmParameterException, UnsupportedEncodingException, InvalidKeySpecException{
Security.addProvider(new BouncyCastleProvider());
System.out.println(new String(decrypt(),"ISO-8859-1"));
}
private static byte[] transform(int mode, byte[] keyBytes, byte[] ivBytes, byte[] messageBytes) throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidKeySpecException
{
final SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
final IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
final Cipher cipher = Cipher.getInstance("AES/CBC/pkcs7Padding");
cipher.init(mode, keySpec, ivSpec);
return cipher.doFinal(messageBytes);
}
public static byte[] decrypt() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchProviderException, InvalidAlgorithmParameterException, UnsupportedEncodingException, InvalidKeySpecException{
//return AESdecryptor.transform(Cipher.DECRYPT_MODE, Base64.getDecoder().decode(KeyIvEncrypted[0]), Base64.getDecoder().decode(KeyIvEncrypted[1]), Base64.getDecoder().decode(KeyIvEncrypted[2]));
return AESdecryptor.transform(Cipher.DECRYPT_MODE, Ivtest[0], Ivtest[1], Ivtest[2]);
}
}
OK, so I needed some time to reset my mind and I needed a puzzle. You are the lucky one.
The following code will solve your issue, I'll put the remarks below...
package so;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.encoders.Hex;
public class AESdecryptor {
public static String[] KeyIvEncrypted = new String[]{
new String("0123456789abcdef"),
new String("0000000000000000"),
new String("1ff4ec7cef0e00d81b2d55a4bfdad4ba")
};
public static void main(String[] args) throws GeneralSecurityException {
// Security.addProvider(new BouncyCastleProvider());
byte[] decrypted = decrypt();
System.out.println(new String(decrypted, StandardCharsets.ISO_8859_1));
}
private static byte[] transform(int mode, byte[] keyBytes, byte[] ivBytes, byte[] messageBytes)
throws GeneralSecurityException {
final SecretKeySpec keySpec = new SecretKeySpec(keyBytes, "AES");
final IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(mode, keySpec, ivSpec);
return cipher.doFinal(messageBytes);
}
public static byte[] decrypt() throws GeneralSecurityException {
return AESdecryptor.transform(Cipher.DECRYPT_MODE, KeyIvEncrypted[0].getBytes(), KeyIvEncrypted[1].getBytes(), Hex.decode(KeyIvEncrypted[2]));
}
}
The following issues were found:
the key and IV are specified in (ASCII) text. Keys and IV's should not be encoded as text, as each byte should be equally possible;
the IV should not be static, but indistinguishable from random;
the IV is not a "zero" IV, as that would consist of bytes set to 0x00, not bytes set to the character '0', i.e. 0x30;
Bouncy Castle is not needed, PKCS#5 is identical to PKCS#7 when it comes to padding;
the ciphertext is encoded in hexadecimals, so you need to decode them using two hex digits grouped together to make one byte (I've used the Hex class from Bouncy as you already have that it seems).
And please note that encryption doesn't equal security even if performed correctly.
Related
I used to AES-128 CBC with NoPadding algorithm according to Apple's Technical Note. I can encrypt and decrypt any video with following code below. I tried Muxed encrypted and Un-Muxed encrypted video both. But i couldnt decrypt original test contents properly. When i encrypt original unencrypted files it doesnt play on Safari.
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.crypto.spec.IvParameterSpec;
public class Main {
public static void main(String[] args)
throws InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
NoSuchPaddingException, FileNotFoundException, IllegalBlockSizeException, BadPaddingException, IOException {
// TODO Auto-generated method stub
byte[] IVBytes = "\u00d5\u00fb\u00d6\u00b8\u002e\u00d9\u003e\u004e\u00f9\u008a\u00e4\u0009\u0031\u00ee\u0033\u00b7".getBytes();
byte[] KeyBytes = "\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c\u003c".getBytes();
IvParameterSpec ivspec = new IvParameterSpec(IVBytes);
SecretKeySpec skey = new SecretKeySpec(KeyBytes, "AES");
Cipher ci = Cipher.getInstance("AES/CBC/NoPadding");
ci.init(Cipher.DECRYPT_MODE, skey, ivspec);
processFile(ci, "C:\\test_java\\encryted.ts", "C:\\test_java\\unencryted.ts");
/*
ci.init(Cipher.ENCRYPT_MODE, skey, ivspec);
processFile(ci, "C:\\test_java\\main.ts", "C:\\test_java\\encrypted_unmu.ts");
*/
}
static private void processFile(Cipher ci, String inFile, String outFile)
throws FileNotFoundException, IOException, IllegalBlockSizeException, BadPaddingException {
try (FileInputStream in = new FileInputStream(inFile); FileOutputStream out = new FileOutputStream(outFile)) {
byte[] ibuf = new byte[1024];
int len;
while ((len = in.read(ibuf)) != -1) {
len = len - (len % 16);
byte[] obuf = ci.update(ibuf, 0, len);
if ( obuf != null ) out.write(obuf);
}
byte[] obuf = ci.doFinal();
if ( obuf != null ) out.write(obuf);
}
}
}
Encryption and Decryption in Java is still very difficult for me to understand. I have been using the following class and methods. I wonder how to improve the safety and how long does the keystring (schlüssel) need to be?
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class AES
{
public static SecretKeySpec makeKey(String schlüssel) throws NoSuchAlgorithmException, UnsupportedEncodingException
{
byte[] key = (schlüssel).getBytes("UTF-8");
MessageDigest sha = MessageDigest.getInstance("SHA");
key = sha.digest(key);
key = Arrays.copyOf(key, 16);
return new SecretKeySpec(key, "AES");
}
public static String encryptString(String text, SecretKeySpec schlüssel) throws Exception
{
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, schlüssel);
byte[] encrypted = cipher.doFinal(text.getBytes());
BASE64Encoder myEncoder = new BASE64Encoder();
return myEncoder.encode(encrypted);
}
public static String decryptString(String text, SecretKeySpec schlüssel) throws Exception
{
BASE64Decoder myDecoder2 = new BASE64Decoder();
byte[] crypted2 = myDecoder2.decodeBuffer(text);
Cipher cipher2 = Cipher.getInstance("AES");
cipher2.init(Cipher.DECRYPT_MODE, schlüssel);
byte[] cipherData2 = cipher2.doFinal(crypted2);
return new String(cipherData2);
}
}
I have been reading about the topic. But I did not understand how to transfer the ideas into my code. Any help is appreciated, please be kind with an encryption beginner. Thank you.
There are a lot of things wrong in this class.
the class uses a cryptographic hash instead of a password hash - such as PBKDF2 - to derive a key from the password;
you are using ECB mode encryption (the default), you need to use at least CBC, together with an initialization vector (IV);
your class doesn't add any integrity protection, in other words the ciphertext is malleable;
It depends on the use case if you require the integrity protection. So I'll point you to this question for more information about password based encryption (PBE). Note that the answers may still deliver malleable ciphertext.
Furthermore the class contains the following Java mistakes:
it doesn't distinguish between runtime related exceptions (missing algorithms) and input related exceptions;
it uses the default platform encoding for your plaintext;
it is using a Sun internal class to perform the Base 64 encoding/decoding.
Note that people will probably point out to you that you are using 128 bit AES encryption. That's however quite strong and - certainly at this point in time - the least of your worries. Upgrading to 192 or 256 bit AES won't increase security significantly.
Refering to Maarten Bodeswes code I try to bring his code into the form I am using.
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
public class AESplus
{
public static SecretKeySpec makeKey(String password) throws NoSuchAlgorithmException, UnsupportedEncodingException
{
password = String.format("%040x", new BigInteger(1,password.getBytes(Charset.forName("UTF-8"))));
password = password.substring(password.length()-32, password.length());
final byte[] symKeyData = DatatypeConverter.parseHexBinary(password);
return new SecretKeySpec(symKeyData, "AES");
}
public static String encryptString(String text, SecretKeySpec key) throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
{
final byte[] encodedMessage = text.getBytes(Charset.forName("UTF-8"));
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
final int blockSize = cipher.getBlockSize();
// generate random IV using block size
final byte[] ivData = new byte[blockSize];
final SecureRandom rnd = SecureRandom.getInstance("SHA1PRNG");
rnd.nextBytes(ivData);
final IvParameterSpec iv = new IvParameterSpec(ivData);
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
final byte[] encryptedMessage = cipher.doFinal(encodedMessage);
// concatenate IV and encrypted message
final byte[] ivAndEncryptedMessage = new byte[ivData.length + encryptedMessage.length];
System.arraycopy(ivData, 0, ivAndEncryptedMessage, 0, blockSize);
System.arraycopy(encryptedMessage, 0, ivAndEncryptedMessage, blockSize, encryptedMessage.length);
return DatatypeConverter.printBase64Binary(ivAndEncryptedMessage);
}
public static String decrytString(String crypttext, SecretKeySpec key) throws NoSuchAlgorithmException, NoSuchPaddingException,
InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
{
final byte[] ivAndEncryptedMessage = DatatypeConverter.parseBase64Binary(crypttext);
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
final int blockSize = cipher.getBlockSize();
// retrieve random IV from start of the received message
final byte[] ivData = new byte[blockSize];
System.arraycopy(ivAndEncryptedMessage, 0, ivData, 0, blockSize);
final IvParameterSpec iv = new IvParameterSpec(ivData);
// retrieve the encrypted message itself
final byte[] encryptedMessage = new byte[ivAndEncryptedMessage.length - blockSize];
System.arraycopy(ivAndEncryptedMessage, blockSize, encryptedMessage, 0, encryptedMessage.length);
cipher.init(Cipher.DECRYPT_MODE, key, iv);
final byte[] encodedMessage = cipher.doFinal(encryptedMessage);
// concatenate IV and encrypted message
final String message = new String(encodedMessage,Charset.forName("UTF-8"));
return message;
}
}
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
public class Encryption {
public static byte[] encrypted(String t) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException{
byte[] dataToSend = t.getBytes();
byte[] key = new byte[16];
Cipher c = Cipher.getInstance("AES");
SecretKeySpec k = new SecretKeySpec(key, "AES");
c.init(Cipher.ENCRYPT_MODE, k);
byte[] encryptedData = c.doFinal(dataToSend);
return encryptedData;
}
public static byte[] decrypted(byte[] kr) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException{
byte[] key = new byte[16];
SecretKeySpec k = new SecretKeySpec(key, "AES");
byte[] encryptedData = kr;
Cipher c2 = Cipher.getInstance("AES");
c2.init(Cipher.DECRYPT_MODE, k);
byte[] data = c2.doFinal(encryptedData);
return data;
}
public static void main(String args[]) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
//method1
System.out.println(encrypted("adsda"));
String f = new String (encrypted("adsda")); //working on console but not works when stores to cookies because of invalid characters
System.out.println(f);
System.out.println(new String(decrypted(f.getBytes())));// works when decrypting in console, not tried in cookies because not able encrypt
//method2
String x = encrypted("adsda").toString(); // works when stores in cookies works on console
System.out.println(x);
System.out.println(new String(decrypted(x.getBytes())));// decrypt not working both on console and cookies
System.out.println(decrypted(x.getBytes()).toString()); // decrypt not working both on console and cookies
}
}
I created a method to encrypt and decrypt cookies using AES. The details is the comment on the code.
You can't just convert the byte[] returned by encrypted(..) to a String. You need to use an encoding that do not lose data.
Use an encoding like Base64 or even a hex encoding.
I have the following code which almost works:
AES.java
import java.io.UnsupportedEncodingException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class AES {
private static final int KEY_LENGTH = 128;
private static final int ITERATIONS = 100;
private static final String ALGORITHM = "AES";
private static final String SECRET_KEY_ALGORITHM = "PBKDF2WithHmacSHA1";
private static final String TRANSFORMATION = "AES/CBC/PKCS5Padding";
private final Cipher m_enc_cipher;
private final Cipher m_dec_cipher;
private final byte[] m_iv;
public AES(final char[] password, final byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException,
NoSuchPaddingException, InvalidKeyException,
InvalidParameterSpecException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException,
InvalidAlgorithmParameterException {
// Derive the key, given password and salt
final SecretKeyFactory factory = SecretKeyFactory
.getInstance(SECRET_KEY_ALGORITHM);
final KeySpec spec = new PBEKeySpec(password, salt, ITERATIONS,
KEY_LENGTH);
final SecretKey tmp = factory.generateSecret(spec);
final SecretKey secret = new SecretKeySpec(tmp.getEncoded(), ALGORITHM);
// Build encryptor and get IV
final Cipher enc_cipher = Cipher.getInstance(TRANSFORMATION);
enc_cipher.init(Cipher.ENCRYPT_MODE, secret);
final AlgorithmParameters params = enc_cipher.getParameters();
final byte[] iv = params.getParameterSpec(IvParameterSpec.class)
.getIV();
// Build decryptor
final Cipher dec_cipher = Cipher.getInstance(TRANSFORMATION);
dec_cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));
this.m_enc_cipher = enc_cipher;
this.m_dec_cipher = dec_cipher;
this.m_iv = iv;
}
public AES(final byte[] iv) throws NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidKeyException, InvalidParameterSpecException,
IllegalBlockSizeException, BadPaddingException,
UnsupportedEncodingException, InvalidAlgorithmParameterException {
final AlgorithmParameterSpec aps = new IvParameterSpec(iv);
final KeyGenerator keygen = KeyGenerator.getInstance(ALGORITHM);
keygen.init(KEY_LENGTH);
final SecretKey secret = keygen.generateKey();
// Build encryptor
final Cipher enc_cipher = Cipher.getInstance(TRANSFORMATION);
enc_cipher.init(Cipher.ENCRYPT_MODE, secret, aps);
// Build decryptor
final Cipher dec_cipher = Cipher.getInstance(TRANSFORMATION);
dec_cipher.init(Cipher.DECRYPT_MODE, secret, aps);
this.m_enc_cipher = enc_cipher;
this.m_dec_cipher = dec_cipher;
this.m_iv = iv;
}
public byte[] get_iv() {
return this.m_iv;
}
public byte[] encrypt(final byte[] data) throws NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidKeyException, InvalidParameterSpecException,
IllegalBlockSizeException, BadPaddingException,
UnsupportedEncodingException {
return this.m_enc_cipher.doFinal(data);
}
public byte[] decrypt(final byte[] data) throws IllegalBlockSizeException,
BadPaddingException {
return this.m_dec_cipher.doFinal(data);
}
}
AESTest.java
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.junit.Test;
import static org.junit.Assert.*;
public class AESTest {
#Test
public void test() throws InvalidKeyException, NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidParameterSpecException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException,
InvalidAlgorithmParameterException {
final char[] password = "my_password".toCharArray();
final byte[] salt = new byte[] { 22, 11 };
final byte[] original_data = "Hello, World!".getBytes("UTF-8");
final AES aesA = new AES(password, salt);
final byte[] encrypted_data = aesA.encrypt(original_data);
System.out.println("Encrypted:");
System.out.println(javax.xml.bind.DatatypeConverter
.printBase64Binary(encrypted_data));
final AES aesB = new AES(aesA.get_iv());
final byte[] decrypted_data_B = aesB.decrypt(encrypted_data);
System.out.println("Decrypted B:");
System.out.println(javax.xml.bind.DatatypeConverter
.printBase64Binary(decrypted_data_B));
assertTrue(Arrays.equals(original_data, decrypted_data_B));
}
}
On the test (AESTest.java), it gives me this error:
javax.crypto.BadPaddingException: Given final block not properly padded
My final purpose is to be able to send an encrypted data block and later get it back.
The term "later" could refer to a day/week/year.
Then, using the same password I want to decrypt it.
Because "later" might be a month I'll need to create a new AES object.
Now, this new AES object must be able to decrypt the data with the same fixed password/salt.
That's all.
I've tried to use the same IV but it doesn't work.
What am I doing wrong here?
Edit #1:
Please pay attention to ITERATIONS as well.
When you init AES by iv you create a different secret. Isnt's it wrong?
You are not using the same password and salt.
As already stated, the second constructor creates a new AES key, so it won't match with the one created in the first constructor. I don't really get your intention in having two different constructors, where in each you create an AES instance fit for encryption as well as another one for decryption? It might make sense to rethink that design and use just one single instance only, depending on whether you want to encrypt or decrypt.
While the key you generate in the first constructor is to be kept secret, the IV being produced is public information and can be safely published publicly, this won't harm the security. However, you should create unique IVs for every encrypted message, otherwise there's attacks that are possible against the CBC mode you are using.
So here's how I would recommend you do it:
Encryption:
Basically the first constructor, leaving out the second instance for decryption. Retrieve the IV that was created.
Decryption:
Again basically the first constructor, with an additional IV parameter. Create the key again from scratch with exactly the same parameters (salt, password, iterations), and this time init the Cipher in decryption mode, additionally passing the IV parameter.
That should do it!
I'm writing an application for Android that uses symmetric key encryption to protect sensitive data. As far as I can tell, Android only directly supports "PBEWithMD5AndDES". How secure is this algorithm? Also, I've included my code below (non-andriod). Is my code correctly encrypting the data?
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class CipherTest
{
private static class EncryptInfo
{
private final byte[] encryptedData;
private final byte[] initVector;
private final byte[] salt;
public EncryptInfo(byte[] encryptedData, byte[] initVector, byte[] salt)
{
this.encryptedData = encryptedData.clone();
this.initVector = initVector.clone();
this.salt = salt.clone();
}
public byte[] getEncryptedData()
{
return encryptedData;
}
public byte[] getInitVector()
{
return initVector;
}
public byte[] getSalt()
{
return salt;
}
}
private static final String keyGenAlgorithm = "PBEWithMD5AndDES";
private static final String keyAlgorithm = "DES";
private static final String cipherTransform = "PBEWithMD5AndDES/CBC/PKCS5Padding";
private static EncryptInfo encrypt(char[] password, byte[] data)
throws NoSuchAlgorithmException, InvalidKeySpecException,
NoSuchPaddingException, InvalidKeyException,
InvalidParameterSpecException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException
{
byte[] salt = new byte[16];
new SecureRandom().nextBytes(salt);
PBEKeySpec keySpec = new PBEKeySpec(password, salt, 1024);
SecretKeyFactory secretKeyFactory = SecretKeyFactory
.getInstance(keyGenAlgorithm);
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
keySpec.clearPassword();
byte[] key = secretKey.getEncoded();
SecretKeySpec secretKeySpec = new SecretKeySpec(key, keyAlgorithm);
Cipher cipher = Cipher.getInstance(cipherTransform);
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
byte[] initVector = cipher.getParameters().getParameterSpec(
IvParameterSpec.class).getIV();
return new EncryptInfo(cipher.doFinal(data), initVector, salt);
}
public static byte[] decrypt(byte[] data, char[] password, byte[] salt,
byte[] initVector) throws NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidKeyException, InvalidAlgorithmParameterException,
IllegalBlockSizeException, BadPaddingException
{
PBEKeySpec keySpec = new PBEKeySpec(password, salt, 1024);
SecretKeyFactory secretKeyFactory = SecretKeyFactory
.getInstance(keyGenAlgorithm);
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
keySpec.clearPassword();
byte[] key = secretKey.getEncoded();
SecretKeySpec secretKeySpec = new SecretKeySpec(key, keyAlgorithm);
Cipher cipher = Cipher.getInstance(cipherTransform);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, new IvParameterSpec(
initVector));
return cipher.doFinal(data);
}
public static void main(String[] args) throws Exception
{
char[] password = "password".toCharArray();
EncryptInfo info = encrypt(password, "Message".getBytes());
byte[] decyptedText = decrypt(info.getEncryptedData(), password, info
.getSalt(), info.getInitVector());
System.out.println(new String(decyptedText));
}
}
Both MD5 and DES are weak. If your data being encrypted is really valuable, you should look for some external crypto library for Android that offers AES and SHA256/SHA512 algorithms.
If you want to encrypt data using a symmetric key encryption, I recommend:
1) Use AES, because it is certified by the NSA for data classified as secret.
2) Use a well reviewed implementation so you don't have to research the proper way to configure the code. For example, AESCrypt.
You can find AESCrypt here: http://www.aescrypt.com/java_aes_crypt.html
I've seen AESCrypt used in several financial institutions. AESCrypt for java is a single class that calls JCE methods. Android, JCE is implemented by bouncycastle. I have seen bouncycastle used in several major financial institutions.