1

I am developing a Java application and I need to do a symmetric encryption to secure some of my sensitive information. There are many algorithms like AES,DES 3DES in java cryptography. What is the best algorithm should I use to encrypt my sensitive information ?

Mostly I do have string values and there are couple of instances that I need to secure java object.

  • AES is the currently used algorithm, but you really need to know what you want to protect from. Maybe you'd need a MAC too, or would be better of using Asymmetric encryption. RE GeorgeBailey's comment, I believe that the current standard order of operation used is GCM, but that's for AEAD. – timuzhti Jan 09 '17 at 22:34
  • What's the context? In memory, on disk, over the network? – JimmyJames Jan 10 '17 at 15:02

3 Answers3

2

AES-128 (or higher) is the recommended algorithm.

You should also choose a good Chaining Method with a random Initialization Vector. Padding variable length source data is helpful since AES is a block algorithm. AES/CBC/PKCS5Padding is a good option.

The encryption Key should be generated from a Cryptographically Secure (Pseudo-)Random Number Generator. (i.e. Java's SecureRandom)

Alternatively, the encryption key could be Derived from a reasonably strong Password using a suitable Key Derivation Function. (comparison here)

I'm assuming you need to encrypt data at rest. Key Management will have to be considered.

If you need to encrypt data in transit you'd also need MITM and Integrity verification, which is best accomplished with TLS. (HTTPS)

Community
  • 1
700 Software
  • 13,807
  • 3
  • 52
  • 82
2

If you want to secure a Java object you need to use SealedObject class.

Following is a sample code.

Using AES-128 bit and writing into a file as a sealed object. 

  try {
//Generate a key
  KeyGenerator    gen = KeyGenerator.getInstance("AES");
  gen.init(128);
  Key sKey = gen.generateKey();

  Cipher c = Cipher.getInstance("AES");
  c.init(Cipher.ENCRYPT_MODE,sKey);

// do the sealing
  Car car=new Car("My car ",2014);
  SealedObject so = new SealedObject(car,c);

  FileOutputStream out = new FileOutputStream("Objects.obj");
  ObjectOutputStream oOut = new ObjectOutputStream(out);

//Save the key
  oOut.writeObject(sKey);

//Save the sealed object
  oOut.writeObject(so);
  oOut.close();
  System.out.println("SealedObject was written to Object file");

  } catch (Exception e) {
   System.out.println(e);
  }
 }

Decryption goes as follows. It reads the sealed object and decrypt using the same key. 

try {
  FileInputStream in = new FileInputStream("Objects.obj");
  ObjectInputStream oIn = new ObjectInputStream(in);

//Read the key
  Key sKey= (Key) oIn.readObject();

//Read the sealed object
  SealedObject so= (SealedObject) oIn.readObject();
//unsealded the object
  Car car = (Car) so.getObject(sKey);
  car.getNo();
  car.getYear();

  } catch (Exception e) {
   System.out.println(e);
  }

Securing the symmetric key is very important here but it is off topic.

AES(256) is the modern standard and its been used in US federal and other organisations. AES has 128,192 and 256 bit encryption. DES is considered as "Old" and it has many vulnerabilities. Successor of DES is 3DES. 3DES mitigates many vulnerabilities found in DES. But it is considered as slow when it comes to software implementations, because it's applying the DES in 3 times.

So always use AES when you are in doubt.

user3496510
  • 1,257
  • 2
  • 12
  • 26
0

DES and 3DES aren't really considered strong encryption anymore. Look at Rijndael AES, there is an implementation available for java ( just search stack overflow). Ensure you read up on how to use salts and how to securely store your key.

iainpb
  • 4,142
  • 2
  • 16
  • 35