December 18, 2014
Hot Topics:

Unlocking the Secrets of Java Cryptography Extensions: The Basics

  • October 15, 2008
  • By David Thurmond
  • Send Email »
  • More Articles »

Here, the cipher is initialized by providing a mode switch and the key generated earlier. The cipher mode refers to the operations of encrypting or decrypting plaintext. This will be explained more in a moment.

Next, the plaintext is created and encrypted:

byte[] plaintext = "The falcon flies at midnight".getBytes();
byte[] ciphertext = desCipher.doFinal(plaintext);

The encrypted data must be a byte array rather than a String. This is because encryption is usually performed on a much larger data set, such as a file, and is repeated over and over on smaller portions of the data, called blocks. In this example, there is only one single block of data, the plaintext's bytes.

Finally, the ciphertext is created by invoking the doFinal() method of the Cipher object on the plaintext, which returns a byte array of encrypted data.

Next, the decryption process is performed:

desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
desCipher.init(Cipher.DECRYPT_MODE, desKey);
plaintext = desCipher.doFinal(ciphertext);

On the first line above, the Cipher object is re-created with the same encryption algorithm, mode, and padding scheme as before. Then, it is initialized in decryption mode by using the key created at the beginning of the program. Finally, the plaintext is regenerated by invoking doFinal() on the ciphertext. The doFinal() method returns the plaintext bytes because the Cipher object was initialized in decryption mode.

Using Third-Party Provider Cryptographic Libraries

The example above uses the Sun JCE. Using a third-party encryption library instead is almost as easy. Once you have completed the installation of the unrestricted policy files and the third-party libraries, invoking the encryption algorithms available to you requires only a few small code changes. Listing 2.1 shows SimpleEncryptProviderExample.java, which follows the same process as the earlier example, except that it uses the BouncyCastle libraries.

package com.dlt.developer.crypto;

import java.security.*;
import javax.crypto.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/**
 * @author David Thurmond:
 * A simple example of encrypting and decrypting a text
 * string using encryption from a provider library.
 */
public class SimpleEncryptProviderExample {
   public static void main(String[] args) throws Exception {
      System.out.println("Using BouncyCastle JCE API");
      // Add the BouncyCastleProvider to the system for later use...
      Security.addProvider(new BouncyCastleProvider());

      // First, create the encryption key...
      System.out.println("Generating key");
      KeyGenerator keygen = KeyGenerator.getInstance("DES", "BC");
      SecretKey desKey = keygen.generateKey();

      // Now, create the cipher object with appropriate parameters...
      System.out.println("Encrypting using Bouncy Castle DES");
      Cipher desCipher = Cipher.getInstance("DES", "BC");
      desCipher.init(Cipher.ENCRYPT_MODE, desKey);

      // Now, set up the plaintext to encrypt...
      byte[] plaintext = "The falcon flies at midnight".getBytes();
      System.out.println("The plaintext is \'" +
         new String(plaintext).toString() + "\'");

      // Now, do the encryption...
      byte[] ciphertext = desCipher.doFinal(plaintext);

      // Display the results...
      System.out.println("The ciphertext is \'" +
         new String(ciphertext).toString() + "\'");

      // Now, let's prove that the encryption worked by decrypting
      // using the same key...
      System.out.println("Decrypting the ciphertext");
      desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding", "BC");

      // Note that we now initialize the cipher in decrypt mode...
      desCipher.init(Cipher.DECRYPT_MODE, desKey);

      // Now, decrypt the ciphertext and show the results...
      plaintext = desCipher.doFinal(ciphertext);
      System.out.println("The plaintext is \'" +
         new String(plaintext).toString() + "\'");

}    // main

}    // SimpleEncryptExample

Listing 2.1: SimpleEncryptProviderExample.java

The differences between the Sun JCE example and the provider example are shown below:

Security.addProvider(new BouncyCastleProvider());
...Generate encryption/decryption key...
KeyGenerator keygen = KeyGenerator.getInstance("DES", "BC");
...Encrypt text...
Cipher desCipher = Cipher.getInstance("DES", "BC");
desCipher.init(Cipher.ENCRYPT_MODE, desKey);
...Decrypt text...
desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding", "BC");
desCipher.init(Cipher.DECRYPT_MODE, desKey);

Listing 2.2: Differences between SimpleEncryptExample.java and SimpleEncryptProviderExample.java

In line 1 above, the Bouncy Castle provider is initialized. Recall that this class corresponds to the entry configured in the java.security file set up earlier. This code tells Java how to resolve the provider name when asking for cryptography services later on.





Page 3 of 6



Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Rocket Fuel