Encryption with BlowFish in Java

Asked 9/3, 2011 at 11:13 Answered 10/2, 2016 at 14:57

Following code works fine for me to encrypt a string with the BlowFish encryption.

          // create a key generator based upon the Blowfish cipher
    KeyGenerator keygenerator = KeyGenerator.getInstance("Blowfish");

    // create a key
    SecretKey secretkey = keygenerator.generateKey();

    // create a cipher based upon Blowfish
    Cipher cipher = Cipher.getInstance("Blowfish");

    // initialise cipher to with secret key
    cipher.init(Cipher.ENCRYPT_MODE, secretkey);

    // get the text to encrypt
    String inputText = "MyTextToEncrypt";

    // encrypt message
    byte[] encrypted = cipher.doFinal(inputText.getBytes());

If I want to define my own secret key, how do I do that?

Fragrant answered 9/3, 2011 at 11:13 Comment(0)

String Key = "Something";
byte[] KeyData = Key.getBytes();
SecretKeySpec KS = new SecretKeySpec(KeyData, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, KS);

Pyo answered 9/3, 2011 at 11:33 Comment(4)

Thanks a lot for a quick answer! – Fragrant 9/3, 2011 at 11:42

@Pyo also have a look at my question #38007978 – Daredeviltry 24/6, 2016 at 10:19

This solution is insecure because it directly uses a String as cryptographic key. – Chimaera 21/7, 2016 at 7:15

@Chimaera Yes, obviously. Note however what the question is (How to define key data) and how the answer shows, in the simplest possible way, how to define key data. A dissertation on how to choose good keys has nothing to do in an answer illustrating one specific syntactical aspect of how to use a specific implementation. – Pyo 21/7, 2016 at 12:25

   String strkey="MY KEY";
   SecretKeySpec key = new SecretKeySpec(strkey.getBytes("UTF-8"), "Blowfish");
        Cipher cipher = Cipher.getInstance("Blowfish");
        if ( cipher == null || key == null) {
            throw new Exception("Invalid key or cypher");
        }
        cipher.init(Cipher.ENCRYPT_MODE, key);
String encryptedData =new String(cipher.doFinal(to_encrypt.getBytes("UTF-8"));

DECRYPTION:

          SecretKeySpec key = new SecretKeySpec(strkey.getBytes("UTF-8"), "Blowfish");
         Cipher cipher = Cipher.getInstance("Blowfish");
         cipher.init(Cipher.DECRYPT_MODE, key);
         byte[] decrypted = cipher.doFinal(encryptedData);
         return new String(decrypted);

Papaya answered 10/2, 2016 at 14:57 Comment(3)

This solution is insecure because it directly uses a String as cryptographic key. – Chimaera 21/7, 2016 at 6:29

@Chimaera Now that you pointed out a problem, maybe explaining what to do instead might be more helpful. – Play 17/2, 2018 at 21:12

@TheRealChx101: The short answer is that you should use a key derivation function like PBKDF2, bcrypt, scrypt or Argon2. However which one to use in what configuration depends on multiple factors. – Chimaera 18/2, 2018 at 12:41

Key size of Blowfish must be 32 - 448 bit. So it is necessary to make a byte array according to the bit number (4 byte for 32 bit) and vice-verse.

Disoblige answered 19/3, 2013 at 18:11 Comment(0)

Also you can try this

String key = "you_key_here";
SecretKey secret_key = new SecretKeySpec(key.getBytes(), ALGORITM);

and a little bit more here.

Treat answered 2/8, 2013 at 12:18 Comment(0)

Recommended topics

Hot tags