How to check if a string is encrypted in java?

Question

I am using the following code for encrypting my data:

public static String encrypt(String clearData, String password)
            throws UnsupportedEncodingException {
        byte[] bytes = encrypt(clearData.getBytes("UTF-8"), password);
        return Base64.encodeBytes(bytes);
    }


public static byte[] encrypt(byte[] clearData, String password)
            throws UnsupportedEncodingException {
        byte[] passwordKey = encodeDigest(password);
        try {
            aesCipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
        } catch (NoSuchAlgorithmException e) {
            Log.e(TAG, "No such algorithm " + CIPHER_ALGORITHM, e);
        } catch (NoSuchPaddingException e) {
            Log.e(TAG, "No such padding PKCS5", e);
        }
        secretKey = new SecretKeySpec(passwordKey, CIPHER_ALGORITHM);

        try {
            aesCipher.init(Cipher.ENCRYPT_MODE, secretKey, ivParameterSpec);
        } catch (InvalidKeyException e) {
            Log.e(TAG, "Invalid key", e);
            return null;
        } catch (InvalidAlgorithmParameterException e) {
            Log.e(TAG, "Invalid algorithm " + CIPHER_ALGORITHM, e);
            return null;
        }

        byte[] encryptedData;
        try {
            encryptedData = aesCipher.doFinal(clearData);
        } catch (IllegalBlockSizeException e) {
            Log.e(TAG, "Illegal block size", e);
            return null;
        } catch (BadPaddingException e) {
            Log.e(TAG, "Bad padding", e);
            return null;
        }
        return encryptedData;
    }

How can I check that an input string data is encrypted or not without using try-catch?

Update:

for example the user gives me a string. If it is encrypted I store it in database if not I encrypt it then store.

You can't. BTW, fix your exception handling: it's awful. For example, if a NoSuchPaddingException occurs, you continue as if nothing happened, causing a NullPointerException. Wrap everything (instead of each individual line of code) into a try block, and don't return null when you can't encrypt: throw an exception. — JB Nizet, May 19 '15 at 07:03
What is your definition of __"is encrypted or not"__? If you only need to check, if any change was made, compare the original string (or its byte array) with the "encrypted" one. — DangeMask, May 19 '15 at 07:04
There is no such thing as an encrypted `String`; a `String` holds text data, what you encrypt is bytes, and the bytes generated for encryption depends on the character coding you used to encode the text data in the first place. This smells of a [XY problem](http://xyproblem.info), so why don't you just explain what the real problem is? — fge, May 19 '15 at 07:07
@DangeMask for example user give me a string. If it is encrypted I store it in database if not I encrypt it then store. — Bob, May 19 '15 at 07:07
How does the unencrypted string look like? Is it some text in common language? You can for example search for some frequently used words. The encrypted text will possibly not have them — DangeMask, May 19 '15 at 07:11
Why not have the user *tell you* it's encrypted? Or just encrypt everything, regardless of whether it's been previously encrypted? — dimo414, May 19 '15 at 07:40

score 5 · Answer 1 · edited May 23 '17 at 12:32

Well, with the code you've written, you could be fairly confident that you've got an encrypted string by simply checking if it's a valid Base64 encoding.

Broadly speaking however, if you could tell for sure a string was encrypted simply by looking at it, that would mean the encryption was very weak. Properly encrypted data is indiscernible from random noise.

If the user can send you arbitrary encrypted or clear-text data they'll need to tell you which it is.

kamyar haqqani · Answer 2 · 2019-01-17T00:21:26.503

You Can't; you can just play the odds(which are in your favor due to the complexity of padding algorithms which make cipher texts very non random (data-authenticity-checking-wise)).

The reason why is that you are inputting data with infinite number of combinations which indeed include the combinations that would produce valid results after decryption(but are never really encrypted);

No matter how rare certain combinations are infinity has it.

and also containing only base64 characters means it contains only base64 characters; nothing more. (it definitely doesn't mean it's encrypted data!)

score -1 · Answer 3 · answered Jan 09 '19 at 09:50

-1

This can be done in two ways.

Anyway you might have written some logic for encryption and decryption. Now you can try with your decryption and see weather it was decrypted properly or not.
You can try to decode with base64 and see weather you can able to do it without exception. Code will be like following.

enter code here

private boolean isBase64(String input)
 {
  try 
  {
   new String(Base64.getDecoder().decode(input));
   return true;
  } 
  catch (Exception e) 
  {
   return false;
  }
 }

answered Jan 09 '19 at 09:50

Sumanth Varada

1,122
1
16
17

what if there is a string which only contains base64 chars and produce valid decryption text but is never really encrypted? it does happen in theory. – kamyar haqqani Jan 17 '19 at 00:18
Agree, but not appear in practical scenario. – Sumanth Varada Jan 17 '19 at 11:34
it's not that improbable and no matter how rare it occurs; that's exactly what gives value to crypto-currencies. which proves that such scenarios actually happen in reality! – kamyar haqqani Jan 17 '19 at 20:26

How to check if a string is encrypted in java?

3 Answers3