Java Symmetric Encryption

I Recently had been given a task to Encrypt a file and then Compress it. Requirements were that i have to use some given password while Encrypting. Best Algorithm that comes in mind for such requirements is Symmetric Encryption Algorithms
I choose to Implement it using DES as well as AES. Below are sample programs which do Encryption

In the program below i used salt (some text to generate key) and password to encrypt file. This also stores key in file system incase you want to serialize or send to another system where you decrypt

/**
 * 
 */
package com.linkwithweb.encryption;

import java.security.MessageDigest;
import java.security.SecureRandom;
import java.util.Arrays;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/**
 * @author Ashwin Kumar
 * 
 */
public class AESEncryptorWithSalt {
	/** name of the character set to use for converting between characters and bytes */
	private static final String CHARSET_NAME = "UTF-8";

	/** random number generator algorithm */
	private static final String RNG_ALGORITHM = "SHA1PRNG";

	/** message digest algorithm (must be sufficiently long to provide the key and initialization vector) */
	private static final String DIGEST_ALGORITHM = "SHA-256";

	/** key algorithm (must be compatible with CIPHER_ALGORITHM) */
	private static final String KEY_ALGORITHM = "AES";

	/** cipher algorithm (must be compatible with KEY_ALGORITHM) */
	private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";

	/**
	 * Private constructor that should never be called.
	 */
	private AESEncryptorWithSalt() {
	}

	/**
	 * Encrypt the specified cleartext using the given password.
	 * With the correct salt, number of iterations, and password, the decrypt() method reverses
	 * the effect of this method.
	 * This method generates and uses a random salt, and the user-specified number of iterations
	 * and password to create a 16-byte secret key and 16-byte initialization vector.
	 * The secret key and initialization vector are then used in the AES-128 cipher to encrypt
	 * the given cleartext.
	 * 
	 * @param salt
	 *            salt that was used in the encryption (to be populated)
	 * @param iterations
	 *            number of iterations to use in salting
	 * @param password
	 *            password to be used for encryption
	 * @param cleartext
	 *            cleartext to be encrypted
	 * @return
	 *         ciphertext
	 * @throws Exception
	 *             on any error encountered in encryption
	 */
	public static byte[] encrypt(final byte[] salt, final int iterations,
			final String password, final byte[] cleartext) throws Exception {
		/* generate salt randomly */
		SecureRandom.getInstance(RNG_ALGORITHM).nextBytes(salt);

		/* compute key and initialization vector */
		final MessageDigest shaDigest = MessageDigest
				.getInstance(DIGEST_ALGORITHM);
		byte[] pw = password.getBytes(CHARSET_NAME);

		for (int i = 0; i < iterations; i++) {
			/* add salt */
			final byte[] salted = new byte[pw.length + salt.length];
			System.arraycopy(pw, 0, salted, 0, pw.length);
			System.arraycopy(salt, 0, salted, pw.length, salt.length);
			Arrays.fill(pw, (byte) 0x00);

			/* compute SHA-256 digest */
			shaDigest.reset();
			pw = shaDigest.digest(salted);
			Arrays.fill(salted, (byte) 0x00);
		}

		/* extract the 16-byte key and initialization vector from the SHA-256 digest */
		final byte[] key = new byte[16];
		final byte[] iv = new byte[16];
		System.arraycopy(pw, 0, key, 0, 16);
		System.arraycopy(pw, 16, iv, 0, 16);
		Arrays.fill(pw, (byte) 0x00);

		/* perform AES-128 encryption */
		final Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);

		cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, KEY_ALGORITHM),
				new IvParameterSpec(iv));

		Arrays.fill(key, (byte) 0x00);
		Arrays.fill(iv, (byte) 0x00);

		return cipher.doFinal(cleartext);
	}

	/**
	 * Decrypt the specified ciphertext using the given password.
	 * With the correct salt, number of iterations, and password, this method reverses the effect
	 * of the encrypt() method.
	 * This method uses the user-specified salt, number of iterations, and password
	 * to recreate the 16-byte secret key and 16-byte initialization vector.
	 * The secret key and initialization vector are then used in the AES-128 cipher to decrypt
	 * the given ciphertext.
	 * 
	 * @param salt
	 *            salt to be used in decryption
	 * @param iterations
	 *            number of iterations to use in salting
	 * @param password
	 *            password to be used for decryption
	 * @param ciphertext
	 *            ciphertext to be decrypted
	 * @return
	 *         cleartext
	 * @throws Exception
	 *             on any error encountered in decryption
	 */
	public static byte[] decrypt(final byte[] salt, final int iterations,
			final String password, final byte[] ciphertext) throws Exception {
		/* compute key and initialization vector */
		final MessageDigest shaDigest = MessageDigest
				.getInstance(DIGEST_ALGORITHM);
		byte[] pw = password.getBytes(CHARSET_NAME);

		for (int i = 0; i = 0) {
				out.write(buf, 0, numRead);
			}
			out.close();
		} catch (java.io.IOException e) {
		}
	}

	/**
	 * To Decrypt
	 * 
	 * @param in
	 * @param out
	 */
	public void decrypt(InputStream in, OutputStream out) {
		try {
			// Bytes read from in will be decrypted
			in = new CipherInputStream(in, dcipher);

			// Read in the decrypted bytes and write the cleartext to out
			int numRead = 0;
			while ((numRead = in.read(buf)) >= 0) {
				out.write(buf, 0, numRead);
			}
			out.close();
		} catch (java.io.IOException e) {
		}
	}

}


Below is code for DES Encryption with Password




/**
 * 
 */
package com.linkwithweb.encryption;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/**
 * @author Ashwin Kumar
 * 
 */
public class DESEncryptorWithSalt {
	Cipher ecipher;
	Cipher dcipher;

	/**
	 * @param key
	 */
	public DESEncryptorWithSalt(SecretKey key) {
		PBEParameterSpec pbeParamSpec;

		// Salt
		byte[] salt = { (byte) 0xc7, (byte) 0x73, (byte) 0x21, (byte) 0x8c,
				(byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0x99 };

		// Iteration count
		int count = 20;

		// Create PBE parameter set
		pbeParamSpec = new PBEParameterSpec(salt, count);

		try {
			ecipher = Cipher.getInstance("PBEWithMD5AndDES");
			dcipher = Cipher.getInstance("PBEWithMD5AndDES");

			// CBC requires an initialization vector
			ecipher.init(Cipher.ENCRYPT_MODE, key, pbeParamSpec);
			dcipher.init(Cipher.DECRYPT_MODE, key, pbeParamSpec);
		} catch (Exception e) {
			e.printStackTrace();
		}
	}

	/**
	 * @param args
	 */
	public static void main(String[] args) {
		try {
			// Create encrypter/decrypter class
			DESEncryptorWithSalt encrypter = new DESEncryptorWithSalt(
					getKeySpec());

			// Encrypt
			encrypter.encrypt(new FileInputStream("c:\\zip\\myfigs.zip"),
					new FileOutputStream("c:\\zip\\myfigs2.zip"));
			// Decrypt
			encrypter.decrypt(new FileInputStream("c:\\zip\\myfigs2.zip"),
					new FileOutputStream("c:\\zip\\myfigs3.zip"));
		} catch (Exception e) {
			e.printStackTrace();
		}
	}

	/**
	 * @param args
	 */
	public static void testStringEncryption(String[] args) {
		PBEKeySpec pbeKeySpec;
		PBEParameterSpec pbeParamSpec;
		SecretKeyFactory keyFac;

		// Salt
		byte[] salt = { (byte) 0xc7, (byte) 0x73, (byte) 0x21, (byte) 0x8c,
				(byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0x99 };

		// Iteration count
		int count = 20;

		// Create PBE parameter set
		pbeParamSpec = new PBEParameterSpec(salt, count);

		// Prompt user for encryption password.
		// Collect user password as char array (using the
		// "readPassword" method from above), and convert
		// it into a SecretKey object, using a PBE key
		// factory.
		pbeKeySpec = new PBEKeySpec(new String("Rami").toCharArray());
		try {
			keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
			SecretKey pbeKey;
			pbeKey = keyFac.generateSecret(pbeKeySpec);

			// Create PBE Cipher
			Cipher pbeCipher;
			pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");

			// Initialize PBE Cipher with key and parameters
			pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

			// Our cleartext
			byte[] cleartext = "This is another example".getBytes();

			// Encrypt the cleartext
			byte[] ciphertext = pbeCipher.doFinal(cleartext);

			System.out.println(" ciphertext  :" + ciphertext);

			// Initialize PBE Cipher with key and parameters
			pbeCipher.init(Cipher.DECRYPT_MODE, pbeKey, pbeParamSpec);

			// Encrypt the cleartext
			byte[] finaltext = pbeCipher.doFinal(ciphertext);

			System.out.println(" finaltext  :" + new String(finaltext));

		} catch (IllegalBlockSizeException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (BadPaddingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (InvalidAlgorithmParameterException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (InvalidKeyException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (NoSuchPaddingException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		} catch (InvalidKeySpecException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
	}

	/**
	 * To Generate and Return Key
	 * 
	 * @return
	 * @throws IOException
	 * @throws NoSuchAlgorithmException
	 */
	public static SecretKeySpec getKeySpec() throws IOException,
			NoSuchAlgorithmException {
		byte[] bytes = new byte[16];
		File f = new File("sample_Des_key");

		PBEKeySpec pbeKeySpec;
		PBEParameterSpec pbeParamSpec;
		SecretKeyFactory keyFac;

		// Salt
		byte[] salt = { (byte) 0xc7, (byte) 0x73, (byte) 0x21, (byte) 0x8c,
				(byte) 0x7e, (byte) 0xc8, (byte) 0xee, (byte) 0x99 };

		// Iteration count
		int count = 20;

		// Create PBE parameter set
		pbeParamSpec = new PBEParameterSpec(salt, count);

		// Prompt user for encryption password.
		// Collect user password as char array (using the
		// "readPassword" method from above), and convert
		// it into a SecretKey object, using a PBE key
		// factory.
		pbeKeySpec = new PBEKeySpec(new String("Rami").toCharArray());
		try {
			if (f.exists()) {
				new FileInputStream(f).read(bytes);
			} else {
				keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
				SecretKey pbeKey;
				pbeKey = keyFac.generateSecret(pbeKeySpec);
				bytes = pbeKey.getEncoded();
				new FileOutputStream(f).write(bytes);
			}

		} catch (InvalidKeySpecException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}

		SecretKeySpec spec = null;

		spec = new SecretKeySpec(bytes, "PBEWithMD5AndDES");
		return spec;
	}

	// Buffer used to transport the bytes from one stream to another
	byte[] buf = new byte[1024];

	/**
	 * To Encrypt
	 * 
	 * @param in
	 * @param out
	 */
	public void encrypt(InputStream in, OutputStream out) {
		try {
			// Bytes written to out will be encrypted
			out = new CipherOutputStream(out, ecipher);

			// Read in the cleartext bytes and write to out to encrypt
			int numRead = 0;
			while ((numRead = in.read(buf)) >= 0) {
				out.write(buf, 0, numRead);
			}
			out.close();
		} catch (java.io.IOException e) {
		}
	}

	/**
	 * To Decrypt
	 * 
	 * @param in
	 * @param out
	 */
	public void decrypt(InputStream in, OutputStream out) {
		try {
			// Bytes read from in will be decrypted
			in = new CipherInputStream(in, dcipher);

			// Read in the decrypted bytes and write the cleartext to out
			int numRead = 0;
			while ((numRead = in.read(buf)) >= 0) {
				out.write(buf, 0, numRead);
			}
			out.close();
		} catch (java.io.IOException e) {
		}
	}

}








Below is the sample code that can Compress List of Given Files 



/**
 * 
 */
package com.linkwithweb.compression;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.util.zip.Adler32;
import java.util.zip.CheckedOutputStream;
import java.util.zip.ZipEntry;
import java.util.zip.ZipOutputStream;

/**
 * @author Ashwin Kumar
 * 
 */

public class CompressionUtility {
	static final int BUFFER = 2048;

	public static void main(String argv[]) {
		try {
			BufferedInputStream origin = null;
			FileOutputStream dest = new FileOutputStream("c:\\zip\\myfigs.zip");
			CheckedOutputStream checksum = new CheckedOutputStream(dest,
					new Adler32());
			ZipOutputStream out = new ZipOutputStream(new BufferedOutputStream(
					checksum));
			// out.setMethod(ZipOutputStream.DEFLATED);
			byte data[] = new byte[BUFFER];
			// get a list of files from current directory
			File f = new File(".");
			String files[] = f.list();

			for (int i = 0; i < files.length; i++) {
				try {
					System.out.println("Adding: " + files[i]);
					FileInputStream fi = new FileInputStream(files[i]);
					origin = new BufferedInputStream(fi, BUFFER);
					ZipEntry entry = new ZipEntry(files[i]);
					out.putNextEntry(entry);
					int count;
					while ((count = origin.read(data, 0, BUFFER)) != -1) {
						out.write(data, 0, count);
					}
					origin.close();
				} catch (Exception e) {
					// Ignore
				}
			}
			out.close();
			System.out.println("checksum:    "
					+ checksum.getChecksum().getValue());
		} catch (Exception e) {
			e.printStackTrace();
		}
	}
}

Download following link and rename to .zip to get a mavenized project sample
EncryptionAndCompressionUtility

More Encryption related articles will continue !!!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s