This is the first page that shows up via Google and the security
vulnerabilities in all the implementations make me cringe so I’m
posting this to add information regarding encryption for others as it
has been 7 Years from the original post. I hold a Masters Degree in
Computer Engineering and spent a lot of time studying and learning
Cryptography so I’m throwing my two cents to make the internet a
safer place.
Also, do note that a lot of implementation might be secure for a given
situation, but why use those and potentially accidentally make a
mistake? Use the strongest tools you have available unless you have a
specific reason not to. Overall I highly advise using a library and
staying away from the nitty gritty details if you can.
UPDATE 4/5/18: I rewrote some parts to make them simpler to understand and changed the recommended library from Jasypt to Google’s new library Tink, I would recommend completely removing Jasypt from an existing setup.
Foreword
I will outline the basics of secure symmetric cryptography below and point out common mistakes I see online when people implement crypto on their own with the standard Java library. If you want to just skip all the details run over to Google’s new library Tink import that into your project and use AES-GCM mode for all your encryptions and you shall be secure.
Now if you want to learn the nitty gritty details on how to encrypt in java read on 🙂
Block Ciphers
First thing first you need to pick a symmetric key Block Cipher. A Block Cipher is a computer function/program used to create Pseudo-Randomness. Pseudo-Randomness is fake randomness that no computer other than a Quantum Computer would be able to tell the difference between it and real randomness. The Block Cipher is like the building block to cryptography, and when used with different modes or schemes we can create encryptions.
Now regarding Block Cipher Algorithms available today, Make sure to NEVER, I repeat NEVER use DES, I would even say NEVER use 3DES. The only Block Cipher that even Snowden’s NSA release was able to verify being truly as close to Pseudo-Random as possible is AES 256. There also exists AES 128; the difference is AES 256 works in 256-bit blocks, while AES 128 works in 128 blocks. All in all, AES 128 is considered secure although some weaknesses have been discovered, but 256 is as solid as it gets.
Fun fact DES was broken by the NSA back when it was initially founded and actually kept a secret for a few years. Although some people still claim 3DES is secure, there are quite a few research papers that have found and analyzed weaknesses in 3DES.
Encryption Modes
Encryption is created when you take a block cipher and use a specific scheme so that the randomness is combined with a key to creating something that is reversible as long as you know the key. This is referred to as an Encryption Mode.
Here is an example of an encryption mode and the simplest mode known as ECB just so you can visually understand what is happening:
The encryption modes you will see most commonly online are the following:
ECB CTR, CBC, GCM
There exist other modes outside of the ones listed and researchers are always working toward new modes to improve existing problems.
Now let’s move on to implementations and what is secure. NEVER use ECB this is bad at hiding repeating data as shown by the famous Linux penguin.
When implementing in Java, note that if you use the following code, ECB mode is set by default:
Cipher cipher = Cipher.getInstance(“AES”);
… DANGER THIS IS A VULNERABILITY! and unfortunately, this is seen all over StackOverflow and online in tutorials and examples.
Nonces and IVs
In response to the issue found with ECB mode nounces also known as IVs were created. The idea is that we generate a new random variable and attach it to every encryption so that when you encrypt two messages that are the same they come out different. The beauty behind this is that an IV or nonce is public knowledge. That means an attacker can have access to this but as long as they don’t have your key, they cant do anything with that knowledge.
Common issues I will see is that people will set the IV as a static value as in the same fixed value in their code. and here is the pitfall to IVs the moment you repeat one you actually compromise the entire security of your encryption.
Generating A Random IV
SecureRandom randomSecureRandom = SecureRandom.getInstance(“SHA1PRNG”);
byte[] iv = new byte[cipher.getBlockSize()];
randomSecureRandom.nextBytes(iv);
IvParameterSpec ivParams = new IvParameterSpec(iv);
Note: SHA1 is broken but I couldn’t find how to implement SHA256 into this use case properly, so if anyone wants to take a crack at this and update it would be awesome! Also SHA1 attacks still are unconventional as it can take a few years on a huge cluster to crack. Check out details here.
CTR Implementation
No padding is required for CTR mode.
Cipher cipher = Cipher.getInstance(“AES/CTR/NoPadding”);
CBC Implementation
If you choose to implement CBC Mode do so with PKCS7Padding as follows:
Cipher cipher = Cipher.getInstance(“AES/CBC/PKCS7Padding”);
CBC and CTR Vulnerability and Why You Should Use GCM
Although some other modes such as CBC and CTR are secure they run into the issue where an attacker can flip the encrypted data, changing its value when decrypted. So let’s say you encrypt an imaginary bank message “Sell 100”, your encrypted message looks like this “eu23ng” the attacker changes one bit to “eu53ng” and all of a sudden when decrypted your message, it reads as “Sell 900”.
To avoid this the majority of the internet uses GCM, and every time you see HTTPS they are probably using GCM. GCM signs the encrypted message with a hash and checks to verify that the message has not been changed using this signature.
I would avoid implementing GCM because of its complexity. You are better off using Googles new library Tink because here again if you accidentally repeat an IV you are compromising the key in the case with GCM, which is the ultimate security flaw. New researchers are working towards IV repeat resistant encryption modes where even if you repeat the IV the key is not in danger but this has yet to come mainstream.
Now if you do want to implement GCM, here is a link to a nice GCM implementation. However, I can not ensure the security or if its properly implemented but it gets the basis down. Also note with GCM there is no padding.
Cipher cipher = Cipher.getInstance(“AES/GCM/NoPadding”);
Keys vs Passwords
Another very important note, is that when it comes to cryptography a Key and a Password are not the same things. A Key in cryptography needs to have a certain amount of entropy and randomness to be considered secure. This is why you need to make sure to use the proper cryptographic libraries to generate the key for you.
So you really have two implementations you can do here, the first is to use the code found on this StackOverflow thread for Random Key Generation. This solution uses a secure random number generator to create a key from scratch that you can the use.
The other less secure option is to use, user input such as a password. The issue as we discussed is that the password doesn’t have enough entropy, so we would have to use PBKDF2, an algorithm that takes the password and strengthens it. Here is a StackOverflow implementation I liked. However Google Tink library has all this built in and you should take advantage of it.
Android Developers
One important point to point out here is know that your android code is reverse engineerable and most cases most java code is too. That means if you store the password in plain text in your code. A hacker can easily retrieve it. Usually, for these type of encryption, you want to use Asymmetric Cryptography and so on. This is outside the scope of this post so I will avoid diving into it.
An interesting reading from 2013: Points out that 88% of Crypto implementations in Android were done improperly.
Final Thoughts
Once again I would suggest avoid implementing the java library for crypto directly and use Google Tink, it will save you the headache as they have really done a good job of implementing all the algorithms properly. And even then make sure you check up on issues brought up on the Tink github, vulnerabilities popup here and there.
If you have any questions or feedback feel free to comment!
Security is always changing and you need to do your best to keep up with it 🙂
I’d recommend to use some standard symmetric cypher that is widely available like DES, 3DES or AES. While that is not the most secure algorithm, there are loads of implementations and you’d just need to give the key to anyone that is supposed to decrypt the information in the barcode. javax.crypto.Cipher is what you want to work with here.
Let’s assume the bytes to encrypt are in
byte[] input;
Next, you’ll need the key and initialization vector bytes
byte[] keyBytes;
byte[] ivBytes;
Now you can initialize the Cipher for the algorithm that you select:
// wrap key data in Key/IV specs to pass to cipher
SecretKeySpec key = new SecretKeySpec(keyBytes, “DES”);
IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
// create the cipher with the algorithm you choose
// see javadoc for Cipher class for more info, e.g.
Cipher cipher = Cipher.getInstance(“DES/CBC/PKCS5Padding”);
Encryption would go like this:
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
byte[] encrypted= new byte[cipher.getOutputSize(input.length)];
int enc_len = cipher.update(input, 0, input.length, encrypted, 0);
enc_len += cipher.doFinal(encrypted, enc_len);
And decryption like this:
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
byte[] decrypted = new byte[cipher.getOutputSize(enc_len)];
int dec_len = cipher.update(encrypted, 0, enc_len, decrypted, 0);
dec_len += cipher.doFinal(decrypted, dec_len);