Encryption with BlowFish in Java

Question

Following code works fine for me to encrypt a string with the BlowFish encryption.

          // create a key generator based upon the Blowfish cipher
    KeyGenerator keygenerator = KeyGenerator.getInstance("Blowfish");

    // create a key
    SecretKey secretkey = keygenerator.generateKey();

    // create a cipher based upon Blowfish
    Cipher cipher = Cipher.getInstance("Blowfish");

    // initialise cipher to with secret key
    cipher.init(Cipher.ENCRYPT_MODE, secretkey);

    // get the text to encrypt
    String inputText = "MyTextToEncrypt";

    // encrypt message
    byte[] encrypted = cipher.doFinal(inputText.getBytes());

If I want to define my own secret key, how do I do that?

score 34 · Accepted Answer · answered Mar 09 '11 at 11:33

34

String Key = "Something";
byte[] KeyData = Key.getBytes();
SecretKeySpec KS = new SecretKeySpec(KeyData, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, KS);

answered Mar 09 '11 at 11:33

Erik

88,732
13
198
189

Thanks a lot for a quick answer! – StefanE Mar 09 '11 at 11:42
@Erik also have a look at my question http://stackoverflow.com/questions/38007478/encrypt-and-decrypt-string-using-chacha20 – Zar E Ahmer Jun 24 '16 at 10:19
This solution is insecure because it directly uses a String as cryptographic key. – Robert Jul 21 '16 at 07:15
10

@Robert Yes, obviously. Note however what the question is (_How to define key data_) and how the answer shows, in the simplest possible way, _how to define key data_. A dissertation on how to choose good keys has nothing to do in an answer illustrating one specific syntactical aspect of how to use a specific implementation. – Erik Jul 21 '16 at 12:25

score 1 · Answer 2 · answered Feb 10 '16 at 14:57

1

   String strkey="MY KEY";
   SecretKeySpec key = new SecretKeySpec(strkey.getBytes("UTF-8"), "Blowfish");
        Cipher cipher = Cipher.getInstance("Blowfish");
        if ( cipher == null || key == null) {
            throw new Exception("Invalid key or cypher");
        }
        cipher.init(Cipher.ENCRYPT_MODE, key);
String encryptedData =new String(cipher.doFinal(to_encrypt.getBytes("UTF-8"));

DECRYPTION:

          SecretKeySpec key = new SecretKeySpec(strkey.getBytes("UTF-8"), "Blowfish");
         Cipher cipher = Cipher.getInstance("Blowfish");
         cipher.init(Cipher.DECRYPT_MODE, key);
         byte[] decrypted = cipher.doFinal(encryptedData);
         return new String(decrypted);

answered Feb 10 '16 at 14:57

Raviteja

21
1
3

This solution is insecure because it directly uses a String as cryptographic key. – Robert Jul 21 '16 at 06:29
2

@Robert Now that you pointed out a problem, maybe explaining what to do instead might be more helpful. – TheRealChx101 Feb 17 '18 at 21:12
@TheRealChx101: The short answer is that you should use a key derivation function like PBKDF2, bcrypt, scrypt or Argon2. However which one to use in what configuration depends on multiple factors. – Robert Feb 18 '18 at 12:41

score 0 · Answer 3 · answered Mar 19 '13 at 18:11

0

Key size of Blowfish must be 32 - 448 bit. So it is necessary to make a byte array according to the bit number (4 byte for 32 bit) and vice-verse.

answered Mar 19 '13 at 18:11

Ashish Kumar Das

1

score 0 · Answer 4 · answered Aug 02 '13 at 12:18

0

Also you can try this

String key = "you_key_here";
SecretKey secret_key = new SecretKeySpec(key.getBytes(), ALGORITM);

and a little bit more here.

answered Aug 02 '13 at 12:18

dexxtr

478
1
5
8

Encryption with BlowFish in Java

4 Answers4

Linked