aspose file tools*
The moose likes Security and the fly likes How to create SecretKey for AES 128 Encryption based on user's password?? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "How to create SecretKey for AES 128 Encryption based on user Watch "How to create SecretKey for AES 128 Encryption based on user New topic
Author

How to create SecretKey for AES 128 Encryption based on user's password??

Shah Jenish
Greenhorn

Joined: Feb 19, 2009
Posts: 13
I have written a below program to encrypt a file with AES 128 algorithm. This code works fine. It does encrypt and decrypt file successfully..

Here in this code I am generating SecretKey in the main() method with the use of key generator. But can anybody please tell me how can I generate SecretKey based on user's password in the below program?

Thanks in Advance,
Jenish

import java.io.InputStream;
import java.io.OutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectInputStream;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;

import java.security.spec.AlgorithmParameterSpec;

public class AESEncrypter
{
Cipher ecipher;
Cipher dcipher;

public AESEncrypter(SecretKey key)
{
// Create an 8-byte initialization vector
byte[] iv = new byte[]
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};

AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
try
{
ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

// CBC requires an initialization vector
ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
}
catch (Exception e)
{
e.printStackTrace();
}
}

// Buffer used to transport the bytes from one stream to another
byte[] buf = new byte[1024];

public void encrypt(InputStream in, OutputStream out)
{
try
{
// Bytes written to out will be encrypted
out = new CipherOutputStream(out, ecipher);

// Read in the cleartext bytes and write to out to encrypt
int numRead = 0;
while ((numRead = in.read(buf)) >= 0)
{
out.write(buf, 0, numRead);
}
out.close();
}
catch (java.io.IOException e)
{
}
}

public void decrypt(InputStream in, OutputStream out)
{
try
{
// Bytes read from in will be decrypted
in = new CipherInputStream(in, dcipher);

// Read in the decrypted bytes and write the cleartext to out
int numRead = 0;
while ((numRead = in.read(buf)) >= 0)
{
out.write(buf, 0, numRead);
}
out.close();
}
catch (java.io.IOException e)
{
}
}

public static void main(String args[])
{
try
{
// Generate a temporary key. In practice, you would save this key.
// See also e464 Encrypting with DES Using a Pass Phrase.

KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
SecretKey key = kgen.generateKey();

// Create encrypter/decrypter class
AESEncrypter encrypter = new AESEncrypter(key);

// Encrypt
encrypter.encrypt(new FileInputStream("E:\\keeper.txt"),new FileOutputStream("E:\\Encrypted.txt"));
// Decrypt
encrypter.decrypt(new FileInputStream("E:\\keeper.txt"),new FileOutputStream("E:\\Decrypted.txt"));
}
catch (Exception e)
{
e.printStackTrace();
}
}
}
Carey Evans
Ranch Hand

Joined: May 27, 2008
Posts: 225

You can use the PBKDF2 algorithm to generate a key from a password; see this answer from a while ago.

Please make sure you use a different, random Initialisation Vector for each password-based key and each message, and save it with the encrypted data. Otherwise each message using the same key and starting with the same data will be encrypted the same, giving attackers a head start.
Shah Jenish
Greenhorn

Joined: Feb 19, 2009
Posts: 13
Hi,

Thanks for your reply.

I have tried copy pasting the code from the thread you mentioned but I got the exception on line
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

java.security.NoSuchAlgorithmException: Algorithm PBKDF2WithHmacSHA1 not available
at javax.crypto.SunJCE_b.a(DashoA12275)
at javax.crypto.SecretKeyFactory.getInstance(DashoA12275)
at ftpserver.AESEncrypter.main(AESEncrypter.java:107)

Can you please tell me what is wrong with my code?

Thanks in Advance,
Jenish
Henry Wong
author
Sheriff

Joined: Sep 28, 2004
Posts: 18138
    
  39

Can you please tell me what is wrong with my code?


What version of Java are you using? I believe that algorithm was added with Java 6.

Henry


Books: Java Threads, 3rd Edition, Jini in a Nutshell, and Java Gems (contributor)
Salman Ahmed
Greenhorn

Joined: Mar 18, 2008
Posts: 27
Carey's code snippet from the other thread works just fine for me using the Sun JDK 1.5 and Sun's own built-in JCE provider.
Carey Evans
Ranch Hand

Joined: May 27, 2008
Posts: 225

That's the stack trace I get from J2RE 1.4.2. Even if for some reason you can't move to a supported version of Java, it's still a good algorithm, and you should be able to find a compatible version somewhere.
Shah Jenish
Greenhorn

Joined: Feb 19, 2009
Posts: 13
Hey it worked fine I just changed my JRE version..

Thanks a lot for this wonderful program Carey..
lily ch
Greenhorn

Joined: May 13, 2008
Posts: 2
Hi, I'm new to encryption. Was wondering how can I store the key or print out the value of the key? Thanks!
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4639
    
    5

lily ch wrote:Hi, I'm new to encryption. Was wondering how can I store the key or print out the value of the key? Thanks!

encryption keys are binary. They don't print well. You can store them in a file by just writing out the binary bytes, but you can't read or print the binary.

Most folks wrap the binary in a text-based encoding, usually base64 or mime.
Nishanth Thomas
Greenhorn

Joined: Sep 08, 2011
Posts: 7
Encryption using AES with key password


http://www.coderanch.com/t/581824/java/java/Decrypt-AES-password

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to create SecretKey for AES 128 Encryption based on user's password??
 
Similar Threads
Encryption: Runtime Exception when run as JavaBean
Problem Urgent: Crypto using jsp - javabean
Encryption-decryption file problem
problem in encryption of ZIP files.
AES encryption from within a Tomcat web container