Skip to content

Commit 3409d63

Browse files
wynnteowynnteo
authored
Update CBC to GCM (#18414)
1 parent d1c73aa commit 3409d63

File tree

2 files changed

+30
-28
lines changed

2 files changed

+30
-28
lines changed

core-java-modules/core-java-security-algorithms/src/main/java/com/baeldung/aes/AESUtil.java

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
import javax.crypto.KeyGenerator;
99
import javax.crypto.SecretKeyFactory;
1010
import javax.crypto.SealedObject;
11+
import javax.crypto.spec.GCMParameterSpec;
1112
import javax.crypto.spec.IvParameterSpec;
1213
import javax.crypto.spec.PBEKeySpec;
1314
import javax.crypto.spec.SecretKeySpec;
@@ -26,7 +27,7 @@
2627

2728
public class AESUtil {
2829

29-
public static String encrypt(String algorithm, String input, SecretKey key, IvParameterSpec iv)
30+
public static String encrypt(String algorithm, String input, SecretKey key, GCMParameterSpec iv)
3031
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
3132
InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
3233
Cipher cipher = Cipher.getInstance(algorithm);
@@ -36,7 +37,7 @@ public static String encrypt(String algorithm, String input, SecretKey key, IvPa
3637
.encodeToString(cipherText);
3738
}
3839

39-
public static String decrypt(String algorithm, String cipherText, SecretKey key, IvParameterSpec iv)
40+
public static String decrypt(String algorithm, String cipherText, SecretKey key, GCMParameterSpec iv)
4041
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
4142
InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
4243
Cipher cipher = Cipher.getInstance(algorithm);
@@ -62,13 +63,13 @@ public static SecretKey getKeyFromPassword(String password, String salt)
6263
return secret;
6364
}
6465

65-
public static IvParameterSpec generateIv() {
66-
byte[] iv = new byte[16];
66+
public static GCMParameterSpec generateIv() {
67+
byte[] iv = new byte[12];
6768
new SecureRandom().nextBytes(iv);
68-
return new IvParameterSpec(iv);
69+
return new GCMParameterSpec(128, iv);
6970
}
7071

71-
public static void encryptFile(String algorithm, SecretKey key, IvParameterSpec iv,
72+
public static void encryptFile(String algorithm, SecretKey key, GCMParameterSpec iv,
7273
File inputFile, File outputFile) throws IOException, NoSuchPaddingException,
7374
NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException,
7475
BadPaddingException, IllegalBlockSizeException {
@@ -92,7 +93,7 @@ public static void encryptFile(String algorithm, SecretKey key, IvParameterSpec
9293
outputStream.close();
9394
}
9495

95-
public static void decryptFile(String algorithm, SecretKey key, IvParameterSpec iv,
96+
public static void decryptFile(String algorithm, SecretKey key, GCMParameterSpec iv,
9697
File encryptedFile, File decryptedFile) throws IOException, NoSuchPaddingException,
9798
NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException,
9899
BadPaddingException, IllegalBlockSizeException {
@@ -117,7 +118,7 @@ public static void decryptFile(String algorithm, SecretKey key, IvParameterSpec
117118
}
118119

119120
public static SealedObject encryptObject(String algorithm, Serializable object, SecretKey key,
120-
IvParameterSpec iv) throws NoSuchPaddingException, NoSuchAlgorithmException,
121+
GCMParameterSpec iv) throws NoSuchPaddingException, NoSuchAlgorithmException,
121122
InvalidAlgorithmParameterException, InvalidKeyException, IOException, IllegalBlockSizeException {
122123
Cipher cipher = Cipher.getInstance(algorithm);
123124
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
@@ -126,7 +127,7 @@ public static SealedObject encryptObject(String algorithm, Serializable object,
126127
}
127128

128129
public static Serializable decryptObject(String algorithm, SealedObject sealedObject, SecretKey key,
129-
IvParameterSpec iv) throws NoSuchPaddingException, NoSuchAlgorithmException,
130+
GCMParameterSpec iv) throws NoSuchPaddingException, NoSuchAlgorithmException,
130131
InvalidAlgorithmParameterException, InvalidKeyException, ClassNotFoundException,
131132
BadPaddingException, IllegalBlockSizeException, IOException {
132133
Cipher cipher = Cipher.getInstance(algorithm);
@@ -135,19 +136,19 @@ public static Serializable decryptObject(String algorithm, SealedObject sealedOb
135136
return unsealObject;
136137
}
137138

138-
public static String encryptPasswordBased(String plainText, SecretKey key, IvParameterSpec iv)
139+
public static String encryptPasswordBased(String plainText, SecretKey key, GCMParameterSpec iv)
139140
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
140141
InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
141-
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
142+
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
142143
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
143144
return Base64.getEncoder()
144145
.encodeToString(cipher.doFinal(plainText.getBytes()));
145146
}
146147

147-
public static String decryptPasswordBased(String cipherText, SecretKey key, IvParameterSpec iv)
148+
public static String decryptPasswordBased(String cipherText, SecretKey key, GCMParameterSpec iv)
148149
throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException,
149150
InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
150-
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
151+
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
151152
cipher.init(Cipher.DECRYPT_MODE, key, iv);
152153
return new String(cipher.doFinal(Base64.getDecoder()
153154
.decode(cipherText)));

core-java-modules/core-java-security-algorithms/src/test/java/com/baeldung/aes/AESUtilUnitTest.java

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66

77
import javax.crypto.SealedObject;
88
import javax.crypto.SecretKey;
9+
import javax.crypto.spec.GCMParameterSpec;
910
import javax.crypto.spec.IvParameterSpec;
1011
import javax.crypto.BadPaddingException;
1112
import javax.crypto.IllegalBlockSizeException;
@@ -27,12 +28,12 @@ void givenString_whenEncrypt_thenSuccess()
2728
// given
2829
String input = "baeldung";
2930
SecretKey key = AESUtil.generateKey(128);
30-
IvParameterSpec ivParameterSpec = AESUtil.generateIv();
31-
String algorithm = "AES/CBC/PKCS5Padding";
31+
GCMParameterSpec gcmParameterSpec = AESUtil.generateIv();
32+
String algorithm = "AES/GCM/NoPadding";
3233

3334
// when
34-
String cipherText = AESUtil.encrypt(algorithm, input, key, ivParameterSpec);
35-
String plainText = AESUtil.decrypt(algorithm, cipherText, key, ivParameterSpec);
35+
String cipherText = AESUtil.encrypt(algorithm, input, key, gcmParameterSpec);
36+
String plainText = AESUtil.decrypt(algorithm, cipherText, key, gcmParameterSpec);
3637

3738
// then
3839
Assertions.assertEquals(input, plainText);
@@ -44,16 +45,16 @@ void givenFile_whenEncrypt_thenSuccess()
4445
BadPaddingException, InvalidAlgorithmParameterException, NoSuchPaddingException {
4546
// given
4647
SecretKey key = AESUtil.generateKey(128);
47-
String algorithm = "AES/CBC/PKCS5Padding";
48-
IvParameterSpec ivParameterSpec = AESUtil.generateIv();
48+
String algorithm = "AES/GCM/NoPadding";
49+
GCMParameterSpec gcmParameterSpec = AESUtil.generateIv();
4950
File inputFile = Paths.get("src/test/resources/baeldung.txt")
5051
.toFile();
5152
File encryptedFile = new File("baeldung.encrypted");
5253
File decryptedFile = new File("document.decrypted");
5354

5455
// when
55-
AESUtil.encryptFile(algorithm, key, ivParameterSpec, inputFile, encryptedFile);
56-
AESUtil.decryptFile(algorithm, key, ivParameterSpec, encryptedFile, decryptedFile);
56+
AESUtil.encryptFile(algorithm, key, gcmParameterSpec, inputFile, encryptedFile);
57+
AESUtil.decryptFile(algorithm, key, gcmParameterSpec, encryptedFile, decryptedFile);
5758

5859
// then
5960
assertThat(inputFile).hasSameTextualContentAs(decryptedFile);
@@ -69,12 +70,12 @@ void givenObject_whenEncrypt_thenSuccess()
6970
// given
7071
Student student = new Student("Baeldung", 20);
7172
SecretKey key = AESUtil.generateKey(128);
72-
IvParameterSpec ivParameterSpec = AESUtil.generateIv();
73-
String algorithm = "AES/CBC/PKCS5Padding";
73+
GCMParameterSpec gcmParameterSpec = AESUtil.generateIv();
74+
String algorithm = "AES/GCM/NoPadding";
7475

7576
// when
76-
SealedObject sealedObject = AESUtil.encryptObject(algorithm, student, key, ivParameterSpec);
77-
Student object = (Student) AESUtil.decryptObject(algorithm, sealedObject, key, ivParameterSpec);
77+
SealedObject sealedObject = AESUtil.encryptObject(algorithm, student, key, gcmParameterSpec);
78+
Student object = (Student) AESUtil.decryptObject(algorithm, sealedObject, key, gcmParameterSpec);
7879

7980
// then
8081
assertThat(student).isEqualTo(object);
@@ -88,12 +89,12 @@ void givenPassword_whenEncrypt_thenSuccess()
8889
String plainText = "www.baeldung.com";
8990
String password = "baeldung";
9091
String salt = "12345678";
91-
IvParameterSpec ivParameterSpec = AESUtil.generateIv();
92+
GCMParameterSpec gcmParameterSpec = AESUtil.generateIv();
9293
SecretKey key = AESUtil.getKeyFromPassword(password, salt);
9394

9495
// when
95-
String cipherText = AESUtil.encryptPasswordBased(plainText, key, ivParameterSpec);
96-
String decryptedCipherText = AESUtil.decryptPasswordBased(cipherText, key, ivParameterSpec);
96+
String cipherText = AESUtil.encryptPasswordBased(plainText, key, gcmParameterSpec);
97+
String decryptedCipherText = AESUtil.decryptPasswordBased(cipherText, key, gcmParameterSpec);
9798

9899
// then
99100
Assertions.assertEquals(plainText, decryptedCipherText);

0 commit comments

Comments
 (0)