2

I am trying to encrypt some data with AES in java.
Till now I have successfully encrypted the data with a 128 bit key.

For 256 bit encryption I need to change my policy files which is not an option for me.
I referred this SO Q/A too.
Tried BouncyCastle but it seems they don't have any provision for 256 bit keys( 1st question here ).
Had a look at JNCryptor. But don't know if its a good source or not.(BouncyCastle is approved by FIPS)

Also Reflection is not an option since it violates JAVA licence agreement.
So if someone could guide me to the relevant question or share a possible solution I'll be glad.

Community
  • 1
  • 1
YetAnotherBot
  • 1,937
  • 2
  • 25
  • 32
  • Consider rewriting your code to not use the Java Crypto provider API, and use the bouncycastle API directly, e.g. [AESEngine](http://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/crypto/engines/AESEngine.html). This will remove the check on policy files. Something along the lines of [this](http://www.programcreek.com/java-api-examples/index.php?api=org.bouncycastle.crypto.modes.CBCBlockCipher). – Henrik Aasted Sørensen Feb 22 '17 at 11:44
  • @Henrik Thanks for taking time. I'm not using Java API for crypto operations. Its just that Bouncy castle does not support 256 bit encryption without the policy files afaik [FAQ](http://www.bouncycastle.org/wiki/display/JA1/Frequently+Asked+Questions). – YetAnotherBot Feb 22 '17 at 13:40
  • 1
    That FAQ answer only refers to using BC through the Crypto provider API. Take a look at the example I provided in my previous comment, and try changing the keysize in `cipher.init` from 128 to 256. This will not be affected by the policy files. – Henrik Aasted Sørensen Feb 22 '17 at 13:43
  • Yeah. Just noticed it. Will implement and check it. Also how should I generate random 256 bit key since Java API does not let me do that. – YetAnotherBot Feb 22 '17 at 13:49
  • 1
    My best bet is to use [SecureRandom](https://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html). – Henrik Aasted Sørensen Feb 22 '17 at 13:50
  • 1
    Cool. Will try and let you know. Thank you – YetAnotherBot Feb 22 '17 at 13:54

1 Answers1

0

There is nothing wrong or insecure about a 128-bit AES key, it is not brute forcible. A 256-bit is not going to provide anymore security, a successful attack will be in another area.

The thing to make sure of is the quality of the key, use a cryptographically secure random number generator (CSPRNG) or derive the key from a really good password with PBKDF2.

Properly authenticate the encryption: encrypt and then MAC.

Use a random IV in CBC mode and do not report padding errors.

zaph
  • 111,848
  • 21
  • 189
  • 228
  • wow.. Thanks for answering. The thing is that the current industry standard of encrypting is **AES with 256 bit key**. Same is the requirement for my project. Anyways i'm using random session key every time. – YetAnotherBot Feb 22 '17 at 13:46
  • 1
    Where is that an industry standard? From [NIST Recommendation for Key Management](http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf): January 29, 2016, 4.2.2.1 *AES encrypts and decrypts data in 128-bit blocks, using 128, 192 or 256-bit keys. All three key sizes are considered adequate for Federal Government applications.* AES-128 is comprable to RSA 3072. – zaph Feb 22 '17 at 16:56
  • 1
    Note: One reason for 256-bit keys in case of quantum computers the keys will still have 256-bit security. OTOH, RSA and EC will become completely broken. Oh, quantum computers of the capabilities required may never become available, much less cost effective in our lifetimes – zaph Feb 22 '17 at 23:24
  • Yeah, so read a lot about this last night. AES-128 can be broken only when you have huge computation power(using quantum computers). Also, if any method is deviced to break AES-128, it could potentially break AES-256 too. There is a big hype in industry to have AES-256. Mostly used as a selling point(bigger means better to customers.) – YetAnotherBot Feb 23 '17 at 07:31
  • Thank you for clearing this. The product on which I'm working has requirements of using AES-256 specifically. – YetAnotherBot Feb 23 '17 at 07:34