128 bit data encryption using Java

Question

Hi,

I need to store some sensitive data by encrypting it with atleast 128 bit key. I investigated into javax.crypto package and found that there are certain Cipher names, like PBEWithMD5AndDES or PBEWithSHA1AndDESede which provides encryption upto 56 bit and 80 bit (http://en.wikipedia.org/wiki/DESede).

I referred other guys posts but those are mainly using RSA and in my understanding RSA is generally suitable for encrypting the communication data (with private-public key pair). My need is different, I just want to store the data and retrieve it back by decrypting it. Therefore I don't need any private-public key pairs.

Please let me know if you have any idea about this.

Thanks in advance.

Answer 1

You need to download and install the unlimited strength JCE policy file for your JDK. For JDK 6, it is on http://java.sun.com/javase/downloads/index.jsp at the very bottom.

Answer 2

I'm not a crypto expert by any means (so take this suggestion with a grain of salt), but I have used Blowfish before, and I think you can use it for what you need. There is also a newer algorithm by the same guy called Twofish.

Here is a website with a Java implementation, but be careful of the license (it says free for non-commercial use). You can find that link also from Bruce Schneier's website (the creator of both algorithms).

Answer 3

Use Advanced Encryption Standard (AES). It supports Key lengths of 128, 192, or 256 bits.

The algorithm is simple. The Sun Java website has a section explaining how to do AES encryption in Java.

From Wikipedia...

... the Advanced Encryption Standard (AES), also known as Rijndael, is a block cipher adopted as an encryption standard by the U.S. government. It has been analyzed extensively and is now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES)...

So as a rule of thumb you are not supposed to use DES or its variants because it is being phased out.

As of now, it is better to use AES. There are other options like Twofish, Blowfish etc also. Note that Twofish can be considered as an advanced version of Blowfish.

Answer 4

I have had good success in the past with http://www.bouncycastle.org/ (they have a C# version as well).

Answer 5

Combining 3 different replies gives what I think is the correct answer.

Download encryption libraries from Bountycastle then you need to download the "Unlimited Strength Jurisdiction Policy" from SUN (The files are at the bottom of the download page). Make sure you read the Readme-file on how to install it.

Once you have done this, and using the sample code supplied with the Bountycastle package you should be able to encrypt your data. You can go with a tripple DES implementation, which will give you 112 bits key (Often referred to as 128 bit, but only 112 of them are actually secure), or as previously stated, you can use AES. My money would be on AES.

Answer 6

Thanks Michael, after trying out many things in JCE, I finally settled for bouncycastle.

JCE supports AES for encryption and PBE for password based encryption but it does not support combination of both. I wanted the same thing and that I found in bouncycastle.

The example is at : http://forums.sun.com/thread.jspa?messageID=4164916