Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Rijndael support in Java

We have a requirement to do some Rijndael development in Java.

Any recommendations for articles, libraries etc. that would help us?

Any pointers to keystore maintenance and how store the keys securely?

Edit:

It would need to be open source. Essentially, it's just standard encrypt / decrypt of data using Rijndael.

like image 378
rbrayb Avatar asked Feb 25 '09 19:02

rbrayb


People also ask

Is Rijndael and AES same?

Rijndael and AES differ only in the range of supported values for the block length and cipher key length. For Rijndael, the block length and the key length can be independently specified to any multiple of 32 bits, with a minimum of 128 bits, and a maximum of 256 bits.

What is Rijndael better known as?

The Advanced Encryption Standard (AES), also known by its original name Rijndael (Dutch pronunciation: [ˈrɛindaːl]), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

Why is it called Rijndael?

Rijndael is named after its two creators: Belgian cryptologists Vincent Rijmen and Joan Daemen. It has its origins in Square, another algorithm designed by the pair.

What is AES number in Java?

AES, Advanced Encryption Standard is a block ciphertext encryption and decryption algorithm that processes a block of 128 bits of data using secret keys of 128, 192, or 256 bits.


2 Answers

Java includes AES out of the box. Rijndael is AES. You don't need any external libraries. You just need something like this:

byte[] sessionKey = null; //Where you get this from is beyond the scope of this post
byte[] iv = null ; //Ditto
byte[] plaintext = null; //Whatever you want to encrypt/decrypt
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
//You can use ENCRYPT_MODE or DECRYPT_MODE
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(sessionKey, "AES"), new IvParameterSpec(iv));
byte[] ciphertext = cipher.doFinal(plaintext);

And that's it, for encryption/decryption. If you are processing large amounts of data then you're better off reading chunks that are multiples of 16 bytes and calling update instead of doFinal (you just call doFinal on the last block).

like image 66
Chochos Avatar answered Sep 19 '22 11:09

Chochos


For a great free library, I highly recommend BouncyCastle. It is actively maintained, high quality, and has a nice array of code examples. For reference documentation, you'll have to rely more on the general JCE docs.

I can't say what library we use to meet FIPS certification requirements. But there are alternatives to CryptoJ that are much, much cheaper.

In general, I'd recommend generating a new key for each message you encrypt with a symmetric cipher like Rijndael, and then encrypting that key with an asymmetric algorithm like RSA. These private keys can be stored in a password-protected, software-based key store like PKCS #12 or Java's "JKS", or, for better security, on "smart card" hardware token or other crypto hardware module.

like image 24
erickson Avatar answered Sep 22 '22 11:09

erickson