Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

A Look at Java Cryptography

DZone's Guide to

A Look at Java Cryptography

A discussion of some key concepts from the Java Cryptographic Architecture (JCA) API that developers can use to add encryption to their Java-based applications.

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Java Cryptographic Architecture (JCA) has been designed to allow for the creation of protocols such as encryption, hashing, cryptography, digital signature, key-generation, and many more.

Here we will look at few concepts using the JCA API.

Salted Hash:

Hackers pre-generate hashes for common passwords and create lookup tables so that they can easily crack hashes. Since hashes will always be the same, a best practice is to increase the level of randomness for the hash alone. A best practice is to employ the use of secure random number generators to create the random salt value for storage.

Hashing a message with SHA512: 

String message = "cantGuessIt@1";
MessageDigest md = MessageDigest.getInstance("SHA-512");
md.update(message.getBytes());
byte[] hash = md.digest();

The above code could be hacked since we are passing the exact same password to get the hash, and storing the hash in a database. 

To avoid this, we use Salts which add randomness to the hash. Hash cracking is often based on reverse lookups where folks generate hashes for popular passwords. The more random, the less likely it is to show up in a lookup tool.

For example, Salt(Random) s = Az234 sd 

We can use the SecureRandom Java class to generate the Salt value.

byte[] salt = new byte[8];
SecureRandom sc = new SecureRandom();
sc.nextBytes(salt);
md.update(message.getBytes());
md.update(salt);
byte[] hash = md.digest();

Cipher Block-Chaining:

i) Cipher Block-Chaining With Block Mode:

Cipher Block-Chaining breaks up the original message into individual chunks and then uses a key to encrypt these chunks individually instead of encrypting the entire message at once. So if we use repeated data, the encrypted result would be the same. Block mode ciphers can disclose information to attackers because the plain text always results in the same encrypted text. This is not a good idea and can be hacked easily.

When asked to select a block cipher, avoid the use of block ciphers known to be weak, like electronic code block (ECB).

//generate a key
KeyGenerator kg = KeyGenerator.hetInstance("DES");
SecretKey key = kg.generateKey();

//Create a new Cipher
Cipher c = Cipher.getInstance("DES/ECB/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, key);

//Encrypt the huge set of data line by line
String strLine = //new Line
encLine = Base64.encodeBase64String()c.doFinal(strLine.getBytes());

ii) Cipher Block-Chaining With Feedback Mode:

Strong block ciphers, such as cipher block chaining (CBC) or output feedback (OFB), will require an initialization vector (IV) to begin the encryption process.

In feedback mode, the previously encrypted blocks are used to encrypt the new blocks. Randomness is added to the first block with a random block called an initialization vector (IV). The next block will use the previously encrypted result with the current block text to generate the next block encryption result.

//generate a key
KeyGenerator kg = KeyGenerator.hetInstance("DES");
SecretKey key = kg.generateKey();

//Create a new Cipher
Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, key);

//Encrypt the huge set of data line by line
String strLine = //new Line
encLine = Base64.encodeBase64String();
c.doFinal(strLine.getBytes());

Hope this gives you a better understanding of Java-based cryptography. Happy learning!

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
jca ,security ,java security ,encryption

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}