This week's book giveaway is in the Clojure forum.
We're giving away four copies of Clojure in Action and have Amit Rathore and Francis Avila on-line!
See this thread for details.
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

AES-256 implementation in GAE

Abhijeet Sinha
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
AES 256 but it doesnt seems to be working in GAE.I have download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" and local_policy.jar,US_export_policy.jar are present in C:\Program Files\Java\jdk1.6.0_29\jre\lib\security location.
here is the code:
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.*;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

public class AESEncrypter {

private static final byte[] SALT = {
(byte) 0xA9, (byte) 0x9B, (byte) 0xC8, (byte) 0x32,
(byte) 0x56, (byte) 0x35, (byte) 0xE3, (byte) 0x03
private static final int ITERATION_COUNT = 65536;
private static final int KEY_LENGTH = 256;
private Cipher ecipher;
private Cipher dcipher;

AESEncrypter(String passPhrase) throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(passPhrase.toCharArray(), SALT, ITERATION_COUNT, KEY_LENGTH);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
ecipher.init(Cipher.ENCRYPT_MODE, secret);

dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
byte[] iv = ecipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV();
dcipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));

public String encrypt(String encrypt) throws Exception {
byte[] bytes = encrypt.getBytes("UTF8");
byte[] encrypted = encrypt(bytes);
return new Base64().encodeBase64String(encrypted);

public byte[] encrypt(byte[] plain) throws Exception {
return ecipher.doFinal(plain);

public String decrypt(String encrypt) throws Exception {
byte[] bytes = new Base64().decodeBase64(encrypt);
byte[] decrypted = decrypt(bytes);
return new String(decrypted, "UTF8");

public byte[] decrypt(byte[] encrypt) throws Exception {
return dcipher.doFinal(encrypt);

public static void main(String[] args) throws Exception {

String message = "MESSAGE";
String password = "PASSWORD";

AESEncrypter encrypter = new AESEncrypter(password);
String encrypted = encrypter.encrypt(message);
String decrypted = encrypter.decrypt(encrypted);

System.out.println("Encrypt(\"" + message + "\", \"" + password + "\") = \"" + encrypted + "\"");
System.out.println("Decrypt(\"" + encrypted + "\", \"" + password + "\") = \"" + decrypted + "\"");

Please help!!
Thanks in advance
Ulf Dittmer
Posts: 42966
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What does "it doesnt seems to be working" mean? What happens if you run the code?
Richard Tookey
Posts: 1166
Java Linux Netbeans IDE
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That code works in JDK1.7.0_07 and 1.6.0_31 so the problem has to be in GAE. Are you sure you are installing the Unlimited Strength file properly in the GAE?

You should note that the IV used will almost certainly be different (1 in 256^16 chance of being the same) every time you create an instance of AESEncrypter since it is created at random when you init() the Cipher without specifying an IV. This means that using one instance of AESEncrypter to encrypt data and a second to decrypt will not work. I suspect this is the source of your "it doesnt seems to be working" but you need to be specific as to what this means. A random IV to encrypt is a good idea but it has to be stored with the ciphertext so that it can be used in the decryption process; since it does not have to be kept secret I just add it as a prefix to the ciphertext.

I'm not keen on the iteration count being as large as 65536. It means that you will do 65536 SHA1 digests just to create the key. A more normal value for the iteration count is 1000 but even this will be expensive on CPU time.
Consider Paul's rocket mass heater.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic