Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to create SecretKey for AES 128 Encryption based on user's password??

 
Shah Jenish
Greenhorn
Posts: 13
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have written a below program to encrypt a file with AES 128 algorithm. This code works fine. It does encrypt and decrypt file successfully..

Here in this code I am generating SecretKey in the main() method with the use of key generator. But can anybody please tell me how can I generate SecretKey based on user's password in the below program?

Thanks in Advance,
Jenish

import java.io.InputStream;
import java.io.OutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectInputStream;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;

import java.security.spec.AlgorithmParameterSpec;

public class AESEncrypter
{
Cipher ecipher;
Cipher dcipher;

public AESEncrypter(SecretKey key)
{
// Create an 8-byte initialization vector
byte[] iv = new byte[]
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};

AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
try
{
ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

// CBC requires an initialization vector
ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
}
catch (Exception e)
{
e.printStackTrace();
}
}

// Buffer used to transport the bytes from one stream to another
byte[] buf = new byte[1024];

public void encrypt(InputStream in, OutputStream out)
{
try
{
// Bytes written to out will be encrypted
out = new CipherOutputStream(out, ecipher);

// Read in the cleartext bytes and write to out to encrypt
int numRead = 0;
while ((numRead = in.read(buf)) >= 0)
{
out.write(buf, 0, numRead);
}
out.close();
}
catch (java.io.IOException e)
{
}
}

public void decrypt(InputStream in, OutputStream out)
{
try
{
// Bytes read from in will be decrypted
in = new CipherInputStream(in, dcipher);

// Read in the decrypted bytes and write the cleartext to out
int numRead = 0;
while ((numRead = in.read(buf)) >= 0)
{
out.write(buf, 0, numRead);
}
out.close();
}
catch (java.io.IOException e)
{
}
}

public static void main(String args[])
{
try
{
// Generate a temporary key. In practice, you would save this key.
// See also e464 Encrypting with DES Using a Pass Phrase.

KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
SecretKey key = kgen.generateKey();

// Create encrypter/decrypter class
AESEncrypter encrypter = new AESEncrypter(key);

// Encrypt
encrypter.encrypt(new FileInputStream("E:\\keeper.txt"),new FileOutputStream("E:\\Encrypted.txt"));
// Decrypt
encrypter.decrypt(new FileInputStream("E:\\keeper.txt"),new FileOutputStream("E:\\Decrypted.txt"));
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
 
Carey Evans
Ranch Hand
Posts: 225
Debian Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can use the PBKDF2 algorithm to generate a key from a password; see this answer from a while ago.

Please make sure you use a different, random Initialisation Vector for each password-based key and each message, and save it with the encrypted data. Otherwise each message using the same key and starting with the same data will be encrypted the same, giving attackers a head start.
 
Shah Jenish
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Thanks for your reply.

I have tried copy pasting the code from the thread you mentioned but I got the exception on line
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

java.security.NoSuchAlgorithmException: Algorithm PBKDF2WithHmacSHA1 not available
at javax.crypto.SunJCE_b.a(DashoA12275)
at javax.crypto.SecretKeyFactory.getInstance(DashoA12275)
at ftpserver.AESEncrypter.main(AESEncrypter.java:107)

Can you please tell me what is wrong with my code?

Thanks in Advance,
Jenish
 
Henry Wong
author
Marshal
Pie
Posts: 20902
76
C++ Chrome Eclipse IDE Firefox Browser Java jQuery Linux VI Editor Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can you please tell me what is wrong with my code?


What version of Java are you using? I believe that algorithm was added with Java 6.

Henry
 
Salman Ahmed
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Carey's code snippet from the other thread works just fine for me using the Sun JDK 1.5 and Sun's own built-in JCE provider.
 
Carey Evans
Ranch Hand
Posts: 225
Debian Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's the stack trace I get from J2RE 1.4.2. Even if for some reason you can't move to a supported version of Java, it's still a good algorithm, and you should be able to find a compatible version somewhere.
 
Shah Jenish
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey it worked fine I just changed my JRE version..

Thanks a lot for this wonderful program Carey..
 
lily ch
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, I'm new to encryption. Was wondering how can I store the key or print out the value of the key? Thanks!
 
Pat Farrell
Rancher
Posts: 4678
7
Linux Mac OS X VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
lily ch wrote:Hi, I'm new to encryption. Was wondering how can I store the key or print out the value of the key? Thanks!

encryption keys are binary. They don't print well. You can store them in a file by just writing out the binary bytes, but you can't read or print the binary.

Most folks wrap the binary in a text-based encoding, usually base64 or mime.
 
Nishanth Thomas
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Encryption using AES with key password


http://www.coderanch.com/t/581824/java/java/Decrypt-AES-password

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic