stackoom
  简体   繁体   中英

What is the proper way to perform authenticated encryption in Java?

 原文  2012-03-05 17:06:45       java/ encryption

Question

Authenticated encryption requires that we use some accepted standard for encrypting and authenticating a message. So we both encrypt the message and compute a MAC on the message to verify it has not been tampered with.

This question outlines a way to perform password based key strengthening and encryption: 

/* Derive the key, given password and salt. */
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(password, salt, 65536, 256);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
/* Encrypt the message. */
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = cipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
byte[] ciphertext = cipher.doFinal("Hello, World!".getBytes("UTF-8"));

But as far as I can tell, this does not compute any MAC on the ciphertext and so would be insecure. What is the accepted standard for performing authenticated encryption in Java?

2 answers

solution1
 12 ACCPTED  2012-03-05 21:49:20

I would recommend using GCM mode encryption. It is included in the latest JDK (1.7) by default. It uses a counter mode encryption (a stream cipher, no padding required) and adds an authentication tag. One big advantage is that it requires only a single key, whereas HMAC adds another key to the mix. Bouncy Castle has an implementation as well, which is moslty compatible with one provided by Oracle.

GCM mode encryption is also features in a TLS RFC, and in XML encrypt 1.1 (both not final). GCM mode provides all three security features: confidentiality, integrity and authenticity of the data send. The String would be "AES/GCM/NoPadding" instead of the CBC one you are now deploying. As said, make sure you have the latest JDK from Oracle, or have Bouncy Castle provider installed.

Also check out my answer here , which is mostly about String encoding, but I've succesfully tried GCM mode too - see the comment.

solution2
 3  2012-03-05 17:48:14

When transferring files from one server to another through secure ftp, I use private/public key pairs with the private key residing on the "from" server and the public key residing on the "to" server.

Using private/public key pairs is a secure standard when transferring files.

I believe it would also be a secure means in the context of a Java application.

Check out Generating and Verifying Signatures and Generate Public and Private Keys for more details on using a private/public key pair setup for digital signatures in Java.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Proper way to perform division in java authenticated encryption in Java 7 What is the proper way of creating objects in Java? What is the proper way to reopen a file in java? what is the proper way to implement the java Collection interface what is the proper way deploy maven java adapter What is the proper way to use a .equals method in Java? What is the proper way of accessing static fields in Java? what is the proper way of declaring arrays in a class in Java What is the proper way to open a stream in Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM