Rijndael support in Java

Asked 25/2, 2009 at 19:5 Answered 18/1, 2011 at 22:41

Solved java cryptography rijndael

We have a requirement to do some Rijndael development in Java.

Any recommendations for articles, libraries etc. that would help us?

Any pointers to keystore maintenance and how store the keys securely?

Edit:

It would need to be open source. Essentially, it's just standard encrypt / decrypt of data using Rijndael.

Wilds answered 25/2, 2009 at 19:5 Comment(0)

Java includes AES out of the box. Rijndael is AES. You don't need any external libraries. You just need something like this:

byte[] sessionKey = null; //Where you get this from is beyond the scope of this post
byte[] iv = null ; //Ditto
byte[] plaintext = null; //Whatever you want to encrypt/decrypt
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
//You can use ENCRYPT_MODE or DECRYPT_MODE
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(sessionKey, "AES"), new IvParameterSpec(iv));
byte[] ciphertext = cipher.doFinal(plaintext);

And that's it, for encryption/decryption. If you are processing large amounts of data then you're better off reading chunks that are multiples of 16 bytes and calling update instead of doFinal (you just call doFinal on the last block).

Lipophilic answered 19/3, 2009 at 21:51 Comment(6)

Rijndael isn't equal to AES, but instead is AES with some restrictions - fixed block size of 128 bits, and some crypto modes not supported. Any full AES implementation should be usable as Rijndael. – Calceolaria 13/5, 2009 at 1:48

This is exactly the reverse, AES is a subset of Rijndael – Thermotaxis 6/1, 2012 at 14:50

@BrunoRohée is correct. AES is a subset of Rijndael, check this #749122 – Chelsae 3/5, 2015 at 11:49

I don't want to edit my answer because these comments were made after it was selected as the right one, and I think 3 comments stating that AES is a subset of Rijndael should be enough for anyone to notice I got it backwards. – Lipophilic 4/5, 2015 at 15:4

what are the two values that you supply in the sessionKey & iv? from where you get them? – Cafeteria 4/12, 2020 at 3:8

both should be random – Lipophilic 14/1, 2021 at 23:2

For a great free library, I highly recommend BouncyCastle. It is actively maintained, high quality, and has a nice array of code examples. For reference documentation, you'll have to rely more on the general JCE docs.

I can't say what library we use to meet FIPS certification requirements. But there are alternatives to CryptoJ that are much, much cheaper.

In general, I'd recommend generating a new key for each message you encrypt with a symmetric cipher like Rijndael, and then encrypting that key with an asymmetric algorithm like RSA. These private keys can be stored in a password-protected, software-based key store like PKCS #12 or Java's "JKS", or, for better security, on "smart card" hardware token or other crypto hardware module.

Choosy answered 25/2, 2009 at 19:15 Comment(0)

As my company recently found out, AES is not quite Rijndael. AES has the restriction that keys MUST be 128, 192, or 256 bit - however, Rijndael allows for keys that are 160 and 224 as well.

As indicated by erickson above, BouncyCastle provides a Rijndael object that DOES support the additional key lengths: 128/160/192/224/256 bits. Specifically, take a look at the lightweight API.

Gnu-crypto is another open source library - however, it also does NOT provide support for 160 and 224 bit keys.

So, if you are specifically looking for full Rijndael support, then BouncyCastle is the only one I've found so far.

Sibelle answered 18/1, 2011 at 22:41 Comment(1)

If you need to use the java for android developement (although the question does not state that, it is worth noting that Bounty Castle has a brother now, that gives more flexibility on android known as Spongy Castle, which is a derivative.. and quite good actually) – Chelsae 3/5, 2015 at 11:52

javax.crypto has AES support: http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html

As for secure key storage, the usual method is to derive an encryption key from user input (a passphrase) using a cryptographic hash function, and use the derived key to encrypt the keychain. Or, if you only need one key, you can use the derived key itself.

Always keep in mind that the security of the system is directly related to the strength of the hash function used. Use a cryptographically secure hash function, along with a salt if possible, and hash more than once (hundreds of times, for example).

That being said, the question is very vague.

Deaton answered 25/2, 2009 at 19:7 Comment(1)

it is also worth noting that javax.crypto uses a very optimised version of AES and is quite fast. – Chelsae 3/5, 2015 at 11:50

Recommended topics

Hot tags