As with most things, everything you need to know about AES in Java can be found on Google, but scattered across a number of partial code snippets. Below is a my attempt to consolidate that information into a single example application (JDK7) which takes a sentence and runs it back and forth through the encryption process. In reality, you would be best served by not using "password" as a password, avoiding sequential byte sequences as your keys and/or initialization vectors, and removing passwords from your code. :)
package chris;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyStore;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
/**
* JAVA AES EXAMPLE APPLICATION
*
* java cipher documentation:
* http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJSSEProvider
* http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl
*
* @author Chris
*/
public class Application
{
public void aes(boolean useHardcodedKey) throws Exception
{
System.out.println("---- AES EXAMPLE ----");
System.out.println("original string: " + CLEARTEXT);
System.out.println("original length: " + CLEARTEXT.length());
// SELECT ALGORITHM
String algorithm = "AES/CBC/PKCS5Padding";
// or "AES/CBC/ISO10126PADDING";
SecretKeySpec secretKey = null;
if(useHardcodedKey)
{
secretKey = new SecretKeySpec(RAW_KEY, "AES");
}
else
{
FileInputStream in = new FileInputStream(AES_KEYSTORE);
KeyStore keystore = KeyStore.getInstance("JCEKS");
keystore.load(in, PASSWORD);
Key key = keystore.getKey("mykey", PASSWORD);
secretKey = new SecretKeySpec(key.getEncoded(), "AES");
}
// INITIALIZATION VECTOR
byte[] ivBytes = new byte[]
{0x00, 0x01, 0x02, 0x03,0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
// ENCRYPT
Cipher cipherENCRYPT = Cipher.getInstance(algorithm);
cipherENCRYPT.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);
byte[] crypted = cipherENCRYPT.doFinal(CLEARTEXT.getBytes());
// DECRYPT
Cipher cipherDECRYPT = Cipher.getInstance(algorithm);
cipherDECRYPT.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);
byte[] decrypted = cipherDECRYPT.doFinal(crypted);
// VERIFY
String compare = new String(decrypted, "UTF8");
System.out.println("decrypted string: " + compare);
System.out.println("decrypted length: " + compare.length());
}
public static void main(String[] args)
{
Application app = new Application();
try
{
app.aes(true);
}
catch(Exception e)
{
e.printStackTrace();
}
}
private static final String CLEARTEXT = "Here is a proprietary sentence to protect.";
// HARD-CODED AES SECRET KEY
private static final byte[] RAW_KEY = new byte[]
{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
// KEYTOOL commands for generating an AES keystore
//
// keytool -genseckey -alias mykey -keyalg AES -keysize 128
// -storepass password -storetype JCEKS -keystore aes.jks
// keytool -list -v -keystore keystore.jks -storetype JCEKS
private static final String AES_KEYSTORE = "c:\\temp\\aes.jks";
private static final char[] PASSWORD = "password".toCharArray();
}
Thanks to codeformatter for providing the easy-to-use code formatting tool for use with blogger.
No comments:
Post a Comment