Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Meaning of "AES" cipher in Android?

Tags:

android

cryptography

aes

I have inherited Android code that uses the following cipher:

ks = new SecretKeySpec(key, "AES");
ciph = Cipher.getInstance("AES");

As only "AES" is given, I don't know what the keysize, modes, and padding are. I've looked over the Bouncy Castle* documentation, but I can't find where the "AES" instance is described. I'd like to use a more explicit instance description (e.g. "AES/ECB/PCKS5Padding"), if I can.

Does anyone know what the keysize, modes, and padding are of this instance?

Thanks!

*I've read that Android uses Bouncy Castle as its default provider, but I haven't found that anywhere official, so I could be making an unhelpful assumption here.

like image 425
bradreaves Avatar asked Dec 07 '12 19:12

bradreaves

1 Answers

Java defaults to "AES/ECB/PKCS5Padding" by default, as specified by the Oracle documentation.

If no mode or padding is specified, provider-specific default values for the mode and padding scheme are used. For example, the SunJCE provider uses ECB as the default mode, and PKCS5Padding as the default padding scheme for DES, DES-EDE and Blowfish ciphers. This means that in the case of the SunJCE provider:

Cipher c1 = Cipher.getInstance("DES/ECB/PKCS5Padding"); and
Cipher c1 = Cipher.getInstance("DES"); are equivalent statements.

See creating a Cipher object in the Oracle documentation.

I've just checked using a debugger myself. At least for Android 4.0 it seems that Android defaults to the same encryption and padding mode (as expected). The outcome using the default provider of a single (00-valued) byte is a padded plain text with value 000F0F0F0F0F0F0F0F0F0F0F0F0F0F0F in hexadecimals. This is clearly PKCS#5 padding, or more correctly PKCS#7 padding which is the same padding as PKCS#5 for 16-byte block ciphers.

In principle any provider can have a different default from the default "SunJCE" provider. However, that would break applications that assume that the Oracle / OpenJDK default is used.

Instead of leaving your colleague programmers in the dark, it is strongly recommended to specify the entire string including mode & padding and not to rely on defaults for cryptographic algorithms (with the exception of SecureRandom, where specifying the algorithm is usually not recommended).

like image 58
Maarten Bodewes Avatar answered Oct 19 '22 22:10

Maarten Bodewes
Sign in to Comment

Related questions

Is it possible to use SIM card cryptographic functions?
Getting "EVP_DecryptFinal_ex:wrong final block length" during decryption
Using the JarSigner with RSASSA-PSS
Extracting data from RSA public key
How do I add a timestamp when digitally signing a file in C#?
HMAC MD5 Validation with Node.js, Express and Trialpay
.Net: Will my RSA keys still function after August 2012?
RSA: How to generate private key in java and use it in C#?
UDP security and identifying incoming data
Ideal hashing method for wide distribution of values?
openssl decryption in javascript in browser
RSA_public_decrypt and MS Crypto API equivalent
How do I enable AES-NI (hardware acceleration) for Node.js crypto on Linux?
Using ColdFusion to sign data for single sign-on
Time complexity of MD5
Simple row transposition cipher
Where is the SALT attached to the password, AFTER or BEFORE the password?
Importance of the key size in the Rfc2898DeriveBytes (PBKDF2) implementation
Digital signature public key [closed]
Can org.bouncycastle.openssl.PEMReader read java.security.PrivateKey?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!