Java Generate Aes Symmetric Key

-->
  1. Java Generate Aes Symmetric Key Distribution
  2. Generate Random Aes Key
  3. Create Aes Key
  4. Java Generate Aes Symmetric Key And Code
  5. Aes Encryption Java

Creating and managing keys is an important part of the cryptographic process. Symmetric algorithms require the creation of a key and an initialization vector (IV). The key must be kept secret from anyone who should not decrypt your data. The IV does not have to be secret, but should be changed for each session. Asymmetric algorithms require the creation of a public key and a private key. The public key can be made public to anyone, while the private key must known only by the party who will decrypt the data encrypted with the public key. This section describes how to generate and manage keys for both symmetric and asymmetric algorithms.

Symmetric Keys

The symmetric encryption classes supplied by the .NET Framework require a key and a new initialization vector (IV) to encrypt and decrypt data. Whenever you create a new instance of one of the managed symmetric cryptographic classes using the parameterless constructor, a new key and IV are automatically created. Anyone that you allow to decrypt your data must possess the same key and IV and use the same algorithm. Generally, a new key and IV should be created for every session, and neither the key nor IV should be stored for use in a later session.

To communicate a symmetric key and IV to a remote party, you would usually encrypt the symmetric key by using asymmetric encryption. Sending the key across an insecure network without encrypting it is unsafe, because anyone who intercepts the key and IV can then decrypt your data. For more information about exchanging data by using encryption, see Creating a Cryptographic Scheme.

The next step is to encrypt the symmetric key in Java using the generated public key and I am stuck on this. I then generated a symmetric key in Java and encrypted a String with it and placed encrypted text in a file. So to explain what i need to do in this programme, is to create an AES key and a private and public key using RSA algorithm. I then wanna encrypt a msg with the AES key and then encrypt that AES key with the RSA public key. And in the end decrypt the message with the RSA private key. This class provides the functionality of a secret (symmetric) key generator. Key generators are constructed using one of the getInstance class methods of this class. KeyGenerator objects are reusable, i.e., after a key has been generated, the same KeyGenerator object can be re-used to generate further keys. Jul 06, 2016 Given a message, We would like to encrypt & decrypt plain/cipher text using AES CBC algorithm in java. We will perform following operations: Generate symmetric key using AES-128. In this tutorial we will learn about AES symmetric encryption decryption using Java Cryptography Extension (JCE). In the previous tutorial we saw about encryption decryption using DES symmetric key algorithm. “Data Encryption Standard (DES)” is prone to brute-force attacks. It is a old way of encrypting data.

The following example shows the creation of a new instance of the TripleDESCryptoServiceProvider class that implements the TripleDES algorithm.

When the previous code is executed, a new key and IV are generated and placed in the Key and IV properties, respectively.

Sometimes you might need to generate multiple keys. In this situation, you can create a new instance of a class that implements a symmetric algorithm and then create a new key and IV by calling the GenerateKey and GenerateIV methods. The following code example illustrates how to create new keys and IVs after a new instance of the symmetric cryptographic class has been made.

When the previous code is executed, a key and IV are generated when the new instance of TripleDESCryptoServiceProvider is made. Another key and IV are created when the GenerateKey and GenerateIV methods are called.

Asymmetric Keys

The .NET Framework provides the RSACryptoServiceProvider and DSACryptoServiceProvider classes for asymmetric encryption. These classes create a public/private key pair when you use the parameterless constructor to create a new instance. Asymmetric keys can be either stored for use in multiple sessions or generated for one session only. While the public key can be made generally available, the private key should be closely guarded.

A public/private key pair is generated whenever a new instance of an asymmetric algorithm class is created. After a new instance of the class is created, the key information can be extracted using one of two methods:

  • The ToXmlString method, which returns an XML representation of the key information.

  • The ExportParameters method, which returns an RSAParameters structure that holds the key information.

Both methods accept a Boolean value that indicates whether to return only the public key information or to return both the public-key and the private-key information. An RSACryptoServiceProvider class can be initialized to the value of an RSAParameters structure by using the ImportParameters method.

Asymmetric private keys should never be stored verbatim or in plain text on the local computer. If you need to store a private key, you should use a key container. For more on how to store a private key in a key container, see How to: Store Asymmetric Keys in a Key Container.

The following code example creates a new instance of the RSACryptoServiceProvider class, creating a public/private key pair, and saves the public key information to an RSAParameters structure.

See also

Ranch Hand
posted 4 years ago
I am about to break down and cry and therefor after almost weeks of trying to understand and solve this i now need a little push into the right direction.
So to explain what i need to do in this programme, is to create an AES key and a private and public key using RSA algorithm. I then wanna encrypt a msg with the AES key and then encrypt that AES key with the RSA public key. And in the end decrypt the message with the RSA private key.
I have only managed to encrypt the message with AES , i have also encrypted the AES key with RSA public key but i cant seem to get the decrytion to work, in other words to decrypt that message with the private key. Im not sure how to move forward, im totally stuck.
Any advice? here is the code. Im very new to cryptography
lowercase baba
posted 4 years ago

Java Generate Aes Symmetric Key Distribution

How do you know it doesn't work? What I mean is, do you get a compiler error? a run time error? Does it throw an exception? Does it run to completion, but the data it decrypted doesn't match what was encrypted?
Help us help you and TellTheDetails.

There are only two hard things in computer science: cache invalidation, naming things, and off-by-one errors

Ranch Hand
posted 4 years ago

fred rosenberger wrote:How do you know it doesn't work? What I mean is, do you get a compiler error? a run time error? Does it throw an exception? Does it run to completion, but the data it decrypted doesn't match what was encrypted?
Help us help you and TellTheDetails.


Oh im sorry, i wasnt clear. Well i get the pop up asi want from JOptionPane message dialog the message encrypted but not decrypted. So what i see is a message saying :: text encrpyted : fuhgudhgug and text decrypted : fhdhgidg
(as an example) . So it doesnt decrypt it with the private key i suspect.
Ranch Hand
posted 4 years ago

fred rosenberger wrote:How do you know it doesn't work? What I mean is, do you get a compiler error? a run time error? Does it throw an exception? Does it run to completion, but the data it decrypted doesn't match what was encrypted?
Help us help you and TellTheDetails.


No errors, beautifully smoothly compiling just not decrypting it at all and it has to be decrypted with the RSA private key so im very stuck on what im doing wrong :/
Marshal
posted 4 years ago
Too difficult for this forum: moving.
Also breaking up the excessively long line).
Ranch Hand
posted 4 years ago

Generate Random Aes Key

Campbell Ritchie wrote:Too difficult for this forum: moving.
Also breaking up the excessively long line).


Sorry, didnt know
Saloon Keeper
posted 4 years ago
You're encrypting your message using a symmetric key, and then you're never using that encrypted data again. You're only decrypting your symmetric key. You still need to decrypt your message using your decrypted key.
Ranch Hand
posted 4 years ago

Stephan van Hulst wrote:You're encrypting your message using a symmetric key, and then you're never using that encrypted data again. You're only decrypting your symmetric key. You still need to decrypt your message using your decrypted key.


so im only decrypting the AES key not the message and RSA key itself? thanks, need to take a look at it.
Saloon Keeper
posted 4 years ago
Keep in mind that both AES and RSA may use block ciphers that use an initialization vector, so when you initialize a cipher for decryption, you may need to pass it the IV used by the encrypting cipher.
Bartender
posted 4 years ago

Stephan van Hulst wrote:Keep in mind that both AES and RSA may use block ciphers that use an initialization vector, so when you initialize a cipher for decryption, you may need to pass it the IV used by the encrypting cipher.


If RSA is being used to encrypt the AES key then it should use something like PKCS1 padding since that padding introduces a random element. AES used with ECB padding is susceptible to ciphertext forgery and in order to avoid this AES should always be used with one of the feedback modes such as CBC and use a random IV. The random IV does not need to be kept secret and can be passed in the clear along with the AES ciphertext. One approach is to pre-pend the IV to the AES ciphertext. Using this approach one would ship the RSA encrypted AES key followed by the IV followed by the AES cyphertext.
Ranch Hand

Create Aes Key

posted 4 years ago

Richard Tookey wrote:

Stephan van Hulst wrote:Keep in mind that both AES and RSA may use block ciphers that use an initialization vector, so when you initialize a cipher for decryption, you may need to pass it the IV used by the encrypting cipher.


If RSA is being used to encrypt the AES key then it should use something like PKCS1 padding since that padding introduces a random element. AES used with ECB padding is susceptible to ciphertext forgery and in order to avoid this AES should always be used with one of the feedback modes such as CBC and use a random IV. The random IV does not need to be kept secret and can be passed in the clear along with the AES ciphertext. One approach is to pre-pend the IV to the AES ciphertext. Using this approach one would ship the RSA encrypted AES key followed by the IV followed by the AES cyphertext.
Java Generate Aes Symmetric Key Thanks for advice you guys... my issue is atm that i do not know where in my code to re-use the encrypted data in order to decrypt it. I just feel lost and confused. I have used the PKCS1 padding thanks to your advice and im not getting that kind of error any longer. I thought padding error had to do with the fact that i was trying to convert byte to string but maybe thats not correct? In any case right now im trying to figure out how to re-use my encrypted string 'InputText1'. Im starting to think that maybe it is complicated to decrypt a string that is not a pre-defined specific word or sentence like lets say 'Hello world', or does it matter? It worked to encrypt so should work to decrypt as well. Sorry ive been working with this for a while and i just feel dizzy lately :P

Java Generate Aes Symmetric Key And Code

Bartender
posted 4 years ago
It is not obvious from your code what you are trying to do except that it must be an assignment since in general one needs two programs; one to encrypt the cleartext to create the ciphertext and the other to decrypt the ciphertext to recover the cleartext. As an exercise one can just use one program but use two sections; one to encrypt and one to decrypt.
Preliminary -
Create the RSA public and private keys. The public key will be used in the encryption section and the private key used in the decryption.
Encryption section -
1) Create a random AES key.
2) Encrypt this AES key with the RSA public key. Write the encrypted key it to the output.
3) Create a random IV for use with AES encryption.
4) Write it to the output.
5) Encrypt your cleartext with AES using the random AES key and random IV. Write the result to the output.
Decryption section -
1) Read the encrypted AES key from the input.
2) Decrypt the encrypted AES key using the RSA private key.
3) Read the IV from the input.
4) Using the exracted AES key and extracted IV decrypt the rest of the input. This is the recovered cleartext.
Note 1 - DataOutputStream and DataInputStream are very useful in reading and writing since they allow you to write a set of bytes as a length followed by the bytes.
Note 2 - Since this is an exercise you can chain the DataOutputStream to a ByteArrayOutptuStream if you don't actually want to save the output to a file. You can then use the content of the ByteArrayInput to a ByteArrayInputStream chained to a DataInputStream for use in decryption.
Note 3 - You can get away with using ECB mode in the AES cipher as long as you use a random AES key. You would then ignore the IV requirement.
Ranch Hand
posted 4 years ago

Richard Tookey wrote:It is not obvious from your code what you are trying to do except that it must be an assignment since in general one needs two programs; one to encrypt the cleartext to create the ciphertext and the other to decrypt the ciphertext to recover the cleartext. As an exercise one can just use one program but use two sections; one to encrypt and one to decrypt.
Preliminary -
Create the RSA public and private keys. The public key will be used in the encryption section and the private key used in the decryption.
Encryption section -
1) Create a random AES key.
2) Encrypt this AES key with the RSA public key. Write the encrypted key it to the output.
3) Create a random IV for use with AES encryption.
4) Write it to the output.
5) Encrypt your cleartext with AES using the random AES key and random IV. Write the result to the output.
Decryption section -
1) Read the encrypted AES key from the input.
2) Decrypt the encrypted AES key using the RSA private key.
3) Read the IV from the input.
4) Using the exracted AES key and extracted IV decrypt the rest of the input. This is the recovered cleartext.
Note 1 - DataOutputStream and DataInputStream are very useful in reading and writing since they allow you to write a set of bytes as a length followed by the bytes.
Note 2 - Since this is an exercise you can chain the DataOutputStream to a ByteArrayOutptuStream if you don't actually want to save the output to a file. You can then use the content of the ByteArrayInput to a ByteArrayInputStream chained to a DataInputStream for use in decryption.
Note 3 - You can get away with using ECB mode in the AES cipher as long as you use a random AES key. You would then ignore the IV requirement.


Yes thank you. Its an assignment but we were supposed to create two programmes but it was ok dto do just one if we managed to solve it that way but come to think of it i think its better to do two. Thank you for your help. Ive been thinking about outputstream encrypting a file and send it that way but didnt thinnk it was necessary in just one programme but maybe its better. Thanks for your advice and help.
Saloon Keeper
posted 4 years ago

Aes Encryption Java

Richard Tookey wrote:3) Create a random IV for use with AES encryption.


It's not necessary to do this explicitly. Cipher will generate an IV automatically for algorithms that require one. Just call getIV() on the cipher, and send that.
Bartender
posted 4 years ago

Stephan van Hulst wrote:

Richard Tookey wrote:3) Create a random IV for use with AES encryption.


It's not necessary to do this explicitly. Cipher will generate an IV automatically for algorithms that require one. Just call getIV() on the cipher, and send that.
True. I'm just showing how stale I am.
Greenhorn
posted 2 years ago
Hi Patrica,
Howdy..
I am having the same issue when doing the Encryp/decrypt with aes/rsa mechanism.
can you please share your sample code of doing it..
thanks in advance..
- marc