how can the decryption happen at a later stage with this AES program

Question

i am really not able to figure this out myself so please help me out. this is a program to encrypt contents of an existing file keeper.txt using 128bit AES putting the encrypted text into newly created file called Encrypted.txt, then decrypting the contents of Encrypted.txt into newly created file called Decrypted.txt

everytime this program is run it generates a random key for the encryption.

i am just trying to figure out if i have to give somebody the Encrypted.txt file and how can he decrypt the file later using this code or by slightly modifying this code .

i think its not possible to send him the key generated by this program .. is it ? cause when i try to print the key using system.out it doesn't give the key.

help me out please

package org.temp2.cod1;

import java.io.InputStream;
import java.io.OutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.io.ObjectInputStream;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyGenerator;

import java.security.spec.AlgorithmParameterSpec;

public class AESEncrypter
{
Cipher ecipher;
Cipher dcipher;

public AESEncrypter(SecretKey key)
{
// Create an 8-byte initialization vector
byte[] iv = new byte[]
{
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};

AlgorithmParameterSpec paramSpec = new IvParameterSpec(iv);
try
{
ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

// CBC requires an initialization vector
ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
}
catch (Exception e)
{
e.printStackTrace();
}
}

// Buffer used to transport the bytes from one stream to another
byte[] buf = new byte[1024];

public void encrypt(InputStream in, OutputStream out)
{
try
{
// Bytes written to out will be encrypted
out = new CipherOutputStream(out, ecipher);

// Read in the cleartext bytes and write to out to encrypt
int numRead = 0;
while ((numRead = in.read(buf)) >= 0)
{
out.write(buf, 0, numRead);
}
out.close();
}
catch (java.io.IOException e)
{
}
}

public void decrypt(InputStream in, OutputStream out)
{
try
{
// Bytes read from in will be decrypted
in = new CipherInputStream(in, dcipher);

// Read in the decrypted bytes and write the cleartext to out
int numRead = 0;
while ((numRead = in.read(buf)) >= 0)
{
out.write(buf, 0, numRead);
}
out.close();
}
catch (java.io.IOException e)
{
}
}

public static void main(String args[])
{
try
{
// Generate a temporary key. In practice, you would save this key.
// See also e464 Encrypting with DES Using a Pass Phrase.

KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
SecretKey key = kgen.generateKey();

// Create encrypter/decrypter class
AESEncrypter encrypter = new AESEncrypter(key);

// Encrypt
encrypter.encrypt(new FileInputStream("C:\\keeper.txt"),new FileOutputStream("C:\\Encrypted.txt"));
// Decrypt
encrypter.decrypt(new FileInputStream("C:\\Encrypted.txt"),new FileOutputStream("C:\\Decrypted.txt"));
}
catch (Exception e)
{
e.printStackTrace();
}
}
}

Answer 1

Try getting the key by calling key.getEncoded(). This would return a byte array. Then you can use a Base64 utility (like apache-commons codec) to transform the byte array into String.

Be advised, however, that sending someone the encrypted file as well as the decryption key is a compromised action from security perspective.

Answer 2

You could modify the code to encrypt based on a pass-phrase.

http://stackoverflow.com/questions/372268/java-passphrase-encryption

It might be easier to agree a pass-phrase with your friend that exchange a generated key, especially if you only want protection against opportunists reading your email.

Answer 3

You can get encoded version of the key by calling

   byte[] keyBytes = secretKey.getEncoded();

For AES, there is not really any encoding involved so you will get the raw bytes (16 bytes for 128-bit). The keyBytes is binary so you can't print it. You can hex or base64 encode it if you need to send it in text format. The other party can reconstitute the key like this,

  SecretKey key = new SecretKeySpec(keyBytes, "AES");

I answered another your question yesterday regarding Sun's AES example. This is where the author was confused. He did both steps at the same time.

Often, it's easier for human to remember if you use password as the secret and generate the key from password. This is called PBE (Password-Based Encryption). Following is the code I use to generate keys,

   public static SecretKey getAesKey(char[] password, int keyLength)
   throws GeneralSecurityException {

  int count = 128; // Iteration count
  byte[] salt;
  try {
   salt = "This is a fixed salt string".getBytes("UTF-8");
  } catch (UnsupportedEncodingException e) {
   throw new IllegalStateException("No UTF-8");
  }
  PBEKeySpec keySpec = new PBEKeySpec(password, salt, count, keyLength);
  SecretKeyFactory skf = SecretKeyFactory
    .getInstance("PBKDF2WithHmacSHA1");
  SecretKey pbeKey = skf.generateSecret(keySpec);
  byte[] raw = pbeKey.getEncoded();
  return new SecretKeySpec(raw, "AES");
 }

One more recommendation to your code, it's much more secure if you use a different random IV every time. IV doesn't need to be secret so you can prepend it to your ciphertext.