File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes AES-256 implementation in GAE Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "AES-256 implementation in GAE" Watch "AES-256 implementation in GAE" New topic
Author

AES-256 implementation in GAE

Abhijeet Sinha
Greenhorn

Joined: Sep 15, 2011
Posts: 10
AES 256 but it doesnt seems to be working in GAE.I have download the "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" and local_policy.jar,US_export_policy.jar are present in C:\Program Files\Java\jdk1.6.0_29\jre\lib\security location.
here is the code:
import java.security.spec.KeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.*;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;


public class AESEncrypter {

private static final byte[] SALT = {
(byte) 0xA9, (byte) 0x9B, (byte) 0xC8, (byte) 0x32,
(byte) 0x56, (byte) 0x35, (byte) 0xE3, (byte) 0x03
};
private static final int ITERATION_COUNT = 65536;
private static final int KEY_LENGTH = 256;
private Cipher ecipher;
private Cipher dcipher;

AESEncrypter(String passPhrase) throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(passPhrase.toCharArray(), SALT, ITERATION_COUNT, KEY_LENGTH);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
ecipher.init(Cipher.ENCRYPT_MODE, secret);

dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
byte[] iv = ecipher.getParameters().getParameterSpec(IvParameterSpec.class).getIV();
dcipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));
}

public String encrypt(String encrypt) throws Exception {
byte[] bytes = encrypt.getBytes("UTF8");
byte[] encrypted = encrypt(bytes);
return new Base64().encodeBase64String(encrypted);
}

public byte[] encrypt(byte[] plain) throws Exception {
return ecipher.doFinal(plain);
}

public String decrypt(String encrypt) throws Exception {
byte[] bytes = new Base64().decodeBase64(encrypt);
byte[] decrypted = decrypt(bytes);
return new String(decrypted, "UTF8");
}

public byte[] decrypt(byte[] encrypt) throws Exception {
return dcipher.doFinal(encrypt);
}

public static void main(String[] args) throws Exception {

String message = "MESSAGE";
String password = "PASSWORD";

AESEncrypter encrypter = new AESEncrypter(password);
String encrypted = encrypter.encrypt(message);
String decrypted = encrypter.decrypt(encrypted);

System.out.println("Encrypt(\"" + message + "\", \"" + password + "\") = \"" + encrypted + "\"");
System.out.println("Decrypt(\"" + encrypted + "\", \"" + password + "\") = \"" + decrypted + "\"");
}
}

Please help!!
Thanks in advance
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41057
    
  43
What does "it doesnt seems to be working" mean? What happens if you run the code?


Ping & DNS - my free Android networking tools app
Richard Tookey
Ranch Hand

Joined: Aug 27, 2012
Posts: 1035
    
  10

That code works in JDK1.7.0_07 and 1.6.0_31 so the problem has to be in GAE. Are you sure you are installing the Unlimited Strength file properly in the GAE?

You should note that the IV used will almost certainly be different (1 in 256^16 chance of being the same) every time you create an instance of AESEncrypter since it is created at random when you init() the Cipher without specifying an IV. This means that using one instance of AESEncrypter to encrypt data and a second to decrypt will not work. I suspect this is the source of your "it doesnt seems to be working" but you need to be specific as to what this means. A random IV to encrypt is a good idea but it has to be stored with the ciphertext so that it can be used in the decryption process; since it does not have to be kept secret I just add it as a prefix to the ciphertext.

I'm not keen on the iteration count being as large as 65536. It means that you will do 65536 SHA1 digests just to create the key. A more normal value for the iteration count is 1000 but even this will be expensive on CPU time.
 
Consider Paul's rocket mass heater.
 
subject: AES-256 implementation in GAE
 
Similar Threads
Triple DES decryption
already written java code for encryption and decryption
Encrypting data using my own key
How to create SecretKey for AES 128 Encryption based on user's password??
AES Encryption Service