Node.js aes-256-cbc in Java

Question

How could I implement the following Node.js function in Java?

function encrypt(text)
{
    var crypto = require('crypto');
    var cipher = crypto.createCipher('aes-256-cbc','my-password')
    var crypted = cipher.update(text,'utf8','hex')
    crypted += cipher.final('hex');
    return crypted;
}

I've read that crypto derives the key and iv from password but I don't know how to do that with Java.

Thanks.

So, is your question really which Java library to use to do AES encryption? — uvesten, Apr 03 '14 at 16:42
@uvesten I'm using javax.crypto and BouncyCastle. Do you know another one? — Marcus Henrique, Apr 06 '14 at 18:23

score -1 · Answer 1 · edited May 23 '17 at 10:30

-1

First of all, it is recommend to use an IV for the AES crypto, this makes the same plaintext look different when encrypting, but only if you use a non-static IV.

There is some question/answer pair that could match your search: click

Ohterwise this is the first thing I found on google, maybe it helps you: click

Oh and this might help you with possible security issues: click

edited May 23 '17 at 10:30

Community

1
1

answered Apr 03 '14 at 16:37

Maximilian Walter

154
1
8

Sorry, I gave you a JavaScript example, I will remove it now. But the links aren't helpful? – Maximilian Walter Apr 03 '14 at 16:57
MaximilianWalter Thank you for your answer. My problem is that we have a lot of passwords generated by crypto so we need to implement the same algorithm with Java for compatibility reasons. However, I don't know how crypto generates the IV and salt. How are they generated by crypto? If I knew how to generate the salt I could use BouncyCastle's OpenSSLPBEParametersGenerator to derive the key and IV. – Marcus Henrique Apr 06 '14 at 18:14
The salt is generated and delivered by you with md5 or sha1. The iv is also generated by you, which means if you haven't done that, just skip it. – Maximilian Walter Apr 07 '14 at 13:58
Can you post an example? – Marcus Henrique Apr 12 '14 at 15:24
I think this is what you are looking for: http://stackoverflow.com/questions/992019/java-256-bit-aes-password-based-encryption/992413#992413 – Maximilian Walter Apr 12 '14 at 16:12
I tried to use PBKDF2WithHmacSHA1 but I don't know the salt. Look http://pastebin.com/s34k5jG4. Do I need to extract it from the hexadecimal generated by crypto? – Marcus Henrique Apr 12 '14 at 18:46
The IV is only for CBC and not for ASE! And only the first block (16 byte) look different if you use a non-static IV. http://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Cipher-block_chaining_.28CBC.29 – windm Jan 12 '15 at 10:12

Node.js aes-256-cbc in Java

1 Answers1