Title: GS: Chapter 4 Symmetric Encryption in Java
1GS Chapter 4Symmetric Encryption in Java
2Topics
- Blowfish
- Password-based encryption (PBE)
- Key storage
- Modes
- Cipher streams and IV (initialization vector)
- Sealed objects
3Applications of symmetric encryptions
- File encryption
- Network encryption
- Database encryption
- Applications that require encryption of large
amount of data.
4Javax.crypto.KeyGenerator
- http//java.sun.com/j2se/1.4.1/docs/api/javax/cryp
to/KeyGenerator.html - Provides the functionality of a (symmetric) key
generator - Key generators are constructed using one of the
getInstance class methods. - KeyGenerator objects are reusable, i.e., after a
key has been generated, the same KeyGenerator
object can be re-used to generate further keys. - There are two ways to generate a key in an
algorithm-independent manner, and in an
algorithm-specific manner. The only difference
between the two is the initialization of the
object.
5Javax.crypto.KeyGenerator
- Using KeyGenerator
- Create a new key generator
- KeyGenerator keyGenerator KeyGenerator.getInstan
ce (DESede) - Note DESede is a triple DES variant with three
DES keys k1, k2, k3. The message is encrypted
with k1 first, then decrypted with k2, and
finally encrypted again with k3. This increases
the key space and prevents brute force attacks. - Initialize the key generator with the size of the
key - keyGenerator.init (168) // initialized to 168
bits - Generate the key object
- Key myKey keyGenerator.generateKey ( )
6Java.security.Key
- http//java.sun.com/j2se/1.4.1/docs/api/java/secur
ity/Key.html - java.security Interface Key
- All Superinterfaces
- Serializable
- All Known Subinterfaces
- DHPrivateKey, DHPublicKey, DSAPrivateKey,
DSAPublicKey, PBEKey, PrivateKey, PublicKey,
RSAMultiPrimePrivateCrtKey, RSAPrivateCrtKey,
RSAPrivateKey, RSAPublicKey, SecretKey - All Known Implementing Classes
- KerberosKey, SecretKeySpec
7Java.security.Key
- The Key interface is the top-level interface for
all keys. It defines the functionality shared by
all key objects. - All keys have three characteristics
- The key algorithm for that key
- An external encoded form for the key used when a
standard representation of the key is needed
outside the Java Virtual Machine, as when
transmitting the key to some other party - The name of the format of the encoded key
- Keys are generally obtained through key
generators, key factory, certificates, or various
Identity classes used to manage keys. - Examples javax.crypto.KeyGenerator( )
java.security.KeyFactory( )
8Javax.crypto.Cipher
- http//java.sun.com/j2se/1.4.1/docs/api/
- public class Cipher
- extends Object
- This class provides the functionality of a
cryptographic cipher for encryption and
decryption. It forms the core of the Java
Cryptographic Extension (JCE) framework. - To use a Cipher getInstance( ), init( ), update(
), doFinal( ).
9Javax.crypto.Cipher.getInstance( )
- In order to create a Cipher object, the
application calls the Cipher's getInstance
method, and passes the name of the requested
transformation to it. - static Cipher getInstance(String transformation)
Generates a Cipher object that implements the
specified transformation. - static Cipher getInstance(String transformation,
Provider provider) Creates a Cipher object that
implements the specified transformation, as
supplied by the specified provider. - static Cipher getInstance(String transformation,
String provider) Creates a Cipher object that
implements the specified transformation, as
supplied by the specified provider.
10Javax.crypto.Cipher.getInstance( )
- Examples
- Cipher cipher Cipher.getInstance("DES/CBC/PKCS5P
adding") - Cipher cipher Cipher.getInstance(DESede/ECB/PKC
S5Padding)
11Javax.crypto.Cipher.init( )
- Initialize an instance of Cipher
- Declares the operating mode (ENCRYPT_MODE,
DECRYPT_MODE, WRAP_MODE, UNWRAP_MODE) - Pass a key (java.security.Key) to the cipher
- Example
- Cipher.init (Cipher.ENCRYPT_MODE, myKey)
- Note When a Cipher object is initialized, it
loses all previously-acquired state. In other
words, initializing a Cipher is equivalent to
creating a new instance of that Cipher and
initializing it.
12Javax.crypto.Cipher.update( )
- Pass the information to be encrypted/decrypted to
the cipher - The information must be in the form of a byte
array. - Note Ciphers typically buffer their output. If
the buffer has not been filled, null will be
returned. - Alternative update( ) methods
- byte update (byte input)
- byte plaintext myString.getBytes (UTF8)
- byte ciphertext cipher.update (plaintext)
- int update (byte  input, int inputOffset,
int inputLen, byte  output, int outputOffset) - Continues a multiple-part encryption or
decryption operation (depending on how this
cipher was initialized), processing another data
part.
13Javax.crypto.Cipher.doFinal( )
- Finish the operation
- Â byte doFinal( ) Finishes a multiple-part
encryption or decryption operation, depending on
how this cipher was initialized. -  byte doFinal(byte input) Encrypts or
decrypts data in a single-part operation, or
finishes a multiple-part operation. - Example
- Byte ciphertext cipher.doFinal ( )
14SimpleExample.java
- P.69 SimpleExample.java (see http//sce.cl.uh.edu
/yang/teaching/proJavaSecurityCode.html) - Sample output
- gtjava SimpleExample "How are you doing?"
- Plain MessageHow are you doing?
- Generating a TripleDES key...
- Done generating the key.
- Now encrypting the message
- Message Encrypted
- Ciphertext-74-45759-44-115-19-8-56-99-47794393-45
-107-41-125-127-233271855 - Now decrypting the message
- Message decrypted
- Decrypted text How are you doing?
15BlowfishExample.java
- Blowfish keys can be any bit size from 8 to 448,
as long as the number if divisible by 8. - p.69 BlowfishExample.java (see
http//sce.cl.uh.edu/yang/teaching/proJavaSecurity
Code.html) - Sample output
- gtjava BlowfishExample "It's a wonderful day!"
- Generating a Blowfish key...
- Done generating the key.
- Plaintext
- 73 116 39 115 32 97 32 119 111 110 100 101 114
102 117 108 32 100 97 121 33 - Ciphertext
- -77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86
56 -86 51 -127 -125 30 48 -64 11 - 2 -37 -125
- Decrypted text It's a wonderful day!
16Password-based encryption (PBE)
- hashing symmetric encryption
- The user-provided password is hashed by a message
digest algorithm, such as SHA. - The hash value is then used to construct a key
for a symmetric encryption algorithm, such as
Blowfish. - The plaintext is then encrypted by the symmetric
encryption algorithm. - Problems?
- PBE is usually less secure, due to its smaller
key space. - Passwords may suffer dictionary attack.
- Two people might choose the same password, which
would create two identical entries in the
password file.
17Password-based encryption (PBE)
- PBE salt iteration count
- A salt is a randomly generated piece of data, say
64 bits, that is added to each password. - The combined saltpassword is used to generate
the key. - The key is then used to generate a symmetric
cipher. - For the purpose of decryption, the salt must be
stored as part of the ciphertext. - See figures on page 74.
18Password-based encryption (PBE)
19Base64 Encoding
- Effective in representing ASCII data as 6-bit
characters (save one bit per character) - Widely used in networking transmissions of data
e.g., in MIME emails other Internet-related
applications - Input N bytes
- Number of output characters
- (N 8 / 24) 4, if N8 24 is zero
- (N 8 / 24 1) 4, otherwise.
- Example N 8 bytes.
- (64 / 24 1) 4 ? 12 characters
- See http//nas.cl.uh.edu/yang/teaching/csci5939Dat
abaseSecurity/base64.ppt, RFC2045, and Appendix C.
20Password-based encryption (PBE)
21Password-based encryption (PBE)
- Random.nextBytes (byte  bytes) Generates
random bytes and places them into a user-supplied
byte array. - public class PBEKeySpec
- extends Object
- implements KeySpec
- A user-chosen password that can be used with
password-based encryption (PBE). - The password can be viewed as some kind of raw
key material, from which the encryption mechanism
that uses it derives a cryptographic key.
22Password-based encryption (PBE)
- public class SecretKeyFactory extends Object
- This class represents a factory for secret keys.
- Key factories are used to convert keys (opaque
cryptographic keys of type Key) into key
specifications (transparent representations of
the underlying key material), and vice versa.
Secret key factories operate only on secret
(symmetric) keys. - Key factories are bi-directional, i.e., they
allow to build an opaque key object from a given
key specification (key material), or to retrieve
the underlying key material of a key object in a
suitable format. - Application developers should refer to their
provider's documentation to find out which key
specifications are supported by the
generateSecret and getKeySpec methods.
23Password-based encryption
- Twofish encryption algorithm
- A symmetric block cipher that accepts keys of any
length, up to 256 bits - Among the new encryption algorithms being
considered by the National Institute of Science
and Technology (NIST) as a replacement for the
DES algorithm - Highly secure and flexible
- Works extremely well with large microprocessors,
8-bit smart card microprocessors, and dedicated
hardware. - (Source http//www.wiley.com/cda/product/0,,04713
53817,00.html)
24Password-based encryption
- An example program PBE.java (see
http//sce.cl.uh.edu/yang/teaching/proJavaSecurity
Code.html) - Sample PBE encryption/decryption
- gtjava PBE -e sasquatch "Hello World!"
- yrVhjq5djcoeSIS1LbeAtu5KIKf5ntNhg
- gtjava PBE -e sasquatch "Hello World!"
- lQ1lzMl8ONMGBJFXSnpbltXowvJTmck1w
- gtjava PBE -d sasquatch "lQ1lzMl8ONMGBJFXSnpbltXow
vJTmck1w" - Hello World!
25Key storage
- Storage of keys in a persistent media (file,
database) for later retrieval or transportation - Objectives The stored keys must be protected.
- Problems?
- If the key storage is compromised, the data
protected by the keys become unprotected. - Solutions?
- Use PBE to encrypt the keys. Problems?
26Key storage
- Key Wrapping
- The wrap( ) method, defined in javax.crypto.Cipher
, takes a key as an argument and returns the
encrypted value of the key as a byte array. - Example
- cipher.init (Cipher.WRAP_MODE, passwordKey,
paramSpec) - byte encryptedKeyBytes cipher.wrap
(secretKey) - To decrypt the key
- cipher.init (Cipher.UNWRAP_MODE, passwordKey,
paramSpec) - Key key cipher.unwrap(encryptedKeyBytes,
Blowfish, Cipher.SECRET_KEY)
27Key storage
- Key Encryption
- Use the getEncoded( ) method, as defined in
java.security.Key, to encrypt the key. - Example
- byte keyBytes myKey.getEncoded( )
- cipher.init (Cipher.ENCRYPT_MODE, passwordKey,
paramSpec) - byte encryptedKeyBytes cipher.doFinal
(keyBytes) - To decrypt the key
- cipher.init (Cipher.DECRYPT_MODE, passwordKey,
paramSpec) - byte keyBytes cipher.doFinal
(encryptedKeyBytes) - SecretKeySpec myKey new SecretKeySpec
(keyBytes, Blowfish )
28Padding
- Padding is needed to make the size of the
plaintext to be a multiple of the block size. - Most symmetric algorithms use one of two types of
padding - No padding requires the data end on a block
exactly - PKCS5 padding (PKCS Public Key Cryptography
Standard) - Suppose there are N bytes in a block that need to
be padded. - Fill each of the N bytes with the value N.
- If the data end on a multiple of the block size,
add an entire block of padding. - (See the illustration on p.81.)
29Modes of DES
- ECB, CBC
- CFB (Cipher FeedBack)
- Similar to CBC, but may work on smaller chunks of
data (8 bits for example). - OFB (Output FeedBack)
- Similar to CFB, but provides better protection
against data loss during transmission. - That is, a single-bit error will not cause the
whole block to be lost, as in the cases of ECB,
CBC and CFB.
30Cipher streams and IV
- Javax.crypto.CipherInputStream
- javax.crypto.CipherOutputStream
- They provide convenient wrappers around standard
input and output streams for them to be
automatically encrypted or decrypted. - Initialization Vector (IV)
- A sequence of random bytes appended to the front
of the plaintext before encryption by a block
cipher. - Adding the initialization vector to the beginning
of the plaintext eliminates the possibility of
having the initial ciphertext block the same for
any two messages. - How to determine the size of a IV, given a
cipher? Example A 256-bit Rijndael cipher needs
a 16-byte IV.
31IV in Java
- public class IvParameterSpec
- extends Object
- implements AlgorithmParameterSpec
- This class specifies an initialization vector
(IV). Examples which use IVs are ciphers in
feedback mode, e.g., DES in CBC mode and RSA
ciphers with OAEP encoding operation. - (NOTE See page 434 for RSA-OAEP padding.)
32Rijndael
- What is Rijndael ? (Dutch, pronounced as Rain
Doll) - Rijndael is a block cipher, designed by Joan
Daemen and Vincent Rijmen as a candidate
algorithm for the AES.The cipher has a variable
block length and key length. We currently
specified how to use keys with a length of 128,
192, or 256 bits to encrypt blocks with al length
of 128, 192 or 256 bits. - (Source http//www.esat.kuleuven.ac.be/rijmen/ri
jndael/) - After nearly four years of evaluation, in October
2000, Rijndael was selected by the NIST as the
AES' (Advanced Encryption Standard). See the
press release.
33FileEncryptor.java
- FileEncryptor.java (see http//sce.cl.uh.edu/yang/
teaching/proJavaSecurityCode.html) - Four functions
- createKey( password )
- loadKey ( password )
- encrypt ( password, inputFile, outputEncryptedFile
) - decrypt ( password, inputEncryptedFile,
outputfile)
34Sealed objects
- Sealed object An object that is encrypted.
- The object must be serializable.
- Sealed objects can be useful for storing or
transferring an encrypted version of an object. - The default JDK 1.2 prevents extensions from
using the class loader to create classes that are
neither standard objects nor extensions. That
is, a custom object such as a CreditCard object,
wont be able to be decrypted. - See Appendix D the EncryptedObject class for a
better sealed object implementation.
35Sealed objects
- SealedObjectExample.java (see http//sce.cl.uh.edu
/yang/teaching/proJavaSecurityCode.html) - Sample output
- gtjava SealedObjectExample
- Creating a key.
- Encrypting the object.
- Unencrypting the object.
- Credit card number 1234567890
36Next
- Asymmetric Encryption (GS 5)
- Relevant links
- RFC 1829 - The ESP DES-CBC Transform - This
document describes the DES-CBC security transform
for the IP Encapsulating Security Payload (ESP). - The GNU Crypto project This project aims at
providing free, versatile, high-quality, and
provably correct implementations of cryptographic
primitives and tools in the Java programming
language for use by programmers and end-users.
Its also got a comprehensive listing of
crypto-related algorithms.