6

I am trying to learn and test the java 1.6 encryption/decryption API. I want to know what I am doing wrong and what I am missing in terms of knowledge.

In the code that follows below, I create two ciphers: one to encrypt and another to decrypt. When I use these ciphers, I initialize them with different SecretKey's, but I am still able to get the same value back out. Why is this?

    String algorithm = "DES";
    SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(algorithm);

    byte[] encBytes = "12345678".getBytes("UTF8");
    byte[] decBytes = "56781234".getBytes("UTF8");

    DESKeySpec keySpecEncrypt = new DESKeySpec(encBytes);
    DESKeySpec keySpecDecrypt = new DESKeySpec(decBytes);


    SecretKey keyEncrypt = keyFactory.generateSecret(keySpecEncrypt);
    SecretKey keyDecrypt = keyFactory.generateSecret(keySpecDecrypt);

    Cipher cipherEncrypt = Cipher.getInstance(algorithm);
    Cipher cipherDecrypt = Cipher.getInstance(algorithm);

    String input = "john doe";

    cipherEncrypt.init(Cipher.ENCRYPT_MODE, keyEncrypt);
    byte[] inputBytes = cipherEncrypt.doFinal(input.getBytes());
    System.out.println("inputBytes: " + new String(inputBytes));

    cipherDecrypt.init(Cipher.DECRYPT_MODE, keyDecrypt);
    byte[] outputBytes = cipherDecrypt.doFinal(inputBytes);
    System.out.println("outputBytes: " + new String(outputBytes));
Improve this question
1

3 Answers 3

Reset to default
16

Welcome to encryption! As mentioned DES is symmetric and requires the same key for encryption as decryption. That key needs to be the right number of bits for the cipher that you're using. For DES that's 56-bit. Before you go too far with that though, here are a few things you might want to consider:

  1. You should use a stronger encryption standard like AES. It's possible to break DES encryption now.
  2. If you want to use a string as the key, then you should use a strong hash function like SHA-256 against that key string. Then take as many bits from that hash output as you need for the encryption key, 128-bit is plenty sufficient for AES. Your key string should be long like you have.
  3. It'll be best to use a block cipher mode that doesn't generate the same output for the same input each time. See block cipher modes of operation for info and a visualization of why ECB mode is bad.

Here's a working example of using 128-bit AES encryption in CBC mode with PKCS #5 padding:

import java.security.MessageDigest;
import java.security.SecureRandom;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

public class EncryptDecrypt {
    public static void main(String[] args) throws Exception {
        // here are your inputs
        String keyString = "averylongtext!@$@#$#@$#*&(*&}{23432432432dsfsdf";
        String input = "john doe";

        // setup AES cipher in CBC mode with PKCS #5 padding
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

        // setup an IV (initialization vector) that should be
        // randomly generated for each input that's encrypted
        byte[] iv = new byte[cipher.getBlockSize()];
        new SecureRandom().nextBytes(iv);
        IvParameterSpec ivSpec = new IvParameterSpec(iv);

        // hash keyString with SHA-256 and crop the output to 128-bit for key
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        digest.update(keyString.getBytes());
        byte[] key = new byte[16];
        System.arraycopy(digest.digest(), 0, key, 0, key.length);
        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");

        // encrypt
        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
        byte[] encrypted = cipher.doFinal(input.getBytes("UTF-8"));
        System.out.println("encrypted: " + new String(encrypted));

        // include the IV with the encrypted bytes for transport, you'll
        // need the same IV when decrypting (it's safe to send unencrypted)

        // decrypt
        cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
        byte[] decrypted = cipher.doFinal(encrypted);
        System.out.println("decrypted: " + new String(decrypted, "UTF-8"));
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

@WhiteFang34 what's the approach or general strategy to store my keyString? if someone has that, and decompiles my jar/class files (assuming it is not obfuscated, and even if it is), then they can decrypt my strings, right?
If you distribute the private key of symmetric encryption in any form, there's no amount of obfuscation or manipulation you can to securely hide it. That's security by obscurity and someone would be able to extract the key. It sounds like what you probably need is asymmetric encryption like RSA or DSA. With these you have a public key and a private key that you generate with a program designed to do so securely. You can give out the public key, so it'd be safe to include in a jar that you distribute. Only your private key would be able to decrypt any input encrypted with that public key.
@WhiteFang34 i want to make your code more modular, and by that i want to modify it and make two methods, decrypt(String input) and encrypt(String input). the encrypt method would be a copy/paste of what you have already provided. however, how do i modify it so the decrypt method would work? as it is the IV bytes are always randomized and i get failure on decrypting.
Regarding the IV you should just send it with the encrypted bytes. It depends on how you're transporting them, but you can send it separately or just immediately ahead of the encrypted bytes. The other end just has to deal with it in the same way, then pass that same IV to the decryption. Note that if you're sending these to a web server then you need to be careful about encoding them for transport with something like Base64 encoding, or using a multipart POST to send the binary as it is.
If you're making web requests to a server from a desktop GUI you should just consider using HTTPS. It uses asymmetric encryption already and deals with all of the details for you. Otherwise for asymmetric encryption (RSA or DSA) you'll have to deal with embedding the public key in your desktop GUI and then use the private key on the server side to decrypt it. If you were to stick with symmetric encryption (AES) you don't have a safe option to deploy the private key in the desktop GUI, unless perhaps you just trust those end users and distribute it to them in a secure way.
|
5

Here's the description from JDK doc:

DESKeySpec
public DESKeySpec(byte[] key)
           throws InvalidKeyException
Creates a DESKeySpec object using the first 8 bytes in key as the key material for the DES key. 
The bytes that constitute the DES key are those between key[0] and key[7] inclusive.

DESKeySpec uses only the first 8 bytes of byte[] as key. Thus the actual keys in used are identical in your example.

Improve this answer

5 Comments

thanks. when i change the first 8 bytes, i get a javax.crypto.BadPaddingException. i take it that this means the decryption failed? this is my first go round with encryption/decryption, i need to know if this exception signals failure to decrypt and not something else.
@user373312: Can you show how the first 8 bytes were changed? Thanks.
ok i think i am still missing something. i tried to change the bytes by changing the string literal value. i tried the following: byte[] encBytes = "12345678".getBytes("UTF8"); byte[] decBytes = "56781234".getBytes("UTF8"); and i get a BaddPaddingException i tried the following, and even though the bytes are different, i get a successful decrypt. byte[] encBytes = "12345678".getBytes("UTF8"); byte[] decBytes = "12345679".getBytes("UTF8");
(btw, i have no idea how to format my comment, but i've edited the code above to reflect what i'm trying to illustrate).
@user373312: It may be the designer's decision that throwing an exception when using a different key in this case. JDK doc indicates BaddPaddingException is thrown on purpose. However, its decription might seem to be too detailed...
0

Here's a working example of using 56-bit DES encryption.

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

public class CipherHelper {

    // Algorithm used
    private final static String ALGORITHM = "DES";

    /**
     * Encrypt data
     * @param secretKey -   a secret key used for encryption
     * @param data      -   data to encrypt
     * @return  Encrypted data
     * @throws Exception
     */
    public static String cipher(String secretKey, String data) throws Exception {
        // Key has to be of length 8
        if (secretKey == null || secretKey.length() != 8)
            throw new Exception("Invalid key length - 8 bytes key needed!");

        SecretKey key = new SecretKeySpec(secretKey.getBytes(), ALGORITHM);
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, key);

        return toHex(cipher.doFinal(data.getBytes()));
    }

    /**
     * Decrypt data
     * @param secretKey -   a secret key used for decryption
     * @param data      -   data to decrypt
     * @return  Decrypted data
     * @throws Exception
     */
    public static String decipher(String secretKey, String data) throws Exception {
        // Key has to be of length 8
        if (secretKey == null || secretKey.length() != 8)
            throw new Exception("Invalid key length - 8 bytes key needed!");

        SecretKey key = new SecretKeySpec(secretKey.getBytes(), ALGORITHM);
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, key);

        return new String(cipher.doFinal(toByte(data)));
    }

    // Helper methods

    private static byte[] toByte(String hexString) {
        int len = hexString.length()/2;

        byte[] result = new byte[len];

        for (int i = 0; i < len; i++)
            result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue();
        return result;
    }

    public static String toHex(byte[] stringBytes) {
        StringBuffer result = new StringBuffer(2*stringBytes.length);

        for (int i = 0; i < stringBytes.length; i++) {
            result.append(HEX.charAt((stringBytes[i]>>4)&0x0f)).append(HEX.charAt(stringBytes[i]&0x0f));
        }

        return result.toString();
    }

    private final static String HEX = "0123456789ABCDEF";

    // Helper methods - end

    /**
     * Quick test
     * @param args
     */
    public static void main(String[] args) {
        try {

            String secretKey    = "01234567";
            String data="test";
            String encryptedData = cipher(secretKey, data);

            System.out.println("encryptedData: " + encryptedData);

            String decryptedData = decipher(secretKey, encryptedData);

            System.out.println("decryptedData: " + decryptedData);

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
Improve this answer

1 Comment

This is DES, not 128-bit AES, as the description states.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.