How to know if you are using a 128, 192, 256 bit AES encryption?

Question

CodeWarrior14 0 Light Poster

9 Years Ago

I improved my AES encryption code, I now generate a key from a password of any length. But now I dont know if I'm generating a 128, 192 or 256 bit AES key.

Here is my code:

import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.Cipher;

public class AESCipher {
    private Cipher cipher;
    private SecretKey secretKey;
    private SecretKeyFactory keyFactory;
    private PBEKeySpec pbeKey;
    private PBEParameterSpec paramSpec;
    private byte[] salt = {111, 123, 56, 123, 99, 108, 45, 65};
    private String password;
    private final int iterationCount = 21;

    /**
     * Generates the key from the password.
     */
    private void generateKey() throws Exception {
        this.paramSpec = new PBEParameterSpec(this.salt, this.iterationCount);
        this.pbeKey = new PBEKeySpec(this.password.toCharArray());
        this.keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
        this.secretKey = this.keyFactory.generateSecret(this.pbeKey);
        this.cipher = Cipher.getInstance("PBEWithMD5AndDES");
    }

    /**
     * Encrypts data.
     * @param plainText
     *   Data to encrypt.
     * @return
     *   Encrypted data.
     * @throws Exception
     *   If something went wrong.
     */
    public byte[] encrypt(String plainText) throws Exception {
        byte[] encrypted = new byte[plainText.getBytes().length];

        cipher.init(Cipher.ENCRYPT_MODE, this.secretKey, this.paramSpec);
        encrypted = cipher.doFinal(plainText.getBytes());

        return encrypted;
    }

    /**
     * Decrypts data.
     * @param cipherText
     *   Data to decrypt.
     * @return
     *   Decrypted data.
     * @throws Exception
     *   If something went wrong.
     */
    public String decrypt(byte[] cipherText) throws Exception {
        byte[] decryptedText = new byte[cipherText.length];
        String decrypted;

        cipher.init(Cipher.DECRYPT_MODE, this.secretKey, this.paramSpec);
        decryptedText = cipher.doFinal(cipherText);
        decrypted = new String(decryptedText);

        return decrypted;
    }

    /**
     * Class initializer.
     * @param password 
     *   Password that will be used for encryption.
     */
    public AESCipher(String password) throws EncryptionException {
        this.password = password;

        try {
            //generateSalt();
            generateKey();
        } catch(Exception error) {
            throw new EncryptionException(error.getMessage());
        }
    }
}

How can I be sure this code will generate an AES 192 bit key?

java

3 Contributors
9 Replies
3K Views
1 Day Discussion Span
Latest Post 9 Years Ago Latest Post by CodeWarrior14

JamesCherrill 4,733 Most Valuable Poster

9 Years Ago

Why do you think that PBEWithMD5AndDES will generate any kind of AES key?

JamesCherrill 4,733 Most Valuable Poster

9 Years Ago

Which on-line doc are you referring to?
(ps: I'm no expert in this area, but as nobody else has responded I'm also trying to interpret the doc and related tutorials. I'll leave you in peace if you want to wait for an actual expert.. JC)

Edited 9 Years Ago by JamesCherrill

Taywin 312 Posting Virtuoso

9 Years Ago

How about look at this sample implementation? I am not sure if your implementation is really AES...

JamesCherrill commented: Excellent reference +15

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

CodeWarrior14 0 Light Poster · Answer 1 · 2015-01-07T21:15:01+00:00

I take it the online documentation was wrong then. What kind of key generator should I use then?

CodeWarrior14 0 Light Poster · Answer 2 · 2015-01-07T22:08:34+00:00

@JamesCherrill - I am unable to find the documentation at the moment.
@Taywin - Well in that implementation you can define a key size you want to generate, but you cant generate a key from a password. I need to define my key size (128, 192, 256) and then supply a password that will be used to create the key. I cant seem to find an implementation of this anywhere.

JamesCherrill 4,733 Most Valuable Poster Team Colleague Featured Poster · Answer 3 · 2015-01-08T09:27:54+00:00

Good morning. (Sorry abou the relay in replying, it was bedtime here!)

You are requesting DES and MD5, so I can't believe that will give you an AES implementation. Looking at the docs it seems that the early verisons of java crypto were very limited in their choice of algorithms, and AES was not initially supported in the standard API. I found lots of examples of AES Java code in more recent web sites, so maybe a Google search limited to the last year should be your next step.

ps:Having said that, Taywin's link seems exactly what you need.

CodeWarrior14 0 Light Poster · Answer 4 · 2015-01-08T16:58:17+00:00

Well not quite. I don't see that there is a password being used to generate the key. Or am I wrong?

JamesCherrill 4,733 Most Valuable Poster Team Colleague Featured Poster · Answer 5 · 2015-01-08T18:36:20+00:00

That's the AES encrypt/decrypt with a system-generated secret key.
As always, Google is your friend. It only took a minute to find
this link to an example of generating an AES key from a password.

CodeWarrior14 0 Light Poster · Answer 6 · 2015-01-09T08:43:13+00:00

CodeWarrior14 0 Light Poster

9 Years Ago

Thanks, that solved my problem.