Professional Documents
Culture Documents
Examples
SecureRandom
SecureRandom class is used to generate a cryptographically strong
pseudo random number by using a PRNG Algorithm. The following are the
advantages of using SecureRandom over Random. 1. SecureRandom
produces a cryptographically strong pseudo random number generator. 2.
SecureRandom produces cryptographically strong sequences as described
in RFC 1750: Randomness Recommendations for Security
package org.owasp.java.crypto;
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
import sun.misc.BASE64Encoder;
/**
* @author Joe Prasanna Kumar
* This program provides the functionality for
Generating a Secure Random Number.
*
* There are 2 ways to generate a Random number
through SecureRandom.
* 1. By calling nextBytes method to generate Random
Bytes
* 2. Using setSeed(byte[]) to reseed a Random object
*
*/
public class SecureRandomGen {
/**
* @param args
*/
public static void main(String[] args) {
try {
// Initialize a secure random number
generator
SecureRandom secureRandom =
SecureRandom.getInstance("SHA1PRNG");
secureRandom.setSeed(seed);
import
java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import sun.misc.BASE64Encoder;
/**
* @author Joe Prasanna Kumar
* This program provides the following cryptographic
functionalities
* 1. Encryption using AES
* 2. Decryption using AES
*
* High Level Algorithm :
* 1. Generate a AES key (specify the Key size during
this phase)
* 2. Create the Cipher
* 3. To Encrypt : Initialize the Cipher for Encryption
* 4. To Decrypt : Initialize the Cipher for Decryption
*
*
*/
try {
/**
* Step 1. Generate an AES key using
KeyGenerator Initialize the
* keysize to 128 bits (16 bytes)
*
*/
KeyGenerator keyGen =
KeyGenerator.getInstance("AES");
keyGen.init(128);
SecretKey secretKey =
keyGen.generateKey();
/**
* Step 2. Generate an Initialization
Vector (IV)
* a. Use SecureRandom to
generate random bits
* The size of the IV
matches the blocksize of the cipher (128 bits for AES)
* b. Construct the appropriate
IvParameterSpec object for the data to pass to Cipher's
init() method
*/
/**
* Step 3. Create a Cipher by
specifying the following parameters
* a. Algorithm name - here it
is AES
* b. Mode - here it is CBC
mode
* c. Padding - e.g. PKCS7 or
PKCS5
*/
Cipher aesCipherForEncryption =
Cipher.getInstance("AES/CBC/PKCS7PADDING"); // Must
specify the mode explicitly as most JCE providers
default to ECB mode!!
/**
* Step 4. Initialize the Cipher for
Encryption
*/
aesCipherForEncryption.init(Cipher.ENCRYPT_MODE,
secretKey,
new IvParameterSpec(iv));
/**
* Step 5. Encrypt the Data
* a. Declare / Initialize the
Data. Here the data is of type String
* b. Convert the Input Text to
Bytes
* c. Encrypt the bytes using
doFinal method
*/
strDataToEncrypt = "Hello World of
Encryption using AES ";
byte[] byteDataToEncrypt =
strDataToEncrypt.getBytes();
byte[] byteCipherText =
aesCipherForEncryption
.doFinal(byteDataToEncrypt);
// b64 is done differently on Android
strCipherText = new
BASE64Encoder().encode(byteCipherText);
System.out.println("Cipher Text
generated using AES is "
+ strCipherText);
/**
* Step 6. Decrypt the Data
* a. Initialize a new instance
of Cipher for Decryption (normally don't reuse the same
object)
* Be sure to obtain the
same IV bytes for CBC mode.
* b. Decrypt the cipher bytes
using doFinal method
*/
Cipher aesCipherForDecryption =
Cipher.getInstance("AES/CBC/PKCS7PADDING"); // Must
specify the mode explicitly as most JCE providers
default to ECB mode!!
aesCipherForDecryption.init(Cipher.DECRYPT_MODE,
secretKey,
new IvParameterSpec(iv));
byte[] byteDecryptedText =
aesCipherForDecryption
.doFinal(byteCipherText);
strDecryptedText = new
String(byteDecryptedText);
System.out
.println(" Decrypted Text
message is " + strDecryptedText);
}
catch (IllegalBlockSizeException
illegalBlockSize) {
System.out.println(" Illegal Block Size
" + illegalBlockSize);
}
catch (InvalidAlgorithmParameterException
invalidParam) {
System.out.println(" Invalid Parameter
" + invalidParam);
}
}
}
Des Encryption and Decryption
package org.owasp.crypto;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.Cipher;
import java.security.NoSuchAlgorithmException;
import java.security.InvalidKeyException;
import
java.security.InvalidAlgorithmParameterException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import sun.misc.BASE64Encoder;
/**
* @author Joe Prasanna Kumar
* This program provides the following cryptographic
functionalities
* 1. Encryption using DES
* 2. Decryption using DES
*
* The following modes of DES encryption are supported
by SUNJce provider
* 1. ECB (Electronic code Book) - Every plaintext
block is encrypted separately
* 2. CBC (Cipher Block Chaining) - Every plaintext
block is XORed with the previous ciphertext block
* 3. PCBC (Propogating Cipher Block Chaining) -
* 4. CFB (Cipher Feedback Mode) - The previous
ciphertext block is encrypted and this enciphered block
is XORed with the plaintext block to produce the
corresponding ciphertext block
* 5. OFB (Output Feedback Mode) -
*
* High Level Algorithm :
* 1. Generate a DES key
* 2. Create the Cipher (Specify the Mode and Padding)
* 3. To Encrypt : Initialize the Cipher for Encryption
* 4. To Decrypt : Initialize the Cipher for Decryption
*
* Need for Padding :
* Block ciphers operates on data blocks on fixed size
n.
* Since the data to be encrypted might not always be a
multiple of n, the remainder of the bits are padded.
* PKCS#5 Padding is what will be used in this program
*
*/
try{
/**
* Step 1. Generate a DES key using
KeyGenerator
*
*/
KeyGenerator keyGen =
KeyGenerator.getInstance("DES");
SecretKey secretKey = keyGen.generateKey();
/**
* Step2. Create a Cipher by specifying the
following parameters
* a. Algorithm name - here it
is DES
* b. Mode - here it is CBC
* c. Padding - PKCS5Padding
*/
Cipher desCipher =
Cipher.getInstance("DES/CBC/PKCS5Padding"); /* Must
specify the mode explicitly as most JCE providers
default to ECB mode!! */
/**
* Step 3. Initialize the Cipher for
Encryption
*/
desCipher.init(Cipher.ENCRYPT_MODE,secretKey);
/**
* Step 4. Encrypt the Data
* 1. Declare / Initialize the Data.
Here the data is of type String
* 2. Convert the Input Text to
Bytes
* 3. Encrypt the bytes using
doFinal method
*/
strDataToEncrypt = "Hello World of
Encryption using DES ";
byte[] byteDataToEncrypt =
strDataToEncrypt.getBytes();
byte[] byteCipherText =
desCipher.doFinal(byteDataToEncrypt);
strCipherText = new
BASE64Encoder().encode(byteCipherText);
System.out.println("Cipher Text generated
using DES with CBC mode and PKCS5 Padding is "
+strCipherText);
/**
* Step 5. Decrypt the Data
* 1. Initialize the Cipher for
Decryption
* 2. Decrypt the cipher bytes using
doFinal method
*/
desCipher.init(Cipher.DECRYPT_MODE,secretKey,desCi
pher.getParameters());
//desCipher.init(Cipher.DECRYPT_MODE,secretKey);
byte[] byteDecryptedText =
desCipher.doFinal(byteCipherText);
strDecryptedText = new
String(byteDecryptedText);
System.out.println(" Decrypted Text message
is " +strDecryptedText);
}
catch (NoSuchPaddingException
noSuchPad)
{
System.out.println(" No Such
Padding exists " + noSuchPad);
}
catch (InvalidKeyException
invalidKey)
{
System.out.println(" Invalid
Key " + invalidKey);
}
catch (BadPaddingException
badPadding)
{
System.out.println(" Bad
Padding " + badPadding);
}
catch (IllegalBlockSizeException
illegalBlockSize)
{
System.out.println(" Illegal
Block Size " + illegalBlockSize);
}
catch
(InvalidAlgorithmParameterException invalidParam)
{
System.out.println(" Invalid
Parameter " + invalidParam);
}
}