aspose file tools*
The moose likes Security and the fly likes Setting keys Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Setting keys" Watch "Setting keys" New topic

Setting keys

Tay Thotheolh
Ranch Hand

Joined: Aug 07, 2008
Posts: 84
Hi. I am wondering how keys are set in cryptography. For example, I have a password: 'password'. How is it being used as a key ? Does AES and other ciphers set keys differently or are there a standard way to do so ?

I was reading on how an encrypted database encrypts it's files and sets keys. Below is a quote I extracted from the website of the maker of the encrypted database. I am wondering if the procedures described is the right way.

The database files can be encrypted using two different algorithms: AES-128 and XTEA (using 32 rounds). The reasons for supporting XTEA is performance (XTEA is about twice as fast as AES) and to have an alternative algorithm if AES is suddenly broken.

When a user tries to connect to an encrypted database, the combination of file@ and the file password is hashed using SHA-256. This hash value is transmitted to the server.

When a new database file is created, a new cryptographically secure random salt value is generated. The size of the salt is 64 bits. The combination of the file password hash and the salt value is hashed 1024 times using SHA-256. The reason for the iteration is to make it harder for an attacker to calculate hash values for common passwords.

The resulting hash value is used as the key for the block cipher algorithm (AES-128 or XTEA with 32 rounds). Then, an initialization vector (IV) key is calculated by hashing the key again using SHA-256. This is to make sure the IV is unknown to the attacker. The reason for using a secret IV is to protect against watermark attacks.

Before saving a block of data (each block is 8 bytes long), the following operations are executed: first, the IV is calculated by encrypting the block number with the IV key (using the same block cipher algorithm). This IV is combined with the plain text using XOR. The resulting data is encrypted using the AES-128 or XTEA algorithm.

When decrypting, the operation is done in reverse. First, the block is decrypted using the key, and then the IV is calculated combined with the decrypted text using XOR.

Therefore, the block cipher mode of operation is CBC (cipher-block chaining), but each chain is only one block long. The advantage over the ECB (electronic codebook) mode is that patterns in the data are not revealed, and the advantage over multi block CBC is that flipped cipher text bits are not propagated to flipped plaintext bits in the next block.

Database encryption is meant for securing the database while it is not in use (stolen laptop and so on). It is not meant for cases where the attacker has access to files while the database is in use. When he has write access, he can for example replace pieces of files with pieces of older versions and manipulate data like this.

File encryption slows down the performance of the database engine. Compared to unencrypted mode, database operations take about 2.2 times longer when using XTEA, and 2.5 times longer using AES (embedded mode).

Quotation is taken from H2 database website on it's file encryption method:

Is there any good sites where I can study up on encryption and how keys are set ? I would like to improve my knowledge in the field of cryptography.
I agree. Here's the link:
subject: Setting keys
Similar Threads
Cipher Suite Interpretation
AES Encryption Service
BadPaddingException using AES
javax.crypto with sun AND ibm...
SSHTools, SFTP, Bouncy Castle, JCE, AES128 CBC and other acronyms. Help me put them together.