0

Good day,

I have a existing AES encryption java class in my workspace, however, I would like to know its using 128 or 256, I tried to google it but still unable to get it, the following is the code:

static {
AesKeyCipher aesKeyCipher = new AesKeyCipher(
                        "747065a6cb23cacf3d4ae71edc929c678e8c15a50379b655b74a30eb77106d68" );
                cipher = aesKeyCipher;
}

public static String encrypt(final String saltText, final String plainText)
            throws UnsupportedEncodingException, GeneralSecurityException {
        final byte[] salt = saltText.getBytes( "UTF-8" );
        final byte[] plain = plainText.getBytes( "UTF-8" );

        for ( int i = 0; i < salt.length; i++ ) {
            if ( i >= plain.length ) {
                break;
            }
            plain[ i ] = (byte) ( salt[ i ] ^ plain[ i ] );
        }

        byte[] encrypted = cipher.encrypt( plain ); // this will call to the following encrypt method

        final String cipherText = new String(
                DatatypeConverter.printBase64Binary( encrypted ) );
        return cipherText;
    }


// this is the encrypt method call by first method
public byte[] encrypt(final byte[] data) throws GeneralSecurityException {
        try {
            final String currentTransform = "/ECB/NoPadding";
            final Cipher cipher = getCipher( currentTransform );
            final SecretKey secretKey = getSecretKey( );
            final AlgorithmParameterSpec params = getAlgorithmParameterSpec( );
            if ( params == null ) {
                cipher.init( Cipher.ENCRYPT_MODE, secretKey );
            } else {
                cipher.init( Cipher.ENCRYPT_MODE, secretKey, params );
            }
            return cipher.doFinal( data );
        } catch ( final GeneralSecurityException e ) {
            e.printStackTrace( );
            throw new EncryptionException( e );
        }
    }

And here is the class of my AesKeyCipher:

public class AesKeyCipher extends AbstractSecretKeyCipher implements
        SecretKeyCipher {

    @Override
    protected Cipher getCipher(String transform)
            throws GeneralSecurityException {
        return Cipher.getInstance( getSecretKey( ).getAlgorithm( ) );
    }

    @Override
    protected SecretKey getSecretKey() throws GeneralSecurityException {
        return new SecretKeySpec( hexStringToByteArray( this.key ), "AES" );
    }

    private static byte[] hexStringToByteArray(final String data) {
        int k = 0;
        byte[] results = new byte[data.length( ) / 2];
        for ( int i = 0; i + 1 < data.length( ); i += 2, k++ ) {
            results[ k ] = (byte) ( Character.digit( data.charAt( i ), 16 ) << 4 );
            results[ k ] += (byte) ( Character.digit( data.charAt( i + 1 ), 16 ) );
        }
        return results;
    }

}

Kindly advise on how to identify on it.

Panadol Chong
  • 1,793
  • 13
  • 54
  • 119
  • That would depend on what `getCipher()` does, not wouldn't it. Perhaps if you show us that method, we could answer. But then again, perhaps if you looked at the method yourself, it might become obvious. --- *Hint:* `"/ECB/NoPadding"` is an incomplete transformation, so the `getCipher()` method must be prefixing the missing part, which is likely what you're looking for. – Andreas Jul 08 '19 at 03:49
  • Hi @Andreas, I just add in the getChiper() code, but I am still didnt see any way that determine it is 128 or 256. – Panadol Chong Jul 08 '19 at 04:01
  • Did you count how many bits there are in that cipher key, remembering that one hex digit is four bits? – Dawood ibn Kareem Jul 08 '19 at 04:20
  • Hi @DawoodibnKareem, do u means the "747065a6cb23cacf3d4ae71edc929c678e8c15a50379b655b74a30eb77106d68" ? Its 64 digits, but is String. But for the `hexStringToByteArray` method, the `results.length` is 32. – Panadol Chong Jul 08 '19 at 04:28
  • Well, a byte is 8 bits, and 64 x 4 = 32 x 8. – Dawood ibn Kareem Jul 08 '19 at 04:56
  • ... and the result = 256 – Andreas Jul 08 '19 at 05:26
  • 1
    What crypto library is this? I would be worried about it's use, for example the method `Cipher getCipher(String transform)` ignores its `transform` argument. Why don't you use the built-in AES-256 implementation? – Erwin Bolwidt Jul 08 '19 at 05:57
  • @DawoodibnKareem, Andreas, Means that I can actually simply change my AES encryption to 128 or 512 by the length of the key right? Means if I want it to be AES-128, then I should put the key length to 32 digits. – Panadol Chong Jul 08 '19 at 06:37
  • No idea, dude. Does the class you're using come with any documentation? – Dawood ibn Kareem Jul 08 '19 at 06:40
  • yes, the cipher type (aes-128 or aes-256) will be automatically chosen based on length of the key – gusto2 Jul 08 '19 at 06:52
  • @DawoodibnKareem, do you means the Cipher class? Its just javax.crypto.Cipher class. – Panadol Chong Jul 08 '19 at 07:27
  • @gusto2, Ok, thanks for the info. Thanks all for the advice, info and answer. – Panadol Chong Jul 08 '19 at 07:28
  • 2
    *Everything* is wrong in the code in the question. ECB, own padding routine, not in a separate method. Stringified key handling. A protected `getSecretKey` that uses a field with a string. Bad exception handling, ignored arguments. Throw away and start over. And maybe hand it over to somebody that knows that AES comes with key sizes 128, 192 or 256 bits. – Maarten Bodewes Jul 08 '19 at 09:01

0 Answers0