{"id":16635,"date":"2021-10-16T23:57:11","date_gmt":"2021-10-16T18:27:11","guid":{"rendered":"https:\/\/java2blog.com\/?p=16635"},"modified":"2021-10-17T00:12:50","modified_gmt":"2021-10-16T18:42:50","slug":"java-aes-encryption-decryption","status":"publish","type":"post","link":"https:\/\/java2blog.com\/java-aes-encryption-decryption\/","title":{"rendered":"Java AES Encryption Decryption Example"},"content":{"rendered":"<div id=\"toc_container\" class=\"toc_light_blue no_bullets\"><p class=\"toc_title\">Table of Contents<\/p><ul class=\"toc_list\"><li><a href=\"#Introduction\">Introduction<\/a><\/li><li><a href=\"#Generate_a_shared_key\">Generate a shared key<\/a><\/li><li><a href=\"#Encrypt_a_random_text\">Encrypt a random text<\/a><\/li><li><a href=\"#Decrypt_the_encrypted_text\">Decrypt the encrypted text<\/a><\/li><li><a href=\"#Conclusion\">Conclusion<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Introduction\">Introduction<\/span><\/h2>\n<p>AES stands for advanced encryption standard and is the most commonly used symmetric algorithm to encrypt sensitive data and can be used in both software and hardware.<\/p>\n<p>The AES algorithm is symmetric, meaning that it uses only one key for encryption and decryption, and due to this reason, the key must be shared between the sender and the receiver.<\/p>\n<p>The standard has three key sizes, which include <code>128<\/code>, <code>192<\/code>, and <code>256<\/code> and each of the ciphers encrypts and decrypts data in blocks of <code>128<\/code> bits.<\/p>\n<p>The key sizes perform <code>10<\/code>, <code>12<\/code>, and <code>14<\/code> rounds on the data for <code>128<\/code>, <code>192<\/code>, and <code>256<\/code> respectively, making <code>256<\/code> the stronger algorithm among them.<\/p>\n<p>By default, the java implementation of the AES algorithm uses <code>128<\/code> key size, and in this tutorial, we will implement the algorithm to encrypt and decrypt a message.<\/p>\n<h2><span id=\"Generate_a_shared_key\">Generate a shared key<\/span><\/h2>\n<p>To generate a key that will be used for both encryption and decryption of our message, we will use the <code>getInstance()<\/code> method of the <code>KeyGenerator<\/code> class in java and pass string <code>AES<\/code> to the method.<\/p>\n<p>The <code>getInstance()<\/code> method throws a <code>NoSuchAlgorithmException<\/code> if no provider supports a <code>KeyGeneratorSpi<\/code> of the specified algorithm and a <code>NullPointerException<\/code> if the algorithm provided is <code>null<\/code>.<\/p>\n<p>The <code>KeyGenerator<\/code> will create an instance of the AES algorithm that we will use to generate a key using the <code>generateKey()<\/code> method of the class.<\/p>\n<p>This class generates a symmetric secret key, and once a key has been generated, the same object can be used to create other keys.<\/p>\n<p>Use the <code>encodeToString()<\/code> method of <code>Base64.Encoder<\/code> to view the generated string of the key by logging the result to the console.<\/p>\n<pre code=\"java\">\npackage com.encryption;\n\nimport javax.crypto.KeyGenerator;\nimport javax.crypto.SecretKey;\nimport java.security.NoSuchAlgorithmException;\nimport java.util.Base64;\n\npublic class AESEncryption {\n    public static void main(String[] args) throws NoSuchAlgorithmException {\n\n        KeyGenerator keyGenerator = KeyGenerator.getInstance(\"AES\");\n        SecretKey secretKey = keyGenerator.generateKey();\n        String secretKeyString =\n        Base64.getEncoder().encodeToString(secretKey.getEncoded());\n        System.out.println(\"generated key = \"+secretKeyString);\n\n    }\n}\n\n<\/pre>\n<p>Output:<\/p>\n<div class=\"content-box-green\">\ngenerated key = JPZJ7ut162hnlpFh2Cbg2w==\n<\/div>\n<section class=\"read-more-posts\">\n<div class=\"rm-header\">\n<h2>Further reading:<\/h2>\n<\/div>\n<div class=\"rm-wrap\">\n<div class=\"rm-item\">\n<h5><a href=\"https:\/\/java2blog.com\/rsa-encryption-and-decryption-java\/\" target=\"_blank\" rel=\"noopener\">RSA encryption and decryption in java<\/a><\/h5>\n<div class=\"ex\">\n            <a href=\"https:\/\/java2blog.com\/rsa-encryption-and-decryption-java\/\" target=\"_blank\" rel=\"noopener\">Read more \u2192<\/a>\n        <\/div>\n<\/div>\n<div class=\"rm-item\">\n<h5><a href=\"https:\/\/java2blog.com\/java-aes-256-encryption-decryption\/\" target=\"_blank\" rel=\"noopener\">Java AES 256 encryption decryption example<\/a><\/h5>\n<div class=\"ex\">\n            <a href=\"https:\/\/java2blog.com\/java-aes-256-encryption-decryption\/\" target=\"_blank\" rel=\"noopener\">Read more \u2192<\/a>\n        <\/div>\n<\/p><\/div>\n<\/div>\n<\/section>\n<h2><span id=\"Encrypt_a_random_text\">Encrypt a random text<\/span><\/h2>\n<p>To encrypt the message, create a <code>Cipher<\/code> object and use the <code>getInstance()<\/code> with parameter <code>AES\/CBC\/PKCS5Padding<\/code> as the transformation to create an instance of the algorithm.<\/p>\n<p>The transformation has a mode and padding, and in our case, we will use <code>CBC<\/code> mode, which stands for cipher block chaining, and <code>PKCS5Padding<\/code> as the padding.<\/p>\n<p>The default mode is <code>ECB<\/code>, but since it does not support multiple blocks of data, we will use <code>CBC<\/code>, which is a mode of operation for a block cipher.<\/p>\n<p>The cipher block chaining mode uses an initialization vector, also known as <code>IV<\/code>, which is an input to the cryptographic algorithm used to provide the initial state and requires to be unique.<\/p>\n<p>The padding is introduced to the algorithm so that if the string to be encrypted is not an exact multiple of the block size, then padding is done before encrypting by adding a padding string.<\/p>\n<p>Since we will provide an initialization vector to the <code>init()<\/code> method of the <code>Cipher<\/code> create  <code>IvParameterSpec<\/code> class and pass the key bytes to its constructor, which be used as the initialization vector.<\/p>\n<p>Call the <code>init()<\/code> method and pass <code>Cipher.ENCRYPT_MODE<\/code>, <code>SecretKey<\/code> and finally the <code>IvParameterSpec<\/code> object created.<\/p>\n<p>Create a random text and call the <code>doFinal()<\/code> method of the <code>Cipher<\/code> and pass the message bytes to the method to perform encryption.<\/p>\n<p>The <code>doFinal()<\/code> method returns an array of bytes containing the encrypted message, and we can convert the bytes to string using the <code>encodeToString()<\/code> method and log its content to the console to verify that the encryption was successful.<\/p>\n<pre code=\"java\">\npackage com.encryption;\n\nimport javax.crypto.*;\nimport javax.crypto.spec.IvParameterSpec;\nimport java.security.InvalidAlgorithmParameterException;\nimport java.security.InvalidKeyException;\nimport java.security.NoSuchAlgorithmException;\nimport java.util.Base64;\n\npublic class AESEncryption {\n    public static void main(String[] args) throws \n            NoSuchAlgorithmException, NoSuchPaddingException, \n            InvalidKeyException, IllegalBlockSizeException, \n            BadPaddingException, InvalidAlgorithmParameterException {\n\n        KeyGenerator keyGenerator = KeyGenerator.getInstance(\"AES\");\n        SecretKey secretKey = keyGenerator.generateKey();\n        String secretKeyString =\n        Base64.getEncoder().encodeToString(secretKey.getEncoded());\n        System.out.println(\"generated key = \"+secretKeyString);\n\n        \/\/Encrypt Hello world message\n        Cipher encryptionCipher = Cipher.getInstance(\"AES\/CBC\/PKCS5Padding\");\n        byte[] InitVectorBytes = keyGenerator.generateKey().getEncoded();\n        IvParameterSpec parameterSpec = new IvParameterSpec(InitVectorBytes);\n        encryptionCipher.init(Cipher.ENCRYPT_MODE,secretKey,parameterSpec);\n        String message = \"Hello world\";\n        byte[] encryptedMessageBytes =\n        encryptionCipher.doFinal(message.getBytes());\n        String encryptedMessage =\n        Base64.getEncoder().encodeToString(encryptedMessageBytes);\n        System.out.println(\"Encrypted message = \"+encryptedMessage);\n\n    }\n}\n\n<\/pre>\n<p>Output:<\/p>\n<div class=\"content-box-green\">\ngenerated key = hSJcGUPIj4T4DbncAjes5w==<\/p>\n<p>Encrypted message = \/PLOtvd+J\/7KLGOdPaVZtg==\n<\/p><\/div>\n<h2><span id=\"Decrypt_the_encrypted_text\">Decrypt the encrypted text<\/span><\/h2>\n<p>Since we already have an initialization vector and a secret key, we need to create a new <code>Cipher<\/code> object as we did previously and use the <code>AES\/CBC\/PKCS5Padding<\/code> transformation in the <code>getInstance()<\/code> method.<\/p>\n<p>The only parameter of the <code>init()<\/code> method that changes is the mode as we are performing a decryption operation, and we need to pass <code>Cipher.DECRYPT_MODE<\/code> as the first parameter of the method.<\/p>\n<p>Convert the bytes returned by the <code>doFinal()<\/code> method to a string by passing the returned result to the <code>String()<\/code> constructor and log to the console to verify that the decrypted message was our original message.<\/p>\n<pre code=\"java\">\npackage org.arpit.java2blog;\n\nimport javax.crypto.*;\nimport javax.crypto.spec.IvParameterSpec;\nimport java.security.InvalidAlgorithmParameterException;\nimport java.security.InvalidKeyException;\nimport java.security.NoSuchAlgorithmException;\nimport java.util.Base64;\n\npublic class AESEncryption {\n    public static void main(String[] args) throws \n            NoSuchAlgorithmException, NoSuchPaddingException, \n            InvalidKeyException, IllegalBlockSizeException, \n            BadPaddingException, InvalidAlgorithmParameterException {\n\n        KeyGenerator keyGenerator = KeyGenerator.getInstance(\"AES\");\n        SecretKey secretKey = keyGenerator.generateKey();\n        String secretKeyString =\n        Base64.getEncoder().encodeToString(secretKey.getEncoded());\n        System.out.println(\"generated key = \"+secretKeyString);\n\n        \/\/Encrypt Hello world message\n        Cipher encryptionCipher = Cipher.getInstance(\"AES\/CBC\/PKCS5Padding\");\n        byte[] InitVectorBytes = keyGenerator.generateKey().getEncoded();\n        IvParameterSpec parameterSpec = new IvParameterSpec(InitVectorBytes);\n        encryptionCipher.init(Cipher.ENCRYPT_MODE,secretKey,parameterSpec);\n        String message = \"Hello world\";\n        byte[] encryptedMessageBytes =\n        encryptionCipher.doFinal(message.getBytes());\n        String encryptedMessage =\n        Base64.getEncoder().encodeToString(encryptedMessageBytes);\n        System.out.println(\"Encrypted message = \"+encryptedMessage);\n\n        \/\/Decrypt the encrypted message\n        Cipher decryptionCipher = Cipher.getInstance(\"AES\/CBC\/PKCS5Padding\");\n        decryptionCipher.init(Cipher.DECRYPT_MODE,secretKey,parameterSpec);\n        byte[] decryptedMessageBytes =\n        decryptionCipher.doFinal(encryptedMessageBytes);\n        String decryptedMessage = new String(decryptedMessageBytes);\n        System.out.println(\"decrypted message =\"+decryptedMessage);\n\n    }\n}\n\n<\/pre>\n<p>Output:<\/p>\n<div class=\"content-box-green\">\ngenerated key = hSJcGUPIj4T4DbncAjes5w==<\/p>\n<p>Encrypted message = \/PLOtvd+J\/7KLGOdPaVZtg==<\/p>\n<p>decrypted message =Hello world\n<\/p><\/div>\n<h2><span id=\"Conclusion\">Conclusion<\/span><\/h2>\n<p>In this tutorial, you have learned how to encrypt and decrypt a random text using the symmetric AES algorithm with a single key generated using the <code>KeyGenerator<\/code> class in java. You have also learned how to provide an initialization vector for the <code>CBC<\/code> mode of the transformation by using the <code>IvParameterSpec<\/code> provided by the Java API. In the next tutorial, you will learn how to encrypt and decrypt a message using <code>AES 256<\/code>, which is more resistant to attacks compared to <code>AES 128<\/code> and <code>AES 192<\/code>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Table of ContentsIntroductionGenerate a shared keyEncrypt a random textDecrypt the encrypted textConclusion Introduction AES stands for advanced encryption standard and is the most commonly used symmetric algorithm to encrypt sensitive data and can be used in both software and hardware. The AES algorithm is symmetric, meaning that it uses only one key for encryption and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_mi_skip_tracking":false},"categories":[266],"tags":[],"_links":{"self":[{"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/posts\/16635"}],"collection":[{"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/comments?post=16635"}],"version-history":[{"count":0,"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/posts\/16635\/revisions"}],"wp:attachment":[{"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/media?parent=16635"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/categories?post=16635"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/java2blog.com\/wp-json\/wp\/v2\/tags?post=16635"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}