2

In an android project I am using

import javax.crypto.Cipher;

ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

I would like to ask: Whether AES128 or AES256 is used, is defined by the key that is used? For example key="012345678901234567890123456789012"; would have as a result AES256 to be used?

thanks
Thomas

Dan W
  • 5,718
  • 4
  • 33
  • 44
Thomas Kaliakos
  • 3,274
  • 4
  • 25
  • 39
  • 1
    All `Cipher.getInstance("AES/CBC/PKCS5Padding");` does is create the cipher. It will use AES128 if you give it a 128 bit key, or 256 if you give it a 256 bit key. Your example key is bogus. See [this post](http://stackoverflow.com/a/992413/492405) for an example. – vcsjones Jul 18 '12 at 14:11

1 Answers1

1

Yes whether AES128 or AES256 is used is defined by the key that is in use.

However it's not the String length but the byte[] length that determines it. At some point in your code you should be converting String to byte[]. The size of resulting that byte[] is your key size. Without knowing how you convert "012345678901234567890123456789012", it's not possible to know your encryption strength.

Alternatively you can use KeyGenerator:

    KeyGenerator keyGen = KeyGenerator.getInstance("AES");
    keyGen.init(128); // or 256

    // Generate the secret key specs
    SecretKey secretKey = keyGen.generateKey();
    byte[] byteArray = secretKey.getEncoded();
Caner
  • 57,267
  • 35
  • 174
  • 180
  • You are fully right of course, but 32 characters are not very likely to result in less than 32 bytes, which would mean AES-256 - or failure. Java does - to my knowledge - not cut off or append key bytes as some other *idiotic* frameworks do. – Maarten Bodewes Jul 18 '12 at 15:58