How to control length of encrypted String (Cryptography - Encryption)

Question

For example, i'd like to pass in a String "abc" then output encrypted string should be of 32 byte, and when I'd like to pass "abcdef" then output should be of 32 byte also. In other words I want fix length enrypted output. I know my upper limit. Like I know my string would never go beyond 8 characters. It will be of max 8 characters or shorter than 8. It would never exceed than 8.

If anyone share code in java Cipher, then it would be great.

Well .. just pad your input prior to encryption, so it gives the expected output size .. — Ebbe M. Pedersen, Oct 17 '18 at 09:16

score 2 · Answer 1 · answered Oct 20 '18 at 19:25

It depends on the encryption algorithm, mode and block size.

For example AES uses a fixed block size of 128 bits (16 bytes), CBC and ECB modes will return a fixed length, this length would be a multiple of 128.

If you use ECB mode and your input byte array length is 10 then you must add 6 bytes of padding in order to complete the block.

There are many ways to pad the block, you can use PKCS5 or PKCS7.

In java you can use Bouncy Castle's library https://www.bouncycastle.org/ Make sure you use a secure IV and derived encryption key

In the following example padding is handled by the library

public byte[] genIV() {
    byte[] iv = new byte[16];
    new SecureRandom().nextBytes(iv);
    return iv;
}


public byte[] encrypt(byte[] plaintext, byte[] secretKey, byte[] iv) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, BadPaddingException, IllegalBlockSizeException, InvalidAlgorithmParameterException, InvalidKeyException {
    Cipher in = Cipher.getInstance("AES/ECB/PKCS5Padding", "BC");
    Key key = new SecretKeySpec(secretKey, "AES");
    in.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
    return in.doFinal(plaintext);
}


public byte[] decrypt(byte[] ciphertext, byte[] secretKey, byte[] iv) throws InvalidAlgorithmParameterException, InvalidKeyException, NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, BadPaddingException, IllegalBlockSizeException {
    Key key = new SecretKeySpec(secretKey, "AES");
    Cipher out = Cipher.getInstance("AES/ECB/PKCS5Padding", "BC");
    out.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));
    return out.doFinal(ciphertext);
}

Bear in mind that each character in a String, depending on the charset, is at least 8 bits long, in your example "abcdef" is at least 6 bytes long

@AsadRao It will work, just take into account IVLength + Plaintext length and calculate the output size. — J11, Oct 25 '18 at 22:26

kelalaka · Answer 2 · 2018-10-17T12:41:03.823

You should apply a padding scheme. Padding schemes are designed to complete the plaintext so that they can fit into the block size of a block cipher.

You asked 32 Bytes this means the for the AES two block of encryption. You didn't specify what type of security so, I will consider CTR mode of operation that will require IV to transmit.

Let XX XX XX XX XX XX XX XX represents your 8-Byte string

for example ANSI X.923 padding scheme, append 0's and at the end the length of your message. Then

XX XX XX XX XX XX XX XX 00 00 00 00 00 00 00 08

will be your plaintext. 08 is the byte lenght of your plaintext.

for example, PKCS#5 and PKCS#7 padding scheme, append the length of your message with repeated, then

XX XX XX XX XX XX XX XX 08 08 08 08 08 08 08 08

will be your plaintext.

These paddings are designed to for one block. They extend the next block if the block is already full.

Solutions;

Re-pad the padded message that you will get two blocks.
Encrypt the encrypted message in the CTR with the counter incremented.
Design a padding for yourself.

How to control length of encrypted String (Cryptography - Encryption)

2 Answers2