0

I am trying to encrypt some data using AES Encryption and Decryption. I wrote my encryption using following example.

https://www.owasp.org/index.php/Using_the_Java_Cryptographic_Extensions#AES_Encryption_and_Decryption

And this is my encryption and decryption code.

String strDataToEncrypt = new String();
String strCipherText = new String();
String strDecryptedText = new String();

try {
    KeyGenerator keyGen = KeyGenerator.getInstance("AES");
    keyGen.init(128);
    SecretKey secretKey = keyGen.generateKey();

    final int AES_KEYLENGTH = 128;  
    byte[] iv = new byte[AES_KEYLENGTH / 8];    
    SecureRandom prng = new SecureRandom();
    prng.nextBytes(iv);

    Cipher aesCipherForEncryption = Cipher.getInstance("AES/CBC/PKCS7PADDING");

    aesCipherForEncryption.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv));

    strDataToEncrypt = "Hello World of Encryption using AES ";
    byte[] byteDataToEncrypt = strDataToEncrypt.getBytes();
    byte[] byteCipherText = aesCipherForEncryption.doFinal(byteDataToEncrypt);

    strCipherText = new BASE64Encoder().encode(byteCipherText);
    System.out.println("Cipher Text generated using AES is " + strCipherText);


    Cipher aesCipherForDecryption = Cipher.getInstance("AES/CBC/PKCS7PADDING"); 

    aesCipherForDecryption.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
    byte[] byteDecryptedText = aesCipherForDecryption.doFinal(byteCipherText);
    strDecryptedText = new String(byteDecryptedText);

    System.out.println(" Decrypted Text message is " + strDecryptedText);

} catch (NoSuchAlgorithmException noSuchAlgo) {
    System.out.println(" No Such Algorithm exists " + noSuchAlgo);
} catch (NoSuchPaddingException noSuchPad) {
    System.out.println(" No Such Padding exists " + noSuchPad);
} catch (InvalidKeyException invalidKey) {
    System.out.println(" Invalid Key " + invalidKey);
} catch (BadPaddingException badPadding) {
    System.out.println(" Bad Padding " + badPadding);
} catch (IllegalBlockSizeException illegalBlockSize) {
    System.out.println(" Illegal Block Size " + illegalBlockSize);
} catch (InvalidAlgorithmParameterException invalidParam) {
    System.out.println(" Invalid Parameter " + invalidParam);
}

Is this have a correct flow of security ? Because this is not working with PKCS7. But this is working with PKCS5.

Terance Wijesuriya
  • 1,928
  • 9
  • 31
  • 61
  • 2
    What do you mean by "correct flow of security"? – Chiff Shinz Sep 14 '16 at 08:28
  • 4
    [What is the difference between PKCS#5 padding and PKCS#7 padding](http://crypto.stackexchange.com/questions/9043/what-is-the-difference-between-pkcs5-padding-and-pkcs7-padding)? – Maarten Bodewes Sep 14 '16 at 11:14
  • Please indicate if you have any other *specific* questions other than the one about padding. Please do not use `getBytes` without a `StandardEncodings` and try and correctly [handle the crypto related exceptions](http://stackoverflow.com/a/15712409/589259) – Maarten Bodewes Sep 14 '16 at 12:02
  • 1
    **WARNING: I strongly urge you *not* to use the OWASP resources for Java cryptographic examples until I've reviewed / replaced them.** Because they're shit, basically. – Maarten Bodewes Sep 14 '16 at 16:20
  • 1
    When we talk about authentication for symmetric encryption we mean some kind of MAC. HMAC is really popular and there are [different ways of applying it](http://crypto.stackexchange.com/q/202/13022). There are even modes of operation other than CBC and ECB that provide authentication by themselves like GCM, EAX, OCB, SIV, ... Your code doesn't do any authentication. – Artjom B. Sep 14 '16 at 18:26
  • @MaartenBodewes : Can I use `Bounty Castle` then? Can you advice exactly which one I should use? – Terance Wijesuriya Sep 15 '16 at 05:26

0 Answers0