Understanding Encrypt-Decrypt of txt file by DES

Hi,
I try to understand how Encryption-Decryption done by java.
I create 1 text file named 'Hello.txt' & in that only one line i kept 'Hello World'.
I use 'DES/ECB/PKCS5Padding' as Cipher.
For testing purpose i kept 2 different secret keys, one for Encryption & other for Decryption.
I thought when I decrypt contain which encrypted by differently, i will got error/exception. but i got success.
For understand how key works or how algorithm works, i read wikipedia, & other references got by Google.

My questions:-
1. How 2 different keys works in DES Encryption-Decryption?
2. If i want to use more secure Algorithm for txt file(for example hello.txt) with secret key String which contain 26 characters, which one should i use from below & how:-

AES/CBC/NoPadding (128)
AES/CBC/PKCS5Padding (128)
AES/ECB/NoPadding (128)
AES/ECB/PKCS5Padding (128)
DES/CBC/NoPadding (56)
DES/CBC/PKCS5Padding (56)
DES/ECB/NoPadding (56)
DES/ECB/PKCS5Padding (56)
DESede/CBC/NoPadding (168)
DESede/CBC/PKCS5Padding (168)
DESede/ECB/NoPadding (168)
DESede/ECB/PKCS5Padding (168)
RSA/ECB/PKCS1Padding (1024, 2048)
RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)

3. In jdk1.8.0_51, i cant find SecretKeySpec.java when i used Eclipse's Open Declaration & attached src.zip which i found in JDK folder in Windows pc which used Oracle JDK, But i can find in Linux pc which use OpenJDK! Why this difference? How can i see source of SecretKeySpec.java or other files which should be in 'javax.crypto' in windows PC with Oracle JDK?

Here for reference program which i wrote with help of Google.
Program as below:-
package encrypt_example; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.SecretKeySpec; public class FileEncryption{ private String algorithm; private String securitykey; private String securitykey_decrypt; private File file; public FileEncryption(String algorithm,String path, String securitykey){ this.algorithm=algorithm; this.file=new File(path); this.securitykey = securitykey; } public FileEncryption(String algorithm,String path, String securitykey1, String securitykey2) { this.algorithm=algorithm; this.file=new File(path); this.securitykey = securitykey1; this.securitykey_decrypt = securitykey2; } public void encrypt() throws FileNotFoundException{ try { FileInputStream fis =new FileInputStream(file); file=new File("hello1.txt"); FileOutputStream fos =new FileOutputStream(file); byte k[] = this.securitykey.getBytes(); SecretKeySpec key = new SecretKeySpec(k,"DES"); Cipher encrypt = Cipher.getInstance(algorithm); encrypt.init(Cipher.ENCRYPT_MODE, key); CipherOutputStream cout=new CipherOutputStream(fos, encrypt); byte[] buf = new byte[1024]; int read; while((read=fis.read(buf))!=-1) cout.write(buf,0,read); fis.close(); cout.flush(); cout.close(); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IOException e) { e.printStackTrace(); } } public void decrypt() throws FileNotFoundException{ try { FileInputStream fis =new FileInputStream(file); file=new File("hello2.txt"); FileOutputStream fos =new FileOutputStream(file); byte k[] = securitykey_decrypt.getBytes(); SecretKeySpec key = new SecretKeySpec(k,"DES"); Cipher decrypt = Cipher.getInstance(algorithm); decrypt.init(Cipher.DECRYPT_MODE, key); CipherInputStream cin=new CipherInputStream(fis, decrypt); byte[] buf = new byte[1024]; int read=0; while((read=cin.read(buf))!=-1){ fos.write(buf,0,read); } cin.close(); fos.flush(); fos.close(); BufferedReader br = new BufferedReader(new FileReader("hello2.txt")); StringBuilder sb = new StringBuilder(); String line = br.readLine(); if(line != null){ while (line != null) { sb.append(line); line = br.readLine(); } String everything = sb.toString(); if(everything.equals("Hello World")){ if(this.securitykey.equals(this.securitykey_decrypt)){ System.out.println("Decrypt Success with same key."); }else{ System.out.println("Decrypt Success with Different key."); } }else{ System.out.println("Decrypt Not Success with key."); } } br.close(); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IOException e) { e.printStackTrace(); } } public static void main (String[] args)throws Exception{ String securitykey1 = "abcdef00"; String securitykey2 = "abcdef01"; new FileEncryption("DES/ECB/PKCS5Padding","hello.txt",securitykey1).encrypt(); new FileEncryption("DES/ECB/PKCS5Padding","hello1.txt",securitykey1,securitykey2).decrypt(); } }
When above code runs i got result as below:-
Decrypt Success with Different key.
When i use 2nd key with 02, i got Exception as below:-
java.io.IOException: javax.crypto.BadPaddingException: Given final block not properly padded at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:121) at javax.crypto.CipherInputStream.read(CipherInputStream.java:239) at javax.crypto.CipherInputStream.read(CipherInputStream.java:215) at encrypt_example.FileEncryption.decrypt(FileEncryption.java:75) at encrypt_example.FileEncryption.main(FileEncryption.java:112) Caused by: javax.crypto.BadPaddingException: Given final block not properly padded at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:966) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824) at com.sun.crypto.provider.DESCipher.engineDoFinal(DESCipher.java:314) at javax.crypto.Cipher.doFinal(Cipher.java:2048) at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:118) ... 4 more
Help me.

Problem is with your keys. I suppose it is calculating same values for your given keys. Try to use different keys.

I used different keys and it is giving expected result now:

String securitykey1 = "abcdef12"; String securitykey2 = "abcdef01"; Result: Decrypt Not Success with key.

Also i see 1 more issue, you have used same "file" instance for both input and output stream(Line 64-66 and 40-42). You should use different instance.

Thanks Tushar Goel,

Also i see 1 more issue, you have used same "file" instance for both input and output stream(Line 64-66 and 40-42). You should use different instance.

I change it accordingly my code.

Problem is with your keys. I suppose it is calculating same values for your given keys. Try to use different keys.

I used different keys & got encryption - problem in decryption.
But my question is why i not got error when
String securitykey1 = "abcdef00"; String securitykey2 = "abcdef01"
Why these two strings not different in prospect of SecretKeySpec or Cipher?
For reference here you find my new code which i modified :-
import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.SecretKeySpec; public class FileEncryption{ private String algorithm; private String securitykey; private String securitykey_decrypt; private File file; private File file1; public FileEncryption(String algorithm,String path,String path1, String securitykey){ this.algorithm=algorithm; if(!path.isEmpty()){ this.file = new File(path); } if(!path1.isEmpty()){ this.file1 = new File(path1); } this.securitykey = securitykey; } public FileEncryption(String algorithm,String path,String path1, String securitykey1, String securitykey2) { this.algorithm=algorithm; if(!path.isEmpty()){ this.file = new File(path); } if(!path1.isEmpty()){ this.file1 = new File(path1); } this.securitykey = securitykey1; this.securitykey_decrypt = securitykey2; } public void encrypt() throws FileNotFoundException{ try { FileInputStream fis =new FileInputStream(file); file=new File("hello1.txt"); FileOutputStream fos =new FileOutputStream(file); byte k[] = this.securitykey.getBytes(); SecretKeySpec key = new SecretKeySpec(k,"DES"); Cipher encrypt = Cipher.getInstance(algorithm); encrypt.init(Cipher.ENCRYPT_MODE, key); CipherOutputStream cout=new CipherOutputStream(fos, encrypt); byte[] buf = new byte[1024]; int read; while((read=fis.read(buf))!=-1) cout.write(buf,0,read); fis.close(); cout.flush(); cout.close(); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IOException e) { e.printStackTrace(); } } public void decrypt() throws FileNotFoundException{ try { FileInputStream fis =new FileInputStream(file1); file1=new File("hello2.txt"); FileOutputStream fos =new FileOutputStream(file1); byte k[] = securitykey_decrypt.getBytes(); SecretKeySpec key = new SecretKeySpec(k,"DES"); Cipher decrypt = Cipher.getInstance(algorithm); decrypt.init(Cipher.DECRYPT_MODE, key); CipherInputStream cin=new CipherInputStream(fis, decrypt); byte[] buf = new byte[1024]; int read=0; while((read=cin.read(buf))!=-1){ fos.write(buf,0,read); } cin.close(); fos.flush(); fos.close(); BufferedReader br = new BufferedReader(new FileReader("hello2.txt")); StringBuilder sb = new StringBuilder(); String line = br.readLine(); if(line != null){ while (line != null) { sb.append(line); line = br.readLine(); } String everything = sb.toString(); if(everything.equals("Hello World")){ if(this.securitykey.equals(this.securitykey_decrypt)){ System.out.println("Decrypt Success with same key."); }else{ System.out.println("Decrypt Success with Different key."); } }else{ System.out.println("Decrypt Not Success with key."); } } br.close(); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IOException e) { e.printStackTrace(); } } public static void main (String[] args)throws Exception{ String securitykey1 = "abcdef00"; String securitykey2 = "abcdef01"; if(securitykey1.equals(securitykey2)){ System.out.println("securitykey1 is same as securitykey2."); }else{ System.out.println("securitykey1 is not same as securitykey2."); } new FileEncryption("DES/ECB/PKCS5Padding","hello.txt","",securitykey1).encrypt(); new FileEncryption("DES/ECB/PKCS5Padding","","hello1.txt",securitykey1,securitykey2).decrypt(); } }

Mandar Khire wrote:
1. How 2 different keys works in DES Encryption-Decryption?

With DES, you can actually "decrypt" plain text and you will get a cipher text. This text is not readable, until you "encrypt" it back to plain text.

So, when you encrypt with one key and then "decrypt" with a second key, you are effectively encrypting twice. To get back the original plain text, you will need to encrypt with the second key, and then decrypt with the first key (reversing the process).

Henry

Thanks Henry Wong,
As you wrote

With DES, you can actually "decrypt" plain text and you will get a cipher text. This text is not readable, until you "encrypt" it back to plain text.

When i use Encryption key
String securitykey1 = "abcdef00";
I got result as below in 'hello1.txt
øŽC yfi#hœ—.€-8;

& to this file i decrypt it by using key
String securitykey2 = "abcdef01";
I got result as same as original file!

I know that

So, when you encrypt with one key and then "decrypt" with a second key, you are effectively encrypting twice. To get back the original plain text, you will need to encrypt with the second key, and then decrypt with the first key (reversing the process).

My question is why not i get exceptions when i using different keys.
I tried with String securitykey1 = "abcdef00"; String securitykey2 = "abcdef02";
Then i got exceptions which is valid.

1 thing i know that(I read Wikipedia)

In symmetric-key schemes,[3] the encryption and decryption keys are the same. Communicating parties must have the same key before they can achieve secure communication.

In DES

The Data Encryption Standard was once a predominant symmetric-key algorithm for the encryption of electronic data.

&

Controversies arose out of classified design elements, a relatively short key length of the symmetric-key block cipher design, and the involvement of the NSA, nourishing suspicions about a backdoor.

.

What you're seeing is because you're using a really crappy algorithm (DES) with a really crappy block mode (ECB) and two keys that are very similar.

This will probably fail if you use an algorithm such as AES in CTR mode. When you do this, you also need to output the IV of the encryption phase, and pass that in an IvParameterSpec to the decryption Cipher.

For proper message encryption you will want to use an AEAD algorithm, such as AES-GCM.

or CBC mode with PKCS5Padding

No. Authentication should be part of any encryption, and AES in CBC mode does not provide authentication without a MAC.

Unless you're gonna create some fancy secure protocol (which most of us probably never will), don't use low level crypto like AES-CBC. Instead, use AEAD algorithms like AES-GCM or AES-CCM.

This is important: Encryption and authentication are closely related. Don't encrypt without authentication!

Thanks Stephan van Hulst,

For proper message encryption you will want to use an AEAD algorithm, such as AES-GCM.

I change my code for 'AES'
Code is as below:-
import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.security.InvalidKeyException; import java.security.Key; import java.security.NoSuchAlgorithmException; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.SecretKeySpec; public class FileEncryption{ private static final String ALGORITHM = "AES"; private static final String TRANSFORMATION = "AES"; public static void main (String[] args)throws Exception{ String key = "abcdefghijklmn00"; String key1 = "abcdefghijklmn01"; File inputFile = new File("hello.txt"); File encryptedFile = new File("hello1.txt"); File decryptedFile = new File("hello2.txt"); encrypt(key, inputFile, encryptedFile); decrypt(key1, encryptedFile, decryptedFile); } public static void encrypt(String key, File inputFile, File outputFile){ doCrypto(Cipher.ENCRYPT_MODE, key, inputFile, outputFile); } public static void decrypt(String key, File inputFile, File outputFile){ doCrypto(Cipher.DECRYPT_MODE, key, inputFile, outputFile); } private static void doCrypto(int cipherMode, String key, File inputFile, File outputFile){ try { Cipher cipher = null; FileInputStream inputStream = null; byte[] inputBytes = null; byte[] outputBytes = null; FileOutputStream outputStream = null; Key secretKey = null; if(!key.isEmpty()){ if(key.length() > 15 && key.length() < 17){ secretKey = new SecretKeySpec(key.getBytes(), ALGORITHM); cipher = Cipher.getInstance(TRANSFORMATION); if(secretKey != null){ cipher.init(cipherMode, secretKey); if(inputFile.exists()){ inputStream = new FileInputStream(inputFile); if(inputStream != null){ inputBytes = new byte[(int) inputFile.length()]; if(inputBytes != null){ inputStream.read(inputBytes); outputBytes = cipher.doFinal(inputBytes); outputStream = new FileOutputStream(outputFile); if(outputBytes != null){ outputStream.write(outputBytes); inputStream.close(); outputStream.close(); } } } } } } } } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException | BadPaddingException | IllegalBlockSizeException | IOException ex) { ex.printStackTrace(); } } }
By this i got exception when i used 2 different keys.

This is important: Encryption and authentication are closely related. Don't encrypt without authentication!

What is authentication in above examples? Did i miss it?

for second question in first post:-
Which Algorithm should i use when i want to use key length is 26 characters?
example
String key = "D0A81F-E11293-4B5D29-BCEC1";

Mandar Khire wrote:I change my code for 'AES'
[...]
What is authentication in above examples? Did i miss it?

Yes, you're not authenticating the ciphertext. You can do this with a HMAC or preferably with an AEAD algorithm. The transformation would be "AES/GCM/NoPadding".

Which Algorithm should i use when i want to use key length is 26 characters?

You're directly using your passwords as key material. This is bad. You should use a key factory that transforms passwords to secret keys. First, use a PBEKeySpec to generate the key material, and then transform that key material to an AES key. You should also never use String to store passwords. Use char[] or byte[] arrays.

Another problem is that you're not saving the initialization vector with your encrypted message. Without the IV, you can not decrypt messages on the other side.

Here's a complete example:
import java.io.*; import java.security.*; import java.security.spec.*; import java.util.*; import javax.crypto.*; import javax.crypto.spec.*; final class Message { private final byte[] cipherText, iv; private final int tagLength; private Message(byte[] cipherText, byte[] iv, int tagLength) { this.cipherText = cipherText; this.iv = iv; this.tagLength = tagLength; } static Message encrypt(String plainText, SecretKey key) throws InvalidKeyException { try { Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); cipher.init(Cipher.ENCRYPT_MODE, key); GCMParameterSpec spec = cipher.getParameters().getParameterSpec(GCMParameterSpec.class); byte[] cipherText = cipher.doFinal(plainText.getBytes("UTF-8")); return new Message(cipherText, spec.getIV(), spec.getTLen()); } catch ( NoSuchAlgorithmException | NoSuchPaddingException | InvalidParameterSpecException | UnsupportedEncodingException | IllegalBlockSizeException | BadPaddingException ex ) { throw new AssertionError(); } } String decrypt(SecretKey key) throws InvalidKeyException, BadPaddingException { try { Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); cipher.init(Cipher.DECRYPT_MODE, key, new GCMParameterSpec(this.tagLength, this.iv)); return new String(cipher.doFinal(this.cipherText), "UTF-8"); } catch ( NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | UnsupportedEncodingException | IllegalBlockSizeException ex ) { throw new AssertionError(); } } @Override public String toString() { Base64.Encoder encoder = Base64.getEncoder(); return String.format("%s %s %d", encoder.encodeToString(this.cipherText), encoder.encodeToString(this.iv), this.tagLength ); } private static SecretKey generateKey(char[] password) { try { byte[] salt = new byte[8]; SecureRandom.getInstance("SHA1PRNG").nextBytes(salt); PBEKeySpec spec = new PBEKeySpec(password, salt, 65536, 128); try { SecretKeyFactory kf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); SecretKey pbeKey = kf.generateSecret(spec); return new SecretKeySpec(pbeKey.getEncoded(), "AES"); } finally { spec.clearPassword(); } } catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { throw new AssertionError(); } finally { Arrays.fill(password, (char) 0); } } public static void main(String... args) throws Exception { // This is an example. Don't put passwords in your code! Use a key store or key exchange protocol instead. SecretKey key = generateKey(new char[] { 'M', 'y', ' ', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd', '.' }); Message message = Message.encrypt("Hello world!", key); System.out.println(message); System.out.println(message.decrypt(key)); } }

Technically, this example can be considered insecure because I'm using String for the plainText, which causes sensitive data to remain in memory for longer than needed. Sensitive plain text, just like passwords, should be passed as byte[] or char[] arrays.

Thanks Stephan van Hulst,

You're directly using your passwords as key material. This is bad. You should use a key factory that transforms passwords to secret keys. First, use a PBEKeySpec to generate the key material, and then transform that key material to an AES key. You should also never use String to store passwords. Use char[] or byte[] arrays.

.
This is not password but it look like password, i some how get HDD productkey & UUID.
Some how i use 'message digest algorithm' with those two & generate long string then convert it as given string.
So it look like Password.
But for each different pc, it is different. Or we can say with different HDD, it different.
Its compulsory for me to use it.
By reading given example i try to Encrypt & decrypt txt file. but i failed.
Here is my source code
import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidParameterSpecException; import java.util.Arrays; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; public class FileEncryption{ private String algorithm; private String securitykey; private String securitykey_decrypt; private File file; private File file1; private static byte[] iv; private static int tagLength; public static void main (String[] args)throws Exception{ String str = "D0A81F-E11293-4B5D29-BCEC1"; new FileEncryption("AES/GCM/NoPadding","hello.txt","",str).encrypt(); new FileEncryption("AES/GCM/NoPadding","","hello1.txt",str,str).decrypt(); } public FileEncryption(String algorithm,String path,String path1, String securitykey){ this.algorithm=algorithm; if(!path.isEmpty()){ this.file = new File(path); } if(!path1.isEmpty()){ this.file1 = new File(path1); } this.securitykey = securitykey; } public FileEncryption(String algorithm,String path,String path1, String securitykey1, String securitykey2) { this.algorithm=algorithm; if(!path.isEmpty()){ this.file = new File(path); } if(!path1.isEmpty()){ this.file1 = new File(path1); } this.securitykey = securitykey1; this.securitykey_decrypt = securitykey2; } public void encrypt() throws FileNotFoundException{ try { FileInputStream fis =new FileInputStream(file); file=new File("hello1.txt"); FileOutputStream fos =new FileOutputStream(file); char[] stringToCharArray = this.securitykey.toCharArray(); SecretKey key = generateKey(stringToCharArray); Cipher encrypt = Cipher.getInstance(algorithm); encrypt.init(Cipher.ENCRYPT_MODE, key); GCMParameterSpec spec = encrypt.getParameters().getParameterSpec(GCMParameterSpec.class); Message(spec.getIV(),spec.getTLen()); CipherOutputStream cout=new CipherOutputStream(fos, encrypt); byte[] buf = new byte[1024]; int read; while((read=fis.read(buf))!=-1) cout.write(buf,0,read); fis.close(); cout.flush(); cout.close(); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidParameterSpecException | IOException e) { e.printStackTrace(); } } public void decrypt() throws FileNotFoundException{ Cipher decrypt = null; try { FileInputStream fis =new FileInputStream(file1); file1=new File("hello2.txt"); FileOutputStream fos =new FileOutputStream(file1); char[] stringToCharArray = this.securitykey.toCharArray(); SecretKey key = generateKey(stringToCharArray); decrypt = Cipher.getInstance(this.algorithm); decrypt.init(Cipher.DECRYPT_MODE, key, new GCMParameterSpec(FileEncryption.tagLength, FileEncryption.iv)); CipherInputStream cin=new CipherInputStream(fis, decrypt); byte[] buf = new byte[1024]; int read=0; while((read=cin.read(buf))!=-1){ fos.write(buf,0,read); } cin.close(); fos.flush(); fos.close(); fileread(); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IOException e) { e.printStackTrace(); } } private void fileread() { try { String line = null; BufferedReader br = new BufferedReader(new FileReader("hello2.txt")); StringBuilder sb = new StringBuilder(); line = br.readLine(); if(line != null){ while (line != null) { sb.append(line); line = br.readLine(); } String everything = sb.toString(); if(everything.equals("Hello World")){ if(this.securitykey.equals(this.securitykey_decrypt)){ System.out.println("Decrypt Success with same key."); }else{ System.out.println("Decrypt Success with Different key."); } }else{ System.out.println("Decrypt Not Success with key."); } } br.close(); } catch (IOException e) { e.printStackTrace(); } } private void Message( byte[] iv, int tagLength) { FileEncryption.iv = iv; FileEncryption.tagLength = tagLength; } private static SecretKey generateKey(char[] password) { try { byte[] salt = new byte[26]; SecureRandom.getInstance("SHA1PRNG").nextBytes(salt); PBEKeySpec spec = new PBEKeySpec(password, salt, 65536, 128); try { SecretKeyFactory kf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); SecretKey pbeKey = kf.generateSecret(spec); return new SecretKeySpec(pbeKey.getEncoded(), "AES"); } finally { spec.clearPassword(); } }catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { throw new AssertionError(); } finally { Arrays.fill(password, (char) 0); } } }
but i got Exception as below:-
java.io.IOException: javax.crypto.AEADBadTagException: Tag mismatch! at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:115) at javax.crypto.CipherInputStream.read(CipherInputStream.java:233) at javax.crypto.CipherInputStream.read(CipherInputStream.java:209) at FileEncryption.decrypt(FileEncryption.java:102) at FileEncryption.main(FileEncryption.java:37) Caused by: javax.crypto.AEADBadTagException: Tag mismatch! at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:524) at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1023) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:960) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824) at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436) at javax.crypto.Cipher.doFinal(Cipher.java:2048) at javax.crypto.CipherInputStream.getMoreData(CipherInputStream.java:112) ... 4 more

Can i get help to solve this?

That's logical, because you're generating a new key for each operation. You need to generate a key only once, and reuse that key if you want to decrypt any message encrypted with that key. Generating a new key with the same key material won't work.

Stop coding, and figure out what your requirements are.

- Who is going to encrypt?
- Who is going to decrypt?
- How are you going to share the secret between these two parties? (Remember, a secret is secret, so don't use predictable data such as hardware IDs.)
- How are you going to store the secret between sessions? (Key stores or enter password every time?)

A few more things:

- There is no use in calling toCharArray() on a String containing sensitive data. Once the sensitive data is in the form of a String, you have already lost.
- It doesn't matter whether it's an UUID or user input, a variable amount of characters should be considered a password, and an actual secret key should be derived from that.
- You are not using the IV properly. THIS IS A HUGE SECURITY FLAW. The IV should be unique for every encryption operation.

I suggest you read up on block ciphers, initialization vectors, symmetric keys, message authentication and good cryptography practices in general. If you don't understand why you're writing a particular line of code, you're probably breaking security.

Thanks Stephan van Hulst,
I got my mistake & resolve it as

That's logical, because you're generating a new key for each operation. You need to generate a key only once, and reuse that key if you want to decrypt any message encrypted with that key.

- Who is going to encrypt?
- Who is going to decrypt?
- How are you going to share the secret between these two parties? (Remember, a secret is secret, so don't use predictable data such as hardware IDs.)
- How are you going to store the secret between sessions? (Key stores or enter password every time?)

Yes, i will rethink about these questions.

Once the sensitive data is in the form of a String, you have already lost.
- It doesn't matter whether it's an UUID or user input, a variable amount of characters should be considered a password, and an actual secret key should be derived from that.

I just give you small hint of my logic (HDD etc), other 4 to 5 factors i used for generate sensitive data.
Then I Encrypt my sensitive data with SHA-512. It generate 128 character string, from it i just use 24 characters.
(These 26 also i pick with one another logic which randomly chose it. out of 128.)
So as per my requirements, i think that i use more complexity for picking string for security key. Now from your example i used more complexity to generate 'Security key'.
This also not sufficient to secure a 'security key'?

- You are not using the IV properly. THIS IS A HUGE SECURITY FLAW. The IV should be unique for every encryption operation.

I will work on it.

I suggest you read up on block ciphers, initialization vectors, symmetric keys, message authentication and good cryptography practices in general. If you don't understand why you're writing a particular line of code, you're probably breaking security.

I definitely study about those things.

I found link which shows CipherInputStream for AEAD modes is insecure in JDK7 (GCM, EAX, etc.)
If this is true, then which other Algorithm i should use for more secure my 'hello.txt'.
waiting for expert comments.

Here i give working code:-
import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.FileReader; import java.io.IOException; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidParameterSpecException; import java.util.Arrays; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; public class FileEncryption{ private String algorithm; private String securitykey; private String securitykey_decrypt; private File file; private File file1; private static byte[] iv; private static int tagLength; private static SecretKey key = null; public static void main (String[] args)throws Exception{ String str = "D0A81F-E11293-4B5D29-BCEC1"; new FileEncryption("AES/GCM/NoPadding","hello.txt","",str).encrypt(); new FileEncryption("AES/GCM/NoPadding","","hello1.txt",str,str).decrypt(); } public FileEncryption(String algorithm,String path,String path1, String securitykey){ this.algorithm=algorithm; if(!path.isEmpty()){ this.file = new File(path); } if(!path1.isEmpty()){ this.file1 = new File(path1); } this.securitykey = securitykey; } public FileEncryption(String algorithm,String path,String path1, String securitykey1, String securitykey2) { this.algorithm=algorithm; if(!path.isEmpty()){ this.file = new File(path); } if(!path1.isEmpty()){ this.file1 = new File(path1); } this.securitykey = securitykey1; this.securitykey_decrypt = securitykey2; } public void encrypt() throws FileNotFoundException{ try { FileInputStream fis =new FileInputStream(file); file=new File("hello1.txt"); FileOutputStream fos =new FileOutputStream(file); char[] stringToCharArray = this.securitykey.toCharArray(); key = generateKey(stringToCharArray); Cipher encrypt = Cipher.getInstance(algorithm); encrypt.init(Cipher.ENCRYPT_MODE, key); GCMParameterSpec spec = encrypt.getParameters().getParameterSpec(GCMParameterSpec.class); Message(spec.getIV(),spec.getTLen(),key); CipherOutputStream cout=new CipherOutputStream(fos, encrypt); byte[] buf = new byte[1024]; int read; while((read=fis.read(buf))!=-1) cout.write(buf,0,read); fis.close(); cout.flush(); cout.close(); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidParameterSpecException | IOException e) { e.printStackTrace(); } } public void decrypt() throws FileNotFoundException{ Cipher decrypt = null; try { FileInputStream fis =new FileInputStream(file1); file1=new File("hello2.txt"); FileOutputStream fos =new FileOutputStream(file1); char[] stringToCharArray = this.securitykey.toCharArray(); // SecretKey key = generateKey(stringToCharArray); decrypt = Cipher.getInstance(this.algorithm); decrypt.init(Cipher.DECRYPT_MODE, FileEncryption.key, new GCMParameterSpec(FileEncryption.tagLength, FileEncryption.iv)); CipherInputStream cin=new CipherInputStream(fis, decrypt); byte[] buf = new byte[1024]; int read=0; while((read=cin.read(buf))!=-1){ fos.write(buf,0,read); } cin.close(); fos.flush(); fos.close(); fileread(); } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | InvalidAlgorithmParameterException | IOException e) { e.printStackTrace(); } } private void fileread() { try { String line = null; BufferedReader br = new BufferedReader(new FileReader("hello2.txt")); StringBuilder sb = new StringBuilder(); line = br.readLine(); if(line != null){ while (line != null) { sb.append(line); line = br.readLine(); } String everything = sb.toString(); if(everything.equals("Hello World")){ if(this.securitykey.equals(this.securitykey_decrypt)){ System.out.println("Decrypt Success with same key."); }else{ System.out.println("Decrypt Success with Different key."); } }else{ System.out.println("Decrypt Not Success with key."); } } br.close(); } catch (IOException e) { e.printStackTrace(); } } private void Message( byte[] iv, int tagLength, SecretKey key2) { FileEncryption.iv = iv; FileEncryption.tagLength = tagLength; FileEncryption.key = key2; } private static SecretKey generateKey(char[] password) { try { byte[] salt = new byte[26]; SecureRandom.getInstance("SHA1PRNG").nextBytes(salt); PBEKeySpec spec = new PBEKeySpec(password, salt, 65536, 128); try { SecretKeyFactory kf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); SecretKey pbeKey = kf.generateSecret(spec); return new SecretKeySpec(pbeKey.getEncoded(), "AES"); } finally { spec.clearPassword(); } }catch (NoSuchAlgorithmException | InvalidKeySpecException ex) { throw new AssertionError(); } finally { Arrays.fill(password, (char) 0); } } }

Mandar Khire wrote:I just give you small hint of my logic (HDD etc), other 4 to 5 factors i used for generate sensitive data.
Then I Encrypt my sensitive data with SHA-512. It generate 128 character string, from it i just use 24 characters.
(These 26 also i pick with one another logic which randomly chose it. out of 128.)
So as per my requirements, i think that i use more complexity for picking string for security key. Now from your example i used more complexity to generate 'Security key'.
This also not sufficient to secure a 'security key'?

I really don't understand this. Either generate a completely random secret key once and distribute it to every trusted application (In a key store!!!), or derive a key from a password. Why are you even using hardware IDs and other factors? This serves absolutely no purpose other than making the password less secure. Your custom hashing and byte juggling is probably cryptographically WEAK. This is exactly why you should derive a secret key using a SecretKeyFactory instead. Don't mess with primitives like SHA-512!

I found link which shows CipherInputStream for AEAD modes is insecure in JDK7 (GCM, EAX, etc.)
If this is true, then which other Algorithm i should use for more secure my 'hello.txt'.

I believe this issue has been fixed in more recent versions. If it hasn't, stop using CipherInputStream, and just use Cipher directly. You're not using CipherInputStream like a stream anyway.

- Why is iv static?
- Why is tagLength static?
- Why are you using securitykey2? Symmetric algorithms require one key.
- Why are you storing the password (Yes, you're using "D0A81F-E11293-4B5D29-BCEC1" as a password) as a String?
- Why are you using String for paths, and not Path?
- Why are you constructing a Message without using it?
- Why are you storing the key in the message (THIS IS BAAAAD).
- Why are you using buffers if you're working with streams?
- Why are you not using try-with-resources for your streams?

If you want to encrypt an entire file, you need to think about the file format of your encrypted file. AES-GCM will only store the cipher text and the authentication tag. You still need to store the initialization vector, and possibly other header information (like the algorithm used, the algorithm parameters, etc.)

Thanks Stephan van Hulst,

I really don't understand this....

Actually my actual work done by very first program with DES though it very bad. But for educating myself i try to do RnD & improving myself.
Fact is, the String which i share with you, is just part of one logic which use in Licensing of StandAlone desktop application.
Using this string which actually not use as String actually in program i should do encrypt & decrypt some files in same application.

Why are you even using hardware IDs and other factors?

I dont find any other way to generate Product key for standalone java app.
User of my app is not that much of Educated to crack things like professional hackers.(Might be.)
But i know...what i am doing...I cant fool myself by giving very bad logic.

My aim is
example PC A has app & it will has product key by that i will give License key to user. Now if i can store that info in some file, i should encrypt it & hide it.
Whenever i have to cross verify license, i will decrypt that file, fetch data & cross verify it.
Now if i copy this hidden & encrypted file, paste it into PC B, by thought of cracking license, it should give me error. So i use Hardware based some key.
I not depend on 1 hardware, i take 4-5 things which very essential for pc.
Each give me some data & each data i encrypt with some logic with different algorithm. So i try to make complex to get license key.

1 more thing PC A & B or other may be Linux(Centos/Ubuntu/Fedora) or Windows(XP/7/8).
I think this explanation is quite sufficient to understand why i use that string which look like password!

Don't mess with primitives like SHA-512!

Why? I dont understand it!

If it hasn't, stop using CipherInputStream, and just use Cipher directly. You're not using CipherInputStream like a stream anyway.

I will definitely try this.

Why is iv static?
- Why is tagLength static?
- Why are you using securitykey2? Symmetric algorithms require one key.
- Why are you storing the password (Yes, you're using "D0A81F-E11293-4B5D29-BCEC1" as a password) as a String?
- Why are you using String for paths, and not Path?
- Why are you constructing a Message without using it?
- Why are you storing the key in the message (THIS IS BAAAAD).
- Why are you using buffers if you're working with streams?
- Why are you not using try-with-resources for your streams?

Because i dont know how to improve my Hello (Cryptography)world code. I will defiantly work on it.

f you want to encrypt an entire file, you need to think about the file format of your encrypted file.

File format means .txt or .en or .den ? or something else?

AES-GCM will only store the cipher text and the authentication tag. You still need to store the initialization vector, and possibly other header information (like the algorithm used, the algorithm parameters, etc.)

Can i get expert explanation about this?

Mandar Khire wrote:My aim is example PC A has app & it will has product key by that i will give License key to user. Now if i can store that info in some file, i should encrypt it & hide it.
Whenever i have to cross verify license, i will decrypt that file, fetch data & cross verify it.
Now if i copy this hidden & encrypted file, paste it into PC B, by thought of cracking license, it should give me error. So i use Hardware based some key.
I not depend on 1 hardware, i take 4-5 things which very essential for pc.
Each give me some data & each data i encrypt with some logic with different algorithm. So i try to make complex to get license key.

You don't need to encrypt anything. All you need to do is create a license file that has a digital signature authenticating the contents of the license. You can store the hardware id and other factors in plain text, add a signature, and when the application starts, crosscheck the contents of the file with the device that the app is running on, and verify the digital signature. You don't need to hide anything at all.

Don't mess with primitives like SHA-512!

You shouldn't be using SHA-512 in an encryption algorithm, because high-level encryption algorithms already exist. By using SHA-512 (which is a hashing algorithm) to create your own algorithm, you're reinventing the wheel, and in crypto, that's a very bad idea.

f you want to encrypt an entire file, you need to think about the file format of your encrypted file.

This means how you're going to lay out the information you want to store in the file. You can have your custom file format. You can't just put the cipher text into a file and then decrypt it again later without extra information.

AES-GCM will only store the cipher text and the authentication tag. You still need to store the initialization vector, and possibly other header information (like the algorithm used, the algorithm parameters, etc.)

So let's say you encrypted some plain text and stored the cipher text. How are you going to decrypt it? You can't just enter the key and hope for the best. You need to understand that AES-GCM requires the same initialization vector you used to encrypt with. If you don't store that, how are you going to get it? To understand this, you really need to read how block cipher encryption modes work.