2

Does anyone know what's wrong with this code?

Cipher cipher = Cipher.getInstance("AES/ECB128/PKCS5Padding", "SunJCE");
  • Algorithm: AES
  • Mode of operation: ECB (with 128 appended to specify the block size)
  • PaddingSchemce: PKCS5Padding

This seems correct to me but it keeps throwing the "No such algorithm" exception during instantiation.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
One Two Three
  • 22,327
  • 24
  • 73
  • 114
  • 2
    You can't put a number after 'ECB' because that mode only support a full block per encryption. You can only put a number after modes for which it makes sense, like CFB, OFB, and CTR mode. – President James K. Polk May 03 '12 at 11:45

3 Answers3

6

With nothing but the stock JDK in my classpath, I ran this code snippet and grepped for AES in the output:

for (Provider provider: Security.getProviders()) {
  System.out.println(provider.getName());
  for (String key: provider.stringPropertyNames())
    System.out.println("\t" + key + "\t" + provider.getProperty(key));
}

I saw this line:

    Cipher.AES SupportedPaddings    NOPADDING|PKCS5PADDING|ISO10126PADDING

That suggests to me that your padding is supported.

I also saw this line:

    Cipher.AES SupportedModes       ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128

I notice that ECB appears here, but ECB128 does not, so I wonder if that is the issue. I'm going to confess I don't know enough to know if this information is on the right track or not.

Edited to add: I am able to call Cipher.getAlgorithm("AES/ECB/PKCS5Padding") with ECB, instead of ECB128. It looks to me like with ECB you can't specify the block size, at least with what is available here. Not sure if this is sufficient for you or not.

skiphoppy
  • 97,646
  • 72
  • 174
  • 218
  • Thanks. But I looked at the JDK documentation, and they says the number appended should be the length IN BYTES. So I guess `ECB16 ` should work. – One Two Three May 02 '12 at 16:35
  • 1
    @OneTwoThree Although the JCA [Cipher transformations](http://docs.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#trans) doc says _you may optionally specify the number of bits to be processed at a time by appending this number to the mode name_, not all modes support it. See the `Cipher Algorithm Modes` section of the JCA [Standard Algorithm Name Documentation](http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html). – Go Dan May 02 '12 at 17:11
  • @One Two Three, Just so you know, CBC is more secure than ECB. Though you will have to handle an Intialization Vector. – Petey B May 02 '12 at 18:14
3

AES has a static block size of 128 bits (or 16 bytes). Rijndael, the cipher that was used to create AES does have multiple block sizes. The key size is automatically picked up when the key is configured during the call to the init method.

The bits behind the mode are not used to configure the block size of the cipher. They are rather used to configure the feedback size of the Cipher Feedback (CFB) mode of operation. That's by now a rather obscure mode though, especially if not all bits of the block encrypt are used. Although they can officially also be used for OFB mode there may be security issues when specifying smaller feedback sizes. Both modes should probably be reserved to provide support for legacy protocols.

If used, the value behind the "CFB" or "OFB" string should be larger than 0 and no larger than the block size with increments of 8. The number is specified as the number of feedback bits and - like most crypto API's - Java's JCE is limited to processing bytes.

Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
1

The Sun JCE provider is somewhat limited. Try using the BouncyCastle JCE provider instead (http://www.bouncycastle.org/).

Sanjeev
  • 1,517
  • 1
  • 18
  • 30
  • I actually never used any provider other than the Sun JCE. So if I want to use BoyncyCastle. Should I just put their name in the ctor? – One Two Three May 02 '12 at 15:55
  • To add a provider you can either add it to your java.security file or you can add it programmatically. Here are instruction on the bouncycastle.org website :http://www.bouncycastle.org/wiki/display/JA1/Provider+Installation. Also you should check out oracles documentation on JCA/JCE on oracle's website for details. – Sanjeev May 03 '12 at 18:25