Cryptography in Java

Encryption String in Java.

Don’t Just Get it Working, Use it Securely!

Learning from a well practical blog series

1. How get started using Java cryptography securely, See also KeyNote

2. Cryptographically Secure Random Number Generators

3. Encryption and Decryption

We choose AES/GCM/PKCS5Padding (Algorithm/mode/paddings)

  • Algorithm AES(Advanced Encryption Standard)
    • KeySize 256
    • Symmetic algorithm, (same key for encryption and decryption)
    • Cracking a 128 bit AES key with a state-of-the-art supercomputer would take longer than the presumed age of the universe. And even uses 256 bit keys! As of today, no practicable attack against AES exists. Therefore, AES remains the preferred encryption standard for governments, banks and high security systems around the world.

  • Mode
    1
    2
    3
    
    GCM is a streaming mode which means that the ciphertext is only as long as the plaintext (not including authentication tag). GCM doesn't require a padding. 
    This means that the PKCS5Padding version is actually only a synonym for NoPadding for convenience during programming. Some providers don't have this strange mode.
    The are cases where padding the plaintext makes sense. For example, you can hide the length of the actual plaintext by appending a random length PKCS5Padding.
    
  • Padding

    Padding describes how blocks in the chain are aligned and filled up to match the expected block size.

4. Message Digest

5. HMAC

References:

(Updated: )

comments powered by Disqus