• Post Reply Bookmark Topic Watch Topic
  • New Topic

Reducing the encrypted data size using AES256 encryption and base64  RSS feed

 
raj chopra
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I am trying to encrypting data using the AES256 algorithm, and the saving encrypted data with base64 encoding format in the database.

However post the encryption and encoding to base64, the length of the data field is increased .

I am wondering is there any way to restrict the encoding format before actually saving it into the database? or is there any other mechanism in AES256 algorithm in reducing the actual data size and then encrypt. such that the output of the encrypted data will be less in size .

Any light or any workaround would be great help to me.
 
Tushar Goel
Ranch Hand
Posts: 934
4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I dont think it is good practice to reduce the size and then encrypt. That means you are compromising with the security.
Also as you are converting into Base64 then size of encrypted data will be double.

 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since AES is a block cipher then even with the most trivial final block padding you will increase the encrypted size by up to 15 bytes and using PKCS5 padding you will increase the size by up to 16 bytes. Since you should be using one of the feedback block modes you will need to use some IV (initialisation vector) which needs to be transmitted with the ciphertext and will typically be 8 random bytes (padded to 16 before use). Base64 encoding increases the length of the encrypted data by a factor of approximately 4/3.

There is little point in trying to compress the ciphertext either before or after Base64 encoding since compression works by exploiting redundancy and a major design feature of AES (and most other block ciphers) is to make the ciphertext have little or no redundancy. Compression only really makes sense if applied before encryption when it can usually exploit any redundancy and it does not compromise security.

Why do you think you need to Base64 encode the ciphertext? The raw ciphertext can be written to files and, using BLOB, it can be written to databases.
 
raj chopra
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tushar,

Thanks for your reply. I have seen some sample implementation with AES256 and base64 encoding together while searching in web.
Please let me know if there are any other encoding/encryption techniques which could store the data in limited size .
 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tushar Goel wrote:I dont think it is good practice to reduce the size and then encrypt. That means you are compromising with the security.

No. If anything it improves security.

Also as you are converting into Base64 then size of encrypted data will be double.


No. The size increases by about a factor of about 4/3 . Hex encoding will double the size.
 
raj chopra
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Richard

Thanks for reply,
It was quite informative.


I am encoding the encrypted field and then storing in database, just to provide one more level of encryption while saving in it to database. I will remove the encoding base64 before saving it and will see how much i can lower the odds.


Just to provide more info :
Actually the encryption in java are similar to a encryption in cloud based platform called APEX used in SalesForce. I am encrypting by using the standard class provided in salesforce. These classes and packages used are similar to java encryption packages but with minor changes .

So i am in path of understanding the encryption AES256 in java and the similar implementation in SalesForce too.
 
Richard Tookey
Bartender
Posts: 1166
17
Java Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
raj chopra wrote:
Just to provide more info :
Actually the encryption in java are similar to a encryption in cloud based platform called APEX used in SalesForce. I am encrypting by using the standard class provided in salesforce. These classes and packages used are similar to java encryption packages but with minor changes .


I'm not familiar with APEX or SalesForce but I hope that the SalesForce documentation details the encryption beyond just saying it is AES and that it details these "minor changes". You should really employ the services of a top class security consultant before going live or you risk litigation of anything goes wrong.
 
raj chopra
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Richard,

Thanks for the advice. This was a practise implementation in java only as of now. The objective was to determine if they are any handy implementations in java that could reduce the encrypted data and so forth working on similar techniques in other technology.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!