What Java encryption algorithms should I use?
First of all you should install the unlimited cryptography files from Oracle. After doing so you should have fewer EncryptionOperationNotPossibleException
s and higher security levels should become available.
Furthermore, for the highest level encryption possible I would not use JaSypt at all, because it doesn't seem to provide any integrity checking or authentication of ciphertext. For just confidentiality that doesn't seem to matter. But in practice you'd need to check that against your threat model.
If you'd decide to use JaSypt (which I personally dislike) you should probably go for PBEWITHHMACSHA512ANDAES_256
as highest level possibility. Make sure you understand PBKDF2 and work factors (iteration count, e.g. setKeyObtentionIterations
.
You don't need Bouncy Castle. AES is considered secure; all Bouncy Castle does - for your example that uses JaSypt - is adding obscure ciphers. In the above list, everything other than AES is less secure than AES.
MusikPolice
Updated on June 27, 2022Comments
-
MusikPolice almost 2 years
I'm working on a program that needs to store binary information encrypted at rest. Unfortunately, I can't seem to find a resource that explains which encryption schemes are best for different applications.
Since encryption is complicated and I'm not an expert, I've decided to use a library called Jasypt that wraps Java's built-in encryption functions. To figure out what algorithms are available to me, I wrote a few unit tests.
The first test calls Jasypt's
AlgorithmRegistry.getAllPBEAlgorithms()
function and lists out all available encryption algorithms:PBEWITHHMACSHA1ANDAES_128 PBEWITHHMACSHA1ANDAES_256 PBEWITHHMACSHA224ANDAES_128 PBEWITHHMACSHA224ANDAES_256 PBEWITHHMACSHA256ANDAES_128 PBEWITHHMACSHA256ANDAES_256 PBEWITHHMACSHA384ANDAES_128 PBEWITHHMACSHA384ANDAES_256 PBEWITHHMACSHA512ANDAES_128 PBEWITHHMACSHA512ANDAES_256 PBEWITHMD5ANDDES PBEWITHMD5ANDTRIPLEDES PBEWITHSHA1ANDDESEDE PBEWITHSHA1ANDRC2_128 PBEWITHSHA1ANDRC2_40 PBEWITHSHA1ANDRC4_128 PBEWITHSHA1ANDRC4_40
At runtime, Jasypt will throw an
EncryptionOperationNotPossibleException
if you try to use an algorithm that for some reason isn't supported or violates Java's encryption rules. Interestingly, if I attempt to use each of the 'available' algorithms to encrypt and then decrypt some arbitrary data, and only print out the ones that don't throw that exception, I get this slimmed down list:PBEWITHMD5ANDDES PBEWITHSHA1ANDDESEDE PBEWITHSHA1ANDRC2_128 PBEWITHSHA1ANDRC2_40 PBEWITHSHA1ANDRC4_128 PBEWITHSHA1ANDRC4_40
The list of available algorithms can be expanded by pulling in the BouncyCastle JCE and registering it by executing
Security.addProvider(new BouncyCastleProvider())
. If I repeat the previous test after doing this, I get a much bigger list of algorithms to choose from:PBEWITHMD2ANDDES PBEWITHMD5AND128BITAES-CBC-OPENSSL PBEWITHMD5AND192BITAES-CBC-OPENSSL PBEWITHMD5AND256BITAES-CBC-OPENSSL PBEWITHMD5ANDDES PBEWITHMD5ANDRC2 PBEWITHSHA1ANDDES PBEWITHSHA1ANDDESEDE PBEWITHSHA1ANDRC2 PBEWITHSHA1ANDRC2_128 PBEWITHSHA1ANDRC2_40 PBEWITHSHA1ANDRC4_128 PBEWITHSHA1ANDRC4_40 PBEWITHSHA256AND128BITAES-CBC-BC PBEWITHSHA256AND192BITAES-CBC-BC PBEWITHSHA256AND256BITAES-CBC-BC PBEWITHSHAAND128BITAES-CBC-BC PBEWITHSHAAND128BITRC2-CBC PBEWITHSHAAND128BITRC4 PBEWITHSHAAND192BITAES-CBC-BC PBEWITHSHAAND2-KEYTRIPLEDES-CBC PBEWITHSHAAND256BITAES-CBC-BC PBEWITHSHAAND3-KEYTRIPLEDES-CBC PBEWITHSHAAND40BITRC2-CBC PBEWITHSHAAND40BITRC4 PBEWITHSHAANDIDEA-CBC PBEWITHSHAANDTWOFISH-CBC
Unfortunately, now I have no idea which of these many algorithms is most appropriate for my application. I have an inkling that AES is the right way to go, and it looks like
PBEWITHSHA256AND256BITAES-CBC-BC
is the AES implementation with the longest key length, but I don't know where to go to confirm that suspicion.Which of these schemes would provide the highest security levels and which have obvious security issues?
EDIT: I want to be able to distribute my code without requiring the end user to install the unlimited cryptography files, as that will almost certainly be beyond the capabilities of not so tech savvy users. What I really want is the strongest encryption that I can get without using the unlimited strength jurisdiction files.
-
SLaks about 8 yearsDon't. Use wrapper libraries that make all the correct decisions. Read blog.slaks.net/2015-11-18/common-crypto-pitfalls
-
Maarten Bodewes about 8 yearsI've changed the question to directly explain which scheme provides "the highest security levels". Asking for offsite explanations / directions is off topic and asking for "the best" is subjective. Both would be reasons to close the question.
-
ZhongYu about 8 yearsyou don't need a library; not too difficult to use java APIs. my example - gist.github.com/zhong-j-yu/9d23c850e580d60ddd46
-
Maarten Bodewes about 8 years@bayou.io Yes, you do. As your code is vulnerable because it doesn't use a regular MAC, instead using an encrypted hash. If you use that for authentication may for instance be vulnerable against padding oracle attack. Don't use comments as answers, especially because we cannot downvote them.
-
Maarten Bodewes about 8 years@bayou.io You are using ECB mode as well. Did you ever create a cryptographic wrapper library before? If not, don't post them as answers.
-
ZhongYu about 8 years@MaartenBodewes -- how can I learn from you if I didn't expose my ignorance first? :)
-
-
MusikPolice about 8 yearsThe problem, in my case, is that I want to be able to distribute my code without requiring the end user to install the unlimited cryptography files, as that will almost certainly be beyond the capabilities of not so tech savvy users. What I really want is the strongest encryption that I can get without using the unlimited strength jurisdiction files. Perhaps I should edit the question to say as much.
-
Maarten Bodewes about 8 yearsYes you should. What runtime are you on that there are no AES 128 algorithm is available by default?
-
MusikPolice about 8 yearsI'm running on the standard Java 8 JDK from Oracle. It has an AES 128 algorithm available, but I get exceptions whenever I try to use it in practice.