Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Meaning of "AES" cipher in Android?

I have inherited Android code that uses the following cipher:

ks = new SecretKeySpec(key, "AES");
ciph = Cipher.getInstance("AES");

As only "AES" is given, I don't know what the keysize, modes, and padding are. I've looked over the Bouncy Castle* documentation, but I can't find where the "AES" instance is described. I'd like to use a more explicit instance description (e.g. "AES/ECB/PCKS5Padding"), if I can.

Does anyone know what the keysize, modes, and padding are of this instance?

Thanks!

*I've read that Android uses Bouncy Castle as its default provider, but I haven't found that anywhere official, so I could be making an unhelpful assumption here.

like image 425
bradreaves Avatar asked Dec 07 '12 19:12

bradreaves


1 Answers

Java defaults to "AES/ECB/PKCS5Padding" by default, as specified by the Oracle documentation.

If no mode or padding is specified, provider-specific default values for the mode and padding scheme are used. For example, the SunJCE provider uses ECB as the default mode, and PKCS5Padding as the default padding scheme for DES, DES-EDE and Blowfish ciphers. This means that in the case of the SunJCE provider:

Cipher c1 = Cipher.getInstance("DES/ECB/PKCS5Padding"); and
Cipher c1 = Cipher.getInstance("DES"); are equivalent statements.

See creating a Cipher object in the Oracle documentation.


I've just checked using a debugger myself. At least for Android 4.0 it seems that Android defaults to the same encryption and padding mode (as expected). The outcome using the default provider of a single (00-valued) byte is a padded plain text with value 000F0F0F0F0F0F0F0F0F0F0F0F0F0F0F in hexadecimals. This is clearly PKCS#5 padding, or more correctly PKCS#7 padding which is the same padding as PKCS#5 for 16-byte block ciphers.


In principle any provider can have a different default from the default "SunJCE" provider. However, that would break applications that assume that the Oracle / OpenJDK default is used.

Instead of leaving your colleague programmers in the dark, it is strongly recommended to specify the entire string including mode & padding and not to rely on defaults for cryptographic algorithms (with the exception of SecureRandom, where specifying the algorithm is usually not recommended).

like image 58
Maarten Bodewes Avatar answered Oct 19 '22 22:10

Maarten Bodewes