I am using this encryption method to encrypt and decrypt a certain string :-
package encryption;
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class AES {
private static final String ALGO = "AES";
private static final byte[] keyValue =
new byte[] { 'T', 'h', 'e', 'B', 'e', 's', 't',
'S', 'e', 'c', 'r','e', 't', 'K', 'e', 'y' };
public static String encrypt(String Data) throws Exception {
Key key = generateKey();
Cipher c = Cipher.getInstance(ALGO);
c.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = c.doFinal(Data.getBytes());
String encryptedValue = new BASE64Encoder().encode(encVal);
return encryptedValue;
}
public static String decrypt(String encryptedData) throws Exception {
Key key = generateKey();
Cipher c = Cipher.getInstance(ALGO);
c.init(Cipher.DECRYPT_MODE, key);
byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedData);
byte[] decValue = c.doFinal(decordedValue);
String decryptedValue = new String(decValue);
return decryptedValue;
}
private static Key generateKey() throws Exception {
Key key = new SecretKeySpec(keyValue, ALGO);
return key;
}
}
It works fine.
The issue is that how will i get to know that the string which is to be decrypted is encrypted ?
I mean i could pass a long "not encrypted" string to the decrypt method and it still will work.
Any suggestions.
Depending on what types of data you're expecting, you could try looking at the entropy (randomness) of the data. Properly encrypted data should be pretty much indistinguishable from random noise, and will have a much higher entropy than any kind of structured data.
However, it is impossible to check what the exact encryption mechanism for file that encrypt using strong PKI. You could perfom some tests with different data to check for example if the string obtained has always the same length or not. If it is always the same that data is probably being hashed and not encrypted (i.e.: AES).
You could run ent to see how much entropy a file has, a file with high entropy is likely either compressed or encrypted (or both). A problem is that JPEG, XLSX and ZIP are compressed, so actually compressed files are very common.
There's no definitive way to tell; the only thing you can do is look at a string and see if it looks like something intelligible (roughly speaking, something for which file would return something more specific than "data").
There's no definitive way to tell; the only thing you can do is look at a string and see if it looks like something intelligible (roughly speaking, something for which file
would return something more specific than "data"). Unless you have some characteristic that you can use to identify "plain text" (maybe everything's ASCII, or all Unicode code points for $LANGUAGE), there's no inherent difference between ciphertext and arbitrary binary data.
You can determine if something is encrypted with a particular key, algorithm, mode, and padding scheme by simply trying to decrypt it.
If you're decrypting the data, you know the padding scheme being used, and you can verify if the padding is correct when you try to decrypt it. If you cannot reliably strip the padding from the original message, you know you have a problem!
One of the benefits of the CBC mode, which is supported in almost every widely used cryptography library containing symmetric ciphers (like AES) is that each block depends on the previous one in terms of its data. This means that errors will propagate and you are more likely to fail to decrypt data that was not actually encrypted or has been corrupted accidentally in some fashion.
I believe that this is probably the best bang for your lines of code to test if the data passed in was encrypted with the specific key, algorithm, mode, and padding scheme.
EDIT
But, if you need to verify with high certainty that the key is correct, you need to add a message authentication code (MAC) at the end of your ciphertext or plaintext.
You can form your message like this:
CIPHERTEXT = ENCRYPT(KEY_1, PADDING, MODE, PLAINTEXT)
MESSAGE = CIPHERTEXT || HMAC(KEY_2, CIPHERTEXT)
CIPHERTEXT
is defined as the result of encryption of plaintext under a specific key, padding, and mode of operation
MESSAGE
is defined as the result of CIPHERTEXT
having the HMAC
result binary-concatenated (||
) to it.
KEY_1
is a cryptographically secure key independent of KEY_2
, another cryptographically secure key.
The reason you want to compute the HMAC
against the CIPHERTEXT
is because you don't want to have to actually perform decryption to verify if the message is legitimate.
You will have to start an encrypted session and then exchange KEY_2
over that encrypted channel, meaning you have added key management overhead and code complexity, but you have a 1/1^256 (at the very least) probability of seeing an incorrect message pass through the HMAC
check.
Once you verify the result of HMAC
you can be certain the message is probably actually encrypted under KEY_1
, assuming no leaks have happened since the start of the session or the lifetime of the message.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With