Java AES Encryption and Decryption

1. AES Algorithm

The AES algorithm (also known as the Rijndael algorithm) is a symmetric-key block cipher that supports cryptographic keys (secret keys) of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits.

image taken from TechTarget

2. Modes Of Operation

The AES algorithm has five modes of operation:

  1. CBC (Cipher Block Chaining)
  2. CFB (Cipher Feedback)
  3. OFB (Output Feedback)
  4. CTR (Counter)

2.1 ECB

This is the simplest mode of encryption. Each plaintext is divided into blocks with a size of 128 bits and each block is encrypted separately. Similarly, each ciphertext block is decrypted separately. Only issue is that a single key is used to encrypt each block therefore the created ciphertext is not blurred.

2.2 CBC

In order to overcome ECB weakness, CBC mode uses an initialization vector (IV) to augment the encryption. This mode adds XOR to the plaintext and then encrypts the data. The first plaintext block is XOR with Initialization Vector (IV). The IV has the same block size as plaintext. During decryption, the decrypted data is XOR with IV. In this mode, encryption can’t be parallelized, but decryption can be parallelized. It also requires padding data.

image taken from Wikipedia
image taken from Wikipedia

2.3 CFB

This is also similar as CBC mode, except that one should encrypt cipher data from previous round, not the plaintext. In this mode, decryption can be parallelized, but encryption can’t be parallelized.

image taken from Wikipedia
image taken from Wikipedia

2.4 OFB

This creates keystream bits that are used for encrypting subsequent data blocks. In this regard, the way of working of cipher becomes similar the way of working of typical stream cipher. In OFB mode we can perform both encryption and decryption using only one thread at a time.

image taken from Wikipedia
image taken from Wikipedia

2.5 CTR

This is the most popular block cipher modes of operation. In this mode, Both the encryption and decryption can be performed using many threads at a time. The nonce is a unique number used once. It plays the same role as IV. The subsequent values of an increasing counter are added to nonce.

image taken from Wikipedia
image taken from Wikipedia

3. AES Parameters

In the AES algorithm, we need three parameters: input data, secret key, and IV. IV is not used in ECB mode.

3.1 Input Data

The input data to the AES can be string, file, object, and password-based.

3.2 Secret Key

There are two ways for generating a secret key in the AES: generating from a random number, or deriving from a given password.

3.3 Initialization Vector (IV)

IV is a pseudo-random value and has the same size as the block that is encrypted. We can use the SecureRandom class to generate a random IV.

4. Encryption and Decryption

4.1 String

To implement input string encryption, we first need to generate the secret key and IV according to the previous section. As the next step, we create an instance from the Cipher class by using the getInstance() method.

4.2 File

The steps are the same, but we need some IO classes to work with the files:

4.3 Object

To encrypt an object we have to use SealedObject class, and the object should be Serializable. Let’s begin by defining a Employee class:

5. Conclusion

In this article, we learned how to encrypt and decrypt input data like strings, files and objects using the AES algorithm in Java. Additionally, we discussed the AES variations.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store