1st attempt: 'ENCRYPT then SERIALIZE'

Hi, I am new to both, so there are probably many misunderstandings.
I have installed the Unlimited Strength files from Oracle, and also the BouncyCastle files (bcprov-ext-jdk15on-150.jar), and amended java security.
I have proven both are correctly in place:
System.out.println("max allowed: " + ecipher.getMaxAllowedKeyLength("AES")); // "max allowed: 2147483647" (previously 128)
if (Security.getProvider("BC") != null) System.out.println("Bouncy Castle provider is available"); // "Bouncy Castle provider is available"

Goal:
I have a simple class holding 3 integers and two enums that is serialization enabled including the enums.
I have a LinkedHashMap containing a large number of these that I wish to AES256 encrypt using SealedObject, then serialize.
I need to retrieve a single class object quickly and decrypt it.

Questions:
What is the sequence of events? is this correct:
1) add all the items unecrypted to the map
2) create the cipher
3) put the map into the SealedObject using the cipher
4) serialise the Map.

or do I do all of the above in a loop to each class object, then add the serialised objects to the map?
Can a LinkedHashMap hold two million items?
AES128 or 256: I cannot see a method to set the type to 256.

eg none of these objects in this code example, seem to have a property to set 128 or 256, do I have to use password & salt methods instead?
Another article suggested you create a key using SHA-256. But where do you then use the 256 bit key, as I cannot find a property to set?
key = KeyGenerator.getInstance("AES").generateKey(); // System.out.println(key.getAlgorithm()); // AES ecipher = Cipher.getInstance("AES"); dcipher = Cipher.getInstance("AES"); System.out.println("aes block size: " + ecipher.getBlockSize()); // 16 System.out.println("max allowed: " + ecipher.getMaxAllowedKeyLength("AES")); // max allowed: 2147483647 // initialize the ciphers with the given key ecipher.init(Cipher.ENCRYPT_MODE, key); dcipher.init(Cipher.DECRYPT_MODE, key);

I have spent many hours on this today and have more questions than answers!
many thanks

A List can definitely hold 2m objects, it's more of a question whether the 2m objects fit into memory. But 3 ints and 2 enums sounds fine.

AES strength: Call KeyGenerator.init(256) before generating the key. The resulting key should be 32 bytes large (8 * 32 = 256).

Thanks for the reply Ulf, I'll have another go in the morning.

Kind regards, Nigel

re: key.init(256);

Hi Ulf,

for key i have created an instance of SecretKey based on an example I found.
For SecretKey the init method is undefined (line 33). What class should I have used, can you point me to a better example?

import java.io.IOException; import java.io.Serializable; import java.security.InvalidKeyException; import java.security.Key; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.Security; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.KeyGenerator; import javax.crypto.NoSuchPaddingException; import javax.crypto.SealedObject; import javax.crypto.SecretKey; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class EncryptSealedObject { private static Cipher ecipher; private static Cipher dcipher; private static SecretKey key; public static void main(String[] args) { try { // generate SecretKey using AES algorithm key = KeyGenerator.getInstance("AES").generateKey(); // System.out.println(key.getAlgorithm()); // AES key.init(256); // ERROR: init method is undefined ecipher = Cipher.getInstance("AES"); dcipher = Cipher.getInstance("AES"); System.out.println("aes block size: " + ecipher.getBlockSize()); // 16 System.out.println("max allowed: " + ecipher.getMaxAllowedKeyLength("AES")); // max allowed: 2147483647 // initialize the ciphers with the given key ecipher.init(Cipher.ENCRYPT_MODE, key); dcipher.init(Cipher.DECRYPT_MODE, key); // create a sealed object SealedObject sealed = new SealedObject(new SecretObject("My secret message"), ecipher); // get the algorithm with the object has been sealed String algorithm = sealed.getAlgorithm(); // System.out.println("Algorithm: " + algorithm); // AES // unseal (decrypt) the object SecretObject o = (SecretObject) sealed.getObject(dcipher); System.out.println("Original Object: " + o); } catch (NoSuchAlgorithmException e) { System.out.println("No Such Algorithm:" + e.getMessage()); return; } catch (NoSuchPaddingException e) { System.out.println("No Such Padding:" + e.getMessage()); return; } catch (BadPaddingException e) { System.out.println("Bad Padding:" + e.getMessage()); return; } catch (InvalidKeyException e) { System.out.println("Invalid Key:" + e.getMessage()); return; } catch (IllegalBlockSizeException e) { System.out.println("Illegal Block:" + e.getMessage()); return; } catch (ClassNotFoundException e) { System.out.println("Class Not Found:" + e.getMessage()); return; } catch (IOException e) { System.out.println("I/O Error:" + e.getMessage()); return; } }

many thanks,

That method is in KeyGenerator. You'll need to break line 31 into two so that you have a reference to the KeyGenerator object.

Hi Ulf,

My key id was an instance of SecretKey, when I changed this to be an instance of KeyGenerator then I was able to split line 31 without errors.
However the cipher lines 15 & 16, no longer accept the key, it expects Key and not KeyGenerator.

// generate SecretKey using AES algorithm key = KeyGenerator.getInstance("AES"); key.generateKey(); // System.out.println(key.getAlgorithm()); // AES key.init(256); ecipher = Cipher.getInstance("AES"); dcipher = Cipher.getInstance("AES"); System.out.println("aes block size: " + ecipher.getBlockSize()); // 16 System.out.println("max allowed: " + ecipher.getMaxAllowedKeyLength("AES")); // max allowed: 2147483647 // initialize the ciphers with the given key ecipher.init(Cipher.ENCRYPT_MODE, key); // ERROR expects KeyGenerator dcipher.init(Cipher.DECRYPT_MODE, key); // ERROR expects KeyGenerator

not sure of the relationship from KeyGenerator back to Key to initialize the Cipher objects?

thanks again for your help

The Javadoc for KeyGenerator is your friend ! It is the generator that has the init() method and not the key.

Thanks Richard, key is an instance of KeyGenerator already, I've renamed it to be keyGen to make that clearer.

keyGen = KeyGenerator.getInstance("AES"); // System.out.println(key.getAlgorithm()); // AES keyGen.init(256); SecretKey skey = keyGen.generateKey(); // returns a String ecipher = Cipher.getInstance("AES"); dcipher = Cipher.getInstance("AES"); System.out.println("aes block size: " + ecipher.getBlockSize()); // 16 System.out.println("max allowed: " + ecipher.getMaxAllowedKeyLength("AES")); // max allowed: 2147483647 // initialize the ciphers with the given key ecipher.init(Cipher.ENCRYPT_MODE, skey); dcipher.init(Cipher.DECRYPT_MODE, skey);

the SecretKey line is new, and this is now accepted in the cipher initialisation lines (13 & 14).
It does looks more promising, not run yet.

thanks!

SecretKey skey = keyGen.generateKey(); // returns a String

If you are going to comment this line, and I don't think it needs it, then please make sure the comment is correct! It returns a SecretKey and not a String!

will do; a learning curve at the moment!
thanks for your help

Hi,
am I correct in saying the SecretKey is a system generated password in effect, so it must be stored for use in the decipher object at a later date?

keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); SecretKey skey = keyGen.generateKey(); ecipher = Cipher.getInstance("AES"); dcipher = Cipher.getInstance("AES"); ecipher.init(Cipher.ENCRYPT_MODE, skey); dcipher.init(Cipher.DECRYPT_MODE, skey);

thank you

Nigel Shrin wrote:
am I correct in saying the SecretKey is a system generated password in effect, so it must be stored for use in the decipher object at a later date?
thank you

In essence yes but passwords are normally strings but a SecretKey is most definitely not a string. You now have to find some way of securely shipping the key to the recipient of the encrypted data!

thanks Richard, much appreciated!

NPE retrieving SecretKey from sealed object

Hi,

I am having difficult tracing this error, the exact error is:

getSkey(): javax.crypto.spec.SecretKeySpec@1234a Exception in thread "main" java.lang.NullPointerException at io_streams.EncryptSealedObject.getStoreKey(EncryptSealedObject.java:151) at io_streams.EncryptSealedObject.main(EncryptSealedObject.java:45)

line 45 is a test call to the routine below from main():
public static void main(String[] args) {

EncryptSealedObject eso = new EncryptSealedObject(); eso.getStoreKey();

Method:

public SecretKey getStoreKey(){ SecretKey skUnsealed = keyGen.generateKey(); System.out.println("getSkey(): " + getSkey()); try { Cipher dciTemp = Cipher.getInstance("AES"); dciTemp.init(Cipher.DECRYPT_MODE, getSkey()); skUnsealed.equals((SecretKey)sealed2.getObject(dciTemp)); } catch (NoSuchAlgorithmException e) { System.out.println("No Such Algorithm:" + e.getMessage()); } catch (NoSuchPaddingException e) { System.out.println("No Such Padding:" + e.getMessage()); } catch (InvalidKeyException e) { System.out.println("Invalid Key:" + e.getMessage()); } catch (BadPaddingException e) { System.out.println("Bad Padding:" + e.getMessage()); } catch (IllegalBlockSizeException e) { System.out.println("Illegal Block:" + e.getMessage()); } catch (ClassNotFoundException e) { System.out.println("Class Not Found:" + e.getMessage()); } catch (IOException e) { System.out.println("I/O Error:" + e.getMessage()); } return skUnsealed; }

I am pretty sure the error is in lines 3 or 9. The reason I created an object in line 3 was to have a return variable.
The getSkey() call on line 3, is a setter, to return the static class member, and this call works in itself.

Many thanks

There is just so much about those code fragments that I don't understand.

1) I don't understand why "The getSkey() call on line 3, is a setter," . Surely it is a getter .
2) I don't understand why in line 3 of getStoreKey() you need to generate a key.
3) I don't understand "skUnsealed.equals((SecretKey)sealed2.getObject(dciTemp)); " . Since 'skUnsealed' is generated by a keyGen.generateKey() it probably returns a new random key so the chances of this new key being equal to any other key is just about zero.
4) I thought you were trying to place a collection in the sealed object and not a key.

From my point of view the main problem is that there is not enough code to allow me to see what is happening and the bit you have posted does not seem to make sense. What you need to post is an SSCCE (follow the link) that illustrates the problem.

Hi Richard

1) I don't understand why "The getSkey() call on line 3, is a setter," . Surely it is a getter .
2) I don't understand why in line 3 of getStoreKey() you need to generate a key.
3) I don't understand "skUnsealed.equals((SecretKey)sealed2.getObject(dciTemp)); " . Since 'skUnsealed' is generated by a keyGen.generateKey() it probably returns a new random key so the chances of this new key being equal to any other key is just about zero.
4) I thought you were trying to place a collection in the sealed object and not a key.

point 1 - my typo, it is a getter, apologies
point 2 - I didn't want another secret key, just a way to return the result (extracted key), looking at it again, perhaps I could have done this on line 9, at the end of the try block:
return (SecretKey)sealed2.getObject(dciTemp);
point 3 - explained by answer to point 2
point 4 - this is a test to return a saved SecretKey that is in a SealedObject and serialized so it can be reused, when I have this working, so I am working towards the collection.

I could work on a SSCCE if the above is still not clear enough.

thanks again for your help,

Nigel Shrin wrote:
I could work on a SSCCE if the above is still not clear enough.

Most definitely not clear enough for me. Since you are currently just playing with things I would have thought that at the moment your whole code would be an SSCCE.

Thanks Richard,
I'll do that, it'll be tomorrow now, I've been playing with this most of today,
Kind regards,

Hi,
I have attempted to implement KeyStore but currently get an uninitialised keystore error.
The map of objects to encrypt then serialise is created, but no attempt has been made to do this yet.
The error has occurred from trying to create a KeyStore then retrieve the SecretKey for it.

Full error from line 86:

java.security.KeyStoreException: Uninitialized keystore at java.security.KeyStore.setEntry(KeyStore.java:1324) at encryption.EncryptSealSerializeMethods.createSaveKeyStore(EncryptSealSerializeMethods.java:86) at encryption.EncryptSealSerializeMethods.main(EncryptSealSerializeMethods.java:50)

Full code:

import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.io.ObjectInputStream.GetField; import java.io.ObjectOutputStream; import java.io.Serializable; import java.security.InvalidKeyException; import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.Security; import java.security.UnrecoverableEntryException; import java.security.cert.CertificateException; import java.util.Iterator; import java.util.LinkedHashMap; import java.util.Map; import java.util.Set; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.KeyGenerator; import javax.crypto.NoSuchPaddingException; import javax.crypto.SealedObject; import javax.crypto.SecretKey; public class EncryptSealSerializeMethods { private static final String KEYSTORE_PASSWORD = "myPassword"; private static final String KEYSTORE_ALIAS = "myStore"; private KeyStore myKeyStore; private KeyStore.SecretKeyEntry secretKeyEntry; private KeyStore.ProtectionParameter protectionParameter; private KeyGenerator keyGen; private SecretKey secretKey, mySecretKey; private PrivateKey myPrivateKey; public static void main(String[] args) { EncryptSealSerializeMethods ess = new EncryptSealSerializeMethods(); ess.createMapOfData2Store(); ess.createSaveKeyStore(); // ess.getKeyFromStore(); } public void createMapOfData2Store(){ LinkedHashMap<Integer, Data2Store> lhm = new LinkedHashMap<Integer, Data2Store>(); int i = 10; Data2Store ds[] = new Data2Store[i]; for(i=1; i<10; i++){ ds[i] = new Data2Store(); ds[i].setA(100+i); ds[i].setEnum1(EnumInData2Store.YES); lhm.put(i, ds[i]); } // show_map(lhm); } public static void show_map (LinkedHashMap<Integer, Data2Store> lhm) { for (Map.Entry<Integer, Data2Store> e : lhm.entrySet()) { System.out.println(e.getKey() + "\t" + e.getValue().getA() + "\t" + e.getValue().getEnum1()); } } public void createSaveKeyStore(){ try { myKeyStore = KeyStore.getInstance("JCEKS"); // 'load' the store keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); mySecretKey = keyGen.generateKey(); protectionParameter = new KeyStore.PasswordProtection(KEYSTORE_PASSWORD.toCharArray()); // get pw secretKeyEntry = new KeyStore.SecretKeyEntry(mySecretKey); myKeyStore.setEntry(KEYSTORE_ALIAS, secretKeyEntry, protectionParameter); // ERROR HERE: java.security.KeyStoreException: Uninitialized keystore FileInputStream fis = null; try { fis = new FileInputStream("C:/Users/1. Nigel Shrin/Desktop/ks"); // if null, creates empty KeyStore myKeyStore.load(fis, KEYSTORE_PASSWORD.toCharArray()); } catch (CertificateException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { if (fis != null) { try { fis.close(); } catch (IOException e) { e.printStackTrace(); } } } } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } } public PrivateKey getKeyFromStore(){ KeyStore.PrivateKeyEntry pkEntry; try { pkEntry = (KeyStore.PrivateKeyEntry) myKeyStore.getEntry("privateKeyAlias", protectionParameter); myPrivateKey = pkEntry.getPrivateKey(); // retrieved key } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (UnrecoverableEntryException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } closeKeyStore(); System.out.println("myPrivateKey: " + myPrivateKey.toString()); return myPrivateKey; } public void closeKeyStore(){ FileOutputStream fos = null; try { fos = new java.io.FileOutputStream("C:/Users/1. Nigel Shrin/Desktop/ks"); myKeyStore.store(fos, KEYSTORE_PASSWORD.toCharArray()); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { if (fos != null) { try { fos.close(); } catch (IOException e) { e.printStackTrace(); } } } } }

object in map:

package encryption; import java.io.Serializable; public class Data2Store implements Serializable { private int a = 100; private EnumInData2Store enum1 = EnumInData2Store.YES; // getters & setters public int getA() { return a; } public void setA(int a) { this.a = a; } public EnumInData2Store getEnum1() { return enum1; } public void setEnum1(EnumInData2Store enum1) { this.enum1 = enum1; } }

thank you!

I just noticed that the alias was different on line 120, so I made it the same, but this made no difference to the error message:

line 120 (was: "privateKeyAlias") now reads:
myKeyStore.getEntry(KEYSTORE_ALIAS, protectionParameter);

thank you!

Your code is not an SSCE since it is incomplete (I can't see EnumInData2Store ). The code seams very very complicated and, since class KeyStore is very easy to use without needing either KeyStore.SecretKeyEntry or class KeyStore.ProtectionParameter , it is not obvious to me what you are doing using those internal classes.

On a general note, you seem to be trying to use the 'big bang' approach to and you should separate the concerns by keeping the map and the encryption separate. You can create an SSCCE without needing the map at all by encrypting any serializable object (a String being a good starting point).

I can see one potential problem, it may be another one of your bad comments, but
fis = new FileInputStream("C:/Users/1. Nigel Shrin/Desktop/ks"); // if null, creates empty KeyStore myKeyStore.load(fis, KEYSTORE_PASSWORD.toCharArray());
does not create an empty KeyStore. It tries to read the content of the file as a KeyStore. You create an empty KeyStore by initialising it using null as the stream and a char array as the password. You should check the Javadoc.

Thanks Richard,

here's the enum:

package encryption; import java.io.Serializable; public enum EnumInData2Store implements Serializable{ YES, NO; }

In the previous to last example I had problems trying to store the key, so I read some more and found keystore.
The current example is to a large extent based on the code from the javadoc, I use Eclipse and that forced me to put so many catch clauses in.
http://docs.oracle.com/javase/7/docs/api/java/security/KeyStore.html#getInstance(java.lang.String)

I'll try and modify it tonight to just use a string to encrypt.

Can you see where the exception is coming from?

Thanks again for your time,

Nigel Shrin wrote:
Can you see where the exception is coming from?

You have not initialised a KeyStore! The stack trace tells you exactly where the exception is coming from and therefore which KeyStore. A comment in your code indicates you know where the exception is coming from!

On a more general note you are going to run into a much bigger problem than finding where the exception is coming from. RSA is only really any good for encrypting small amounts of data since the basic algorithm limits one to a block of less than or equal to the modulus length. When one takes into account the use of PKCS1 padding (one is using that by default) one actually has 11 bytes less than that. There are ways to get round this by breaking the cleartext into blocks and encrypting each individually but then one has to make sure one knows exactly how long each block of ciphertext is (they are not guaranteed to be all the same). Some JCE implementations do this behind the scenes but last time I checked the Sun/Oracle JCE implementation did not. Also, compared to the speed of most block ciphers such as AES, RSA is very slow.

The normal approach to using RSA with large cleartext is to use a hybrid approach. In this one actually encrypts the data using a block cipher such as AES with a random ephemeral key and only encrypts the ephemeral key using RSA. Assuming AES is used for the block cipher, in essence the steps are -

1) Generate a random AES block cipher key.
2) RSA encrypt the random key.
3) Write the encrypted key to the ciphertext channel. This normally means first writing a representation of how long the encrypted random key is and then writing the bytes of encrypted random key. DataOutputStream makes this very easy.
4) Encrypt the cleartext using the random key with AES and write the associated ciphertext to the channel. CipherOutputStream is good for this.

To decrypt one first reads the RSA encrypted AES key and recovers the key. One then decrypts the AES encrypted ciphertext to generate the original cleartext.

Section 13.6 of "Practical Cryptography" by Ferguson and Schneier expands on this approach to improve it's security.

Having just spent some time looking in detail at your latest code I note that you generate a SecretKey and put it in a KeyStore as a SecretKey but then you try to extract it as a PrivateKey ! You won't like me saying this but you should sit back and decide how to break the code into more manageable and testable components/modules and then build and test them as individual components/modules. The most obvious component is a class to handle your RSA key(s) ; this can be written and tested without any reference to the rest of your code.

Now you could continue as you are trying to create this monolith but it will get increasingly difficult to build, test and debug and most people here will not be inclined to trawl though the mass of code trying to find errors that would be obvious to all, including you, if the program was modularised.

Hi Richard,
I don't mind in the slightest, and I am very grateful for the time you have taken to explain some principles of encryption to me. I read your comments yesterday evening and have ordered your recommended book. I think Java is a great language, and would very much like to improve the quality of my coding.

Although I knew the line of the error, I didn't know how to fix it! I am not familiar with many of the terms & concepts at this point; PKCS1, modulus length, padding etc. I thought I was only using AES256 and not RSA as well. I did O-level maths, but did not study maths further. So please forgive my ignorance. My next attempt may not be until next weekend - the book should have arrived by then.

Thank you for taking the time & effort to further my understanding.

Nigel Shrin wrote:I read your comments yesterday evening and have ordered your recommended book.

I did not mean you to go out an buy the book! The authors of the book are generally recognised as experts in modern cryptography and the book is a very good book (sits right in front of me on my bookshelf) and well worth buying if you intend to continue working with cryptography. I was just quoting it as an authority on an approach to RSA encryption of data longer than the RSA modulus. I'm not sure it will help you with this project as it is not a tutorial on encryption and assumes some significant background knowledge.

I think Java is a great language, and would very much like to improve the quality of my coding.

Although I knew the line of the error, I didn't know how to fix it! I am not familiar with many of the terms & concepts at this point; PKCS1, modulus length, padding etc. I thought I was only using AES256 and not RSA as well. I did O-level maths, but did not study maths further. So please forgive my ignorance.

You should do some background reading before the weekend to understand the difference between symmetric block encryption such as AES and asymmetric public key encryption such as RSA. Some maths is required to understand the detail but not to just understand the concepts.