views:

616

answers:

1

i have a java program . this is a AES encryption - decryption program. the program has a graphical user interface with can input string and show AES encrypted string. the program also shows original string by using decryption function written in the code. the interface is such that when string is entered and convert button is clicked the encrypted and decrypted result is shown in a panel. here is the program.

import java.awt.event.*;
import java.awt.*;
import javax.swing.*;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;

public class AESGUI extends JPanel {

    public static void main(String[] args) {
        JFrame frame = new JFrame("AES Encryption");
        frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
        frame.setPreferredSize(new Dimension(600,300));

        frame.setLocationRelativeTo(null);
        frame.setResizable(false);

        AESGUI p = new AESGUI();

        frame.getContentPane().add(p);
        frame.pack();
        frame.setVisible(true);
    }

    private JTextField in;
    private JTextArea out;

    public AESGUI() {
        JLabel info = new JLabel("Type any String");
        in = new JTextField(20);
        JButton encrypt = new JButton("Encrypt");
        out = new JTextArea(10,40);

        out.setEditable(false);

        encrypt.addActionListener(new encryptListener());
        in.addActionListener(new encryptListener());

        add(info);
        add(in);
        add(encrypt);
        add(out);
        add(new JScrollPane(out));
    }

    private class encryptListener implements ActionListener {
        public void actionPerformed(ActionEvent e) {
            String data = in.getText();
            if (data.length() == 0) { }
            else
                try {
                    String en = encrypt(data);
                    out.append("Encrypted string: " + en + "\n");
                    out.append("Original String: " + decrypt(en) + "\n\n");
                } catch(Exception ex) { }
        }
    }

    public String asHex(byte[] buf) {
        StringBuffer strbuf = new StringBuffer(buf.length * 2);
        int i;
        for (i = 0; i < buf.length; i++) {
            if (((int) buf[i] & 0xff) < 0x10)
                strbuf.append("0");
            strbuf.append(Long.toString((int) buf[i] & 0xff, 16));
        }
        return strbuf.toString();
    }

    private SecretKeySpec skeySpec;
    private Cipher cipher;
    private byte[] encrypted;

    public String encrypt(String str) throws Exception {
        // Get the KeyGenerator
        KeyGenerator kgen = KeyGenerator.getInstance("AES");
        kgen.init(128); // 192 and 256 bits may not be available

        // Generate the secret key specs.
        SecretKey skey = kgen.generateKey();
        byte[] raw = skey.getEncoded();
        skeySpec = new SecretKeySpec(raw, "AES");

        // Instantiate the cipher
        cipher = Cipher.getInstance("AES");

        cipher.init(Cipher.ENCRYPT_MODE, skeySpec);

        encrypted = cipher.doFinal(str.getBytes());
        return asHex(encrypted);
    }

    public String decrypt(String str) throws Exception {
        cipher.init(Cipher.DECRYPT_MODE, skeySpec);
        byte[] original = cipher.doFinal(encrypted);
        String originalString = new String(original);
        return originalString;
    }

}

this program does not tell the user which key was used to encrypt the string. since it does not tell the key to the user the user cannot decrypt the encrypted string later. the program displays the encrypted string in hex encoding. in order to later decrypt the string is it better to change the program so that the program creates a secret key based on a password or is it better for the program to be changed to display the randomly generated secret key to the user using which he can later decrypt the string ?

A: 

If the user is the actual end user who would be using the encryption keys for decrypting the encrypted data at a later point of time, i dont see anything wrong with displaying the key for the user.

You can also go with the first option of generating the encryption key from a password but in that case if u want the user to decrypt the data later then again you need to make him enter the encryption password and generate an encryption key (also make sure that it yields sme key) and intimate the user.

ckv