File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes AES-256 implementation in GAE Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Make it so: Java DB Connections & Transactions this week in the JDBC forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "AES-256 implementation in GAE" Watch "AES-256 implementation in GAE" New topic

AES-256 implementation in GAE

Abhijeet Sinha

Joined: Sep 15, 2011
Posts: 10
AES 256 but it doesnt seems to be working in GAE.I have download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" and local_policy.jar,US_export_policy.jar are present in C:\Program Files\Java\jdk1.6.0_29\jre\lib\security location.
here is the code:
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.*;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

public class AESEncrypter {

private static final byte[] SALT = {
(byte) 0xA9, (byte) 0x9B, (byte) 0xC8, (byte) 0x32,
(byte) 0x56, (byte) 0x35, (byte) 0xE3, (byte) 0x03
private static final int ITERATION_COUNT = 65536;
private static final int KEY_LENGTH = 256;
private Cipher ecipher;
private Cipher dcipher;

AESEncrypter(String passPhrase) throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(passPhrase.toCharArray(), SALT, ITERATION_COUNT, KEY_LENGTH);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
ecipher.init(Cipher.ENCRYPT_MODE, secret);

dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
byte[] iv = ecipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV();
dcipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));

public String encrypt(String encrypt) throws Exception {
byte[] bytes = encrypt.getBytes("UTF8");
byte[] encrypted = encrypt(bytes);
return new Base64().encodeBase64String(encrypted);

public byte[] encrypt(byte[] plain) throws Exception {
return ecipher.doFinal(plain);

public String decrypt(String encrypt) throws Exception {
byte[] bytes = new Base64().decodeBase64(encrypt);
byte[] decrypted = decrypt(bytes);
return new String(decrypted, "UTF8");

public byte[] decrypt(byte[] encrypt) throws Exception {
return dcipher.doFinal(encrypt);

public static void main(String[] args) throws Exception {

String message = "MESSAGE";
String password = "PASSWORD";

AESEncrypter encrypter = new AESEncrypter(password);
String encrypted = encrypter.encrypt(message);
String decrypted = encrypter.decrypt(encrypted);

System.out.println("Encrypt(\"" + message + "\", \"" + password + "\") = \"" + encrypted + "\"");
System.out.println("Decrypt(\"" + encrypted + "\", \"" + password + "\") = \"" + decrypted + "\"");

Please help!!
Thanks in advance
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42959
What does "it doesnt seems to be working" mean? What happens if you run the code?
Richard Tookey

Joined: Aug 27, 2012
Posts: 1166

That code works in JDK1.7.0_07 and 1.6.0_31 so the problem has to be in GAE. Are you sure you are installing the Unlimited Strength file properly in the GAE?

You should note that the IV used will almost certainly be different (1 in 256^16 chance of being the same) every time you create an instance of AESEncrypter since it is created at random when you init() the Cipher without specifying an IV. This means that using one instance of AESEncrypter to encrypt data and a second to decrypt will not work. I suspect this is the source of your "it doesnt seems to be working" but you need to be specific as to what this means. A random IV to encrypt is a good idea but it has to be stored with the ciphertext so that it can be used in the decryption process; since it does not have to be kept secret I just add it as a prefix to the ciphertext.

I'm not keen on the iteration count being as large as 65536. It means that you will do 65536 SHA1 digests just to create the key. A more normal value for the iteration count is 1000 but even this will be expensive on CPU time.
I agree. Here's the link:
subject: AES-256 implementation in GAE
It's not a secret anymore!