Encryption and Decryption in Java
In this article I will be giving you basic idea of encryption and decryption in java and how it works.
Encryption
is
the process of transforming information using an algorithm to make it unreadable
to anyone except those possessing special knowledge, usually referred to as a
key,.The result of the process is encrypted information,process is called encryption.
Reverse of it terms as Decryption.
The core class
used for encryption and decryption is javax.crypto.Cipher.
A cipher is an
object capable of carrying out encryption and decryption according to an
encryption scheme (algorithm).
This
class contains a representation of a cipher that uses a specific algorithm and
operating mode.It includes methods to initialize and operate cipher.
Types of Encryption
Encryption can be
symmetric or asymmetric,based on the user requirement.
Symmetric
encryption: - Encryption and decryption can be done
symmetrically,here the same key is used to
encrypt and decrypt the data. Because both parties have the same key, the
decryption essentially is performed by reversing some part of the encryption
process. The DES(Data Encryption Standard) algorithm is an example of a
symmetric key. It is supported by the Java Cryptography Extension (JCE).
Symmetric encryption is the oldest and best-known
technique. A secret key, which can be a number, a word, or just a string of
random letters, is applied to the text of a message to change the content in a
particular way. This might be as simple as shifting each letter by a number of
places in the alphabet. As long as both sender and recipient know the secret
key, they can encrypt and decrypt all messages that use this key.
The
encryption key is trivially related to the decryption key, in that they may be
identical or there is a simple transform to go between the two keys. The keys,
in practice, represent a shared secret between two or more parties that can be
used to maintain a private information link.
Symmetric-key algorithms can be divided into stream
cipher and block cipher. Stream ciphers encrypt the bytes of the message one at
a time, and block ciphers take a number of bytes and encrypt them as a single
unit. Blocks of 64 bits have been commonly used; the Advanced Encrypted
Standard (AES) algorithm approved by NIST in December 2001 uses 128-bit blocks.
In the first case we are
requesting a Cipher that implements the Data
Encryption Standard (DES) algorithm and in the second line we want a Cipher that uses the Advanced Encryption Standard
(AES) algorithm using the Electronic Code Book (ECB) method and the PKCS5
padding scheme. It is important to get to know the algorithms and operations
modes available in the target device or emulator.
Algorithms:
DES, 3DES/DESede, AES
Modes:
ECB, CBC
Padding
Schemes: No padding, PKCS5 padding.
Asymmetric encryption:-Here we use of asymmetric key algorithms instead
of or in addition to symmetric key algorithms.
Using the techniques of public key-private key cryptography. They do not
require a secure initial exchange of one or more secret keys as is required
when using in symmetric key algorithms.
The problem with secret keys
is exchanging them over the Internet or a large network while preventing them
from falling into the wrong hands. Anyone who knows the secret key can decrypt
the message. One answer is asymmetric encryption, in which there are two
related keys--a key pair. A public key is made freely available to anyone who
might want to send you a message. A second, private key is kept secret, so that
only you know it.
The
distinguishing technique used in public key-private key cryptography is use of asymmetric
key algorithms because the key used to encrypte a message is not the same
as the key used to decrypte it. Each user has a pair of cryptographic keys—
a public key and a private key. The private key is kept secret,
while the public key may be widely distributed. Messages are encrypted with the
recipient's public key and can only be decrypted with the corresponding
private key. The keys are related mathematically, but the private key cannot be
feasibly (i.e., in actual or projected practice) derived from the public key.
It was the discovery of such algorithms which revolutinized the practice of
cryptography beginning in the middle 1970s.
In
contrast Symmetric encryption,variations of which have been used for
some thousands of years, use a single secret key shared by sender and
receiver (which must also be kept private, thus accounting for the ambiguity of
the common terminology) for both encryption and decryption. To use a symmetric
encryption scheme, the sender and receiver must securely share a key in
advance.
An
analogy to public-key encryption is that of a locked mailbox with a mail slot.
The mail slot is exposed and accessible to the public; its location (the street
address) is in essence the public key. Anyone knowing the street address can go
to the door and drop a written message through the slot; however, only the
person who possesses the key can open the mailbox and read the message.
Symmetric vs. asymmetric
algorithms:
(1) Unlike
symmetric algorithms, asymmetric key algorithm uses a different key for
encryption than for decryption. I.e., a user knowing the encryption key of an
asymmetric algorithm can encrypt messages, but cannot derive the decryption key
and cannot decrypt messages encrypted with that key.
(2) Symmetric-key
algorithms are generally much less computationally intensive than asymmetric
key algorithms. In practice, asymmetric key algorithms are typically hundreds
to thousands times slower than symmetric key algorithms.
A conventional
encryption scheme has five major parts:
Plaintext - this is the
text message to which an algorithm is applied.
Encryption
Algorithm - it performs mathematical operations to conduct substitutions
and transformations to the plaintext.
Secret Key - This is the
input for the algorithm as the key dictates the encrypted outcome.
Ciphertext - This is the
encrypted or scrambled message produced by applying the algorithm
to the plaintext message using the secret key.
Decryption
Algorithm - This is the encryption algorithm in reverse. It uses the ciphertext,
and the secret key to derive the plaintext message.
Starting with encryption
Step 1:- Create
a Cipher instance from Cipher class, we have to specify the following information
and separated by a slashes (/).
1. Algorithm name
2. Mode (optional)
3. Padding scheme
(optional)
You need to create a Cipher. You use a factory method of the
Cipher class so that you can take advantage of different providers without
changing the application. You create a Cipher like this:
Cipher cipher =
Cipher.getInstance("DES");
If
no mode or padding has been specified, provider-specific default values for the
mode and padding scheme are used. For example, the SunJCE provider uses ECB
as the default mode, and PKCS5Padding as the default padding
scheme for DES, DES-EDE
and Blowfish
ciphers. This means that in the case of the SunJCE provider,
Cipher c1 =
Cipher.getInstance("DES/ECB/PKCS5Padding");
DES = Data
Encryption Standard
ECB = Electronic
Codebook mode
PKCS5Padding =
PKCS #5-style padding
Step 2:- Create a DES Key.
You create a symmetric key,
use a factory method from the KeyGenerator class and pass in the algorithm as a
String. When you call the generateKey() method, you get back an object that
implements the Key interface instead of the KeyPair interface. The call looks
something like this:
KeyGenerator.getInstance ("DES").generateKey();
Step 3:- Convert String
into Byte[] array format.
String input= “This is the private message";
byte [] textBytes
=input.getBytes();
Private message input as string is encrypted with the key
specified using the DES symmetric algorithm.
Step 4:- Make Cipher in encrypt mode, and encrypt
it with Cipher.doFinal() method.
Cipher
is used to encrypt and decrypt data that is passed in as byte arrays. The two
essential methods you must use are init (), to specify which operation will be
called, and
doFinal
(), to perform that operation. For example, the following two lines use the
cipher and key instances you created to encrypt a byte array called textBytes.
The result is stored in a byte array called encryptedBytes.
Suppose the string
to encrypte is in input string object.
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encryptedBytes =
cipher.doFinal( textBytes );
Decryption
First of all you
need the same key as you used in the encryption,because DES is the
Symmetric
encryption technique.
After encrypting
the private message now we need to decrypte it, so
Make Cipher in
decrypt mode, and decrypt it with Cipher.doFinal() method as well.
desCipher.init(Cipher.DECRYPT_MODE, key);
byte[] textDecrypted = desCipher.doFinal(textEncrypted);
System.out.println("Text Decryted : "
+ new String(textDecrypted));
The output string
is the same as given in the input for encryption.
As “This is the private message” in the output appears.
Exception handling:-Also
for catching the exceptions occurring during the encryption and
decryption process.
You need to catch
the following exceptions.
Ex:-NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException,
BadPaddingException.
If you enjoyed this post, I’d be very grateful if you’d help it spread by emailing it to a friend, or sharing it on Twitter or Facebook. Thank you!