Java AES and using my own Key

by

Edit:

As written in the comments the old code is not “best practice”.
You should use a keygeneration algorithm like PBKDF2 with a high iteration count.
You also should use at least partly a non static (meaning for each “identity” exclusive) salt. If possible randomly generated and stored together with the ciphertext.

    SecureRandom sr = SecureRandom.getInstanceStrong();
    byte[] salt = new byte[16];
    sr.nextBytes(salt);

    PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1000, 128 * 8);
    SecretKey key = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(spec);
    Cipher aes = Cipher.getInstance("AES");
    aes.init(Cipher.ENCRYPT_MODE, key);

===========

Old Answer

You should use SHA-1 to generate a hash from your key and trim the result to 128 bit (16 bytes).

Additionally don’t generate byte arrays from Strings through getBytes() it uses the platform default Charset. So the password “blaöä” results in different byte array on different platforms.

byte[] key = (SALT2 + username + password).getBytes("UTF-8");
MessageDigest sha = MessageDigest.getInstance("SHA-1");
key = sha.digest(key);
key = Arrays.copyOf(key, 16); // use only first 128 bit

SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");

Edit:
If you need 256 bit as key sizes you need to download the “Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files” Oracle download link, use SHA-256 as hash and remove the Arrays.copyOf line.
“ECB” is the default Cipher Mode and “PKCS5Padding” the default padding.
You could use different Cipher Modes and Padding Modes through the Cipher.getInstance string using following format: “Cipher/Mode/Padding”

For AES using CTS and PKCS5Padding the string is: “AES/CTS/PKCS5Padding”

More Related Contents:

  1. Java 256-bit AES Password-Based Encryption
  2. How to avoid installing “Unlimited Strength” JCE policy files when deploying an application?
  3. InvalidKeyException Illegal key size
  4. Initial bytes incorrect after Java AES/CBC decryption
  5. How do I check if the user is pressing a key?
  6. How to decrypt file in Java encrypted with openssl command using AES?
  7. Java default Crypto/AES behavior
  8. Do JSON keys need to be unique? [duplicate]
  9. Image encryption/decryption using AES256 symmetric block ciphers [closed]
  10. How to update a value, given a key in a hashmap?
  11. Can an array be used as a HashMap key?
  12. IllegalBlockSizeException when trying to encrypt and decrypt a string with AES
  13. Encrypt and decrypt with AES and Base64 encoding
  14. How to encrypt or decrypt with Rijndael and a block-size of 256 bits?
  15. Why does my AES encryption throws an InvalidKeyException?
  16. Android simulate key press
  17. How to decode a string encoded with openssl aes-128-cbc using java?
  18. How to decrypt an encrypted AES-256 string from CryptoJS using Java? [closed]
  19. AES gets different results in iOS (Obj-C) and Android (Java)
  20. Password Verification with PBKDF2 in Java
  21. Size of data after AES/CBC and AES/ECB encryption
  22. How to create a secure random AES key in Java?
  23. Java openssl encryption / decryption key generation [duplicate]
  24. Cannot recover key [duplicate]
  25. java.security.NoSuchAlgorithmException:Cannot find any provider supporting AES/ECB/PKCS7PADDING
  26. Converting a Char into Java KeyEvent KeyCode
  27. How can I make my AES encryption identical between Java and Objective-C (iPhone)?
  28. How to append to AES encrypted file
  29. Java AES 128 encrypting differently to openssl
  30. AES/CBC/PKCS5Padding vs AES/CBC/PKCS7Padding with 256 key size performance java

Leave a Comment