AES 256 Symmetric Encryption with BouncyCastle

Java provides the Cipher class to perform symmetric encryption. Several algorithms are available, but unfortunately, not all key sizes are allowed. The recommended solution is to install the unlimited JCE version. However, this is not a portable solution.

Trying to perform AES encryption with a 256 bit key triggers an error. A portable solution is to use BouncyCastle's library instead:

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk16</artifactId>
    <version>1.46</version>
</dependency>

The following class illustrates how BounceCastle can be used for AES:

public class AESBouncyCastle {

    private final BlockCipher AESCipher = new AESEngine();

    private PaddedBufferedBlockCipher pbbc;
    private KeyParameter key;

    public void setPadding(BlockCipherPadding bcp) {
        this.pbbc = new PaddedBufferedBlockCipher(AESCipher, bcp);
    }

    public void setKey(byte[] key) {
        this.key = new KeyParameter(key);
    }

    public byte[] encrypt(byte[] input)
            throws DataLengthException, InvalidCipherTextException {
        return processing(input, true);
    }

    public byte[] decrypt(byte[] input)
            throws DataLengthException, InvalidCipherTextException {
        return processing(input, false);
    }

    private byte[] processing(byte[] input, boolean encrypt)
            throws DataLengthException, InvalidCipherTextException {

        pbbc.init(encrypt, key);

        byte[] output = new byte[pbbc.getOutputSize(input.length)];
        int bytesWrittenOut = pbbc.processBytes(
            input, 0, input.length, output, 0);

        pbbc.doFinal(output, bytesWrittenOut);

        return output;

    }

}

It can be used as following:

KeyGenerator kg = KeyGenerator.getInstance("AES");
kg.init(256);
SecretKey sk = kg.generateKey();

AESBouncyCastle abc = new AESBouncyCastle();
abc.setPadding(new PKCS7Padding());
abc.setKey(sk.getEncoded());

String secret = "This is a secret message!";
System.out.println(secret);
byte[] ba = secret.getBytes("UTF-8");

byte[] encr = abc.encrypt(ba);
System.out.println("Encrypted : "
    + Hex.encodeHexString(encr));
byte[] retr = abc.decrypt(encr);

if ( retr.length == ba.length ) {
    ba = retr;
} else {
    System.arraycopy(retr, 0, ba, 0, ba.length);
}

String decrypted = new String(ba, "UTF-8");
System.out.println(decrypted);

The above starts by creating an AES 256 private key (more about private key generation here). Next, a padding is set. From the Javadoc, available paddings are: ISO10126d2, ISO7816d4, PKCS7, TBC, X923 and ZeroByte.

After retrieving the decrypted byte array, we check for its length, because AES operates with blocks of bytes. The original message length may not be a multiple of these block length.

The generated output is:

This is a secret message!
Encrypted : 6d204e3e52daee09800ba6fd9080653dad04a3d4725f3502b78a89b2150e1f63
This is a secret message!

The Hex class is an Apache Commons tool.

AES 128-192-256 Private Key Generation in Java

Java delivers a standard tool called KeyGenerator to generate private keys. The following describes how to generate private (or symmetric) keys for AES (other algorithms are available too):

KeyGenerator kg = KeyGenerator.getInstance("AES");
SecretKey sk;

kg.init(128);
sk = kg.generateKey();
System.out.print("AES 128 - ");
System.out.println(Hex.encodeHex(sk.getEncoded()));

kg.init(192);
sk = kg.generateKey();
System.out.print("AES 192 - ");
System.out.println(Hex.encodeHex(sk.getEncoded()));

kg.init(256);
sk = kg.generateKey();
System.out.print("AES 256 - ");
System.out.println(Hex.encodeHex(sk.getEncoded()));

The generated output is:

AES 128 - 737677d940a988b04d99667406ea0d18
AES 192 - 727f44e3052aa4a6a72e385b9e9b421592f9ca1f5779925c
AES 256 - 383062669b33959fd8b57d93401c18c9d85d588ee90bb4ee82e486ac90620264

The Hex class is an Apache Commons tool.

How to Generate Diffie-Hellman or DSA Parameters?

Java provides a cryptography algorithm parameter generator for the Diffie-Hellman protocol and DSA (Digital Signature Algorithm).

For the Diffie-Hellman protocol:

AlgorithmParameterGenerator apg
    = AlgorithmParameterGenerator.getInstance("DiffieHellman");
apg.init(512);

AlgorithmParameters ap = apg.generateParameters();
DHParameterSpec dps = (DHParameterSpec)
    ap.getParameterSpec(DHParameterSpec.class);

System.out.println("Diffie-Hellman");
System.out.println("L :" + dps.getL());
System.out.println("P :" + dps.getP());
System.out.println("G :" + dps.getG());

The generated output is:

Diffie-Hellman
L :511
P :8266077972939539471508511844788321242135959675971529125376989640166743180991072673735061975276152293501435845844404151584495666060797732285698897055150387
G :2019537923026914368988722563706571073299959195070870668709287200992494530060354049564673739869083497959173115010462554070989621918531942099145869042943787

For the DSA:

AlgorithmParameterGenerator apg
    = AlgorithmParameterGenerator.getInstance("DSA");
apg.init(512);

AlgorithmParameters ap = apg.generateParameters();
DSAParameterSpec dps = (DSAParameterSpec)
    ap.getParameterSpec(DSAParameterSpec.class);

System.out.println("DSA");
System.out.println("P :" + dps.getP());
System.out.println("Q :" + dps.getQ());
System.out.println("G :" + dps.getG());

The generated output is:

DSA
P :8197719696944927589177120726843658828192492967000538281179885268382184665678774153545503826581953282213697665107441101650781498069116236522448234275281441
Q :1284267634964328541131115801052780210043074500583
G :570004927801867375990232729480351281559717810987031405643673487612900545268295697120844288618676632560887588778557548200272181177045246836759460884667572

How to Generate a Public Private Key Pair in Java?

Java offers features to generate public/private key pairs. The list of available algorithms is: DiffieHellman (Diffie-Hellman), DSA (Digital Signature Algorithm), RSA (Rivest, Shamir and Adleman, and EC (Elliptic Curve).

public static KeyPair generateKeyPair(String algorithm, int keysize)
       throws NoSuchAlgorithmException {

   KeyPairGenerator keyGen = KeyPairGenerator.getInstance(algorithm);
   keyGen.initialize(keysize);

   return keyGen.genKeyPair();

}

Considering the above method and the following:

KeyPair kp = generateKeyPair("RSA", 1200);

System.out.println(kp.getPublic());
System.out.println(kp.getPrivate());

The generated output is:

Sun RSA public key, 1200 bits
  modulus:          9869434664406071422397837320764405182639187275838230993850845712119792960719253107137826291378531088798687188823076370201242339197879199249064933049166569948405393151733986369838996220598856887300012669754735304190978435430220593101694644244314877878605534096811338814490286832890418449631509846730240623970004851838612509884903198786095740146540225924110683179
public exponent: 65537
Sun RSA private CRT key, 1200 bits
  modulus:          9869434664406071422397837320764405182639187275838230993850845712119792960719253107137826291378531088798687188823076370201242339197879199249064933049166569948405393151733986369838996220598856887300012669754735304190978435430220593101694644244314877878605534096811338814490286832890418449631509846730240623970004851838612509884903198786095740146540225924110683179
  public exponent:  65537
  private exponent: 1582133460247649211341863052809113033077609617772501866447914690198369544613218077476692601388877239100340381857198839515605719145107631831037065880564322197811115254773902693158497157951570638902393594757932655753965475860517442661157051743687056572748027450726509909507973409417657097270834672334740647227515714009141606345006585607294455971993731635917157153
  prime p:          3256149439130022408436310311885111793464195858196258233187003768668905068326967709908800218408588778082838728236339782637613895789098072922267211467323843674447148299706221862611571
  prime q:          3031014039405693160199592278696049712727614456472639744562120993703109441692657536297714688397058789187582744250860764288923138208010664879900484905834875292341824001685681393062249
  prime exponent p: 651011277612961893552359339253103129983999242106681288881842476476931551799567540518104418295127008548139766179116532216925627912851550261691369331161699859106779135008478036312303
  prime exponent q: 2314803602335998723791900653692051576540424968504998578742980573658152351590081974292947767962543135291937438889479715480185116658515674930251600928055012332834896823296306504785977
  crt coefficient:  1264506160423420660013941104026558245174285118352499963549245021823942032361239666081851546710377637751263799087922801195636712628068424427135886836129544889379051273632748195244747