How to Encrypt and Decrypt Data In Java Using AES Algorithm
AES (Advanced Encryption Standard) is a strong symmetric encryption algorithm. A secret key is used for the both encryption and decryption of data. Only someone who has access to the same secret key can decrypt data. AES encryption provides strong protection to your data.
The following sample Java program shows how to encrypt data using AES encryption algorithm. Java provides a number of helper classes for AES encryption such as Cipher (for encryption/decryption), SecretKey (represents the shared secret key) and KeyGenerator (generates the shared secret key). Also note that both secret key and encrypted data is binary data and hence cannot be printed directly. The following program prints them in hexadecimal form.
In the following program, the KeyGenerator is initialized with a 128 bit secret key. If you want stronger keys such as 256 bit key, you need to Java cryptography extension (JCE) unlimited strength jurisdiction policy files.
These zip files contain a number of jars and you need to copy them to {java.home}/jre/lib/security directory of your JRE installation. Now you can pass 256 as secret key bit size to KeyGenerator.
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.xml.bind.DatatypeConverter;
/**
* This example program shows how AES encryption and decryption can be done in Java.
* Please note that secret key and encrypted text is unreadable binary and hence
* in the following program we display it in hexadecimal format of the underlying bytes.
* @author Jayson
*/
public class AESEncryption {
/**
* 1. Generate a plain text for encryption
* 2. Get a secret key (printed in hexadecimal form). In actual use this must
* by encrypted and kept safe. The same key is required for decryption.
* 3.
*/
public static void main(String[] args) throws Exception {
String plainText = "Hello World";
SecretKey secKey = getSecretEncryptionKey();
byte[] cipherText = encryptText(plainText, secKey);
String decryptedText = decryptText(cipherText, secKey);
System.out.println("Original Text:" + plainText);
System.out.println("AES Key (Hex Form):"+bytesToHex(secKey.getEncoded()));
System.out.println("Encrypted Text (Hex Form):"+bytesToHex(cipherText));
System.out.println("Descrypted Text:"+decryptedText);
}
/**
* gets the AES encryption key. In your actual programs, this should be safely
* stored.
* @return
* @throws Exception
*/
public static SecretKey getSecretEncryptionKey() throws Exception{
KeyGenerator generator = KeyGenerator.getInstance("AES");
generator.init(128); // The AES key size in number of bits
SecretKey secKey = generator.generateKey();
return secKey;
}
/**
* Encrypts plainText in AES using the secret key
* @param plainText
* @param secKey
* @return
* @throws Exception
*/
public static byte[] encryptText(String plainText,SecretKey secKey) throws Exception{
// AES defaults to AES/ECB/PKCS5Padding in Java 7
Cipher aesCipher = Cipher.getInstance("AES");
aesCipher.init(Cipher.ENCRYPT_MODE, secKey);
byte[] byteCipherText = aesCipher.doFinal(plainText.getBytes());
return byteCipherText;
}
/**
* Decrypts encrypted byte array using the key used for encryption.
* @param byteCipherText
* @param secKey
* @return
* @throws Exception
*/
public static String decryptText(byte[] byteCipherText, SecretKey secKey) throws Exception {
// AES defaults to AES/ECB/PKCS5Padding in Java 7
Cipher aesCipher = Cipher.getInstance("AES");
aesCipher.init(Cipher.DECRYPT_MODE, secKey);
byte[] bytePlainText = aesCipher.doFinal(byteCipherText);
return new String(bytePlainText);
}
/**
* Convert a binary byte array into readable hex form
* @param hash
* @return
*/
private static String bytesToHex(byte[] hash) {
return DatatypeConverter.printHexBinary(hash);
}
}
In highly secure systems, the secret key is usually stored in a separate hardware known HSMs(Hardware Security Modules). HSMs are expensive devices and hence a more cost effective way is to store the secret key in a separate secure partition or schema.