I am using a 3rd party .NET product which decrypts text with AES ( keysize = 256, block size=256, PKCS7, CBC).
My client program that encrypt the text is in java. I am using JCE (IBMJCE). I am not able to figure out how to set the AES block size to 256 in java. By default the size is 128. I am using PKCS5 padding with CBC mode.
Please advice how to set the block size to 256 in java JCE/IBMJCE for AES. Request your urgent advice.
AES does not support a block size of 256 bits, it only supports a block size of 128 bits. You specify a AES-256 by providing a Key object to the Cipher that has been initialized with a 256 bit key. You will need to install the JCE Unlimited Strength Jurisdiction Policy Files to use AES keysizes larger than 128 bits.
Nice to meet you.
Joined: Dec 23, 2009
yes, I am using AES256 with keysize=256. I have put in the unrestricted jar files in jre/lib/security.
In .NET, vendor explicitly specified blocksize=256 in his code. When I use the dotNET code to encrypt the exactly same plain text with same key and iv ( as I used in java )
the encrypted string is much longer than that in java.
Just to try out, I changed the .NET blocksize=128 ( same as java default) and I get the same results in .NET and java. (.NET is using Rjndal alogrithim.)
Therefore, I guess block size of 256 versus 128 in .NET makes the difference. Now I want to try java AES with 256 blocksize to see if the results are same.
But I am unable to find any API that I can use to set block size =256
As per Greg, java AES supports only 128. Then does it mean I'll never be able to interop between .NET ( block size = 256 )and java (block size =128) using AES ?
I am confused. Please advice
Joined: Aug 10, 2006
As per Greg, java AES supports only 128
That's not exactly what I said. AES, the algorithm, as specified by NIST, only supports a block size of 128 bits. Rijndael, upon which AES is based, does support other block sizes. The SunJCE implementation only does AES, so it only does the 128 bit block sizes. The vendor really shouldn't be using Rijndael with a 256-bit block size. If folks would just stick with standards they would get interoperability. If you must use Rijndael with a 256-bit blocksize you can find various open source implementations of Rijndael, including in the bouncycastle.org lightweight crypto library in the RijndaelEngine class.
Joined: Dec 23, 2009
thanks Greg. I'll try out the bouncycastle stuff. If you know of any other good java open source library let me know.