AES encryption between Java and Ruby: what is the default mode and padding for AES in Java?

Question

I'm writing a ruby app that needs to create some encryption that our java app needs to be able to decrypt. For this I have done some research, and I have this Java code now:

Cipher cipher = Cipher.getInstance("AES");

While in the doc says the format can be of:

"algorithm/mode/padding" or "algorithm"

in our case that I have posted above is just the "algorihm". But what does its mode and padding defaults to? Also does not say if it is 256 or 128 etc. I can't find what is the default for AES - I am not a java programmer, so sorry if I missed it. And I need it to be able to replicate in Ruby.

I think the problem is with your question, that 1) it is more like a programming question, as a security-related one 2) your question shows very clearly, that your problem is much wider as the finetuning of the AES parameters. I hope you will get an usable answer to the AES part (this is why I reformatted your question). — peterh, Sep 20 '15 at 01:41

score 4 · Accepted Answer · answered Sep 20 '15 at 02:05

4

The default mode of operation and padding isn't defined by the JCA Standard. Each provider is free to provide different default values. As you can imagine, relying on the default values is completely unreliable so you should always explicitly set the mode of operation and padding.

For Oracle JDK 7, the default for AES is AES/ECB/PKCS5Padding.

answered Sep 20 '15 at 02:05

thanks! that's all I needed. and yes I will pass up the suggestion to our java programmers :) – cfernandezlinux Sep 20 '15 at 02:30
is not ECB less secure that CBC? why will they put something insecure by default? – cfernandezlinux Sep 20 '15 at 02:32
Indeed, don't use defaults. Research all parameters and there options, and explicitly set them so you know what you are dealing with... – Andy Boura Sep 20 '15 at 19:31

AES encryption between Java and Ruby: what is the default mode and padding for AES in Java?

1 Answers1