Open in app

Sign in

Write

Sign in

Mastodon

Step by Step Guide to Encrypt and Decrypt Data with AES in Java

Daniel Angel
4 min readFeb 9, 2023

--

AES stands for Advanced Encryption Standard. It is a symmetric encryption algorithm that was adopted by the US government in 2001 as a Federal Information Processing Standard (FIPS) and is now widely used worldwide.

AES encryption uses a fixed-length key of 128, 192, or 256 bits to encrypt and decrypt data. It operates on a fixed block size of 128 bits and uses the same key for both encryption and decryption. This makes it a very secure and efficient encryption method, as the same encryption key can be used to encrypt and decrypt large amounts of data without having to perform key negotiation.

AES encryption is commonly used to secure sensitive information, such as credit card numbers, passwords, and personal data. It is used in many different applications, including SSL/TLS encryption for web traffic, disk encryption, and email encryption.

Overall, AES encryption is considered to be one of the most secure encryption algorithms available and is widely used to protect sensitive data.

The following example is a basic implementation of how to do it

  1. Import the necessary libraries. You’ll need the Java Cryptography Extension (JCE) and the Base64 libraries:
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;

2. Define the encryption algorithm and key:

private static final String ALGORITHM = "AES";
private static final byte[] keyValue = 
    new byte[] { 'T', 'h', 'i', 's', 'I', 's', 'A', 'S', 'e', 'c', 'r','e', 't', 'K', 'e', 'y' };

3. Create a method to encrypt data:

public static String encrypt(String data) throws Exception {
    Key key = generateKey();//generation dinamic 
    Cipher c = Cipher.getInstance(ALGORITHM);
    c.init(Cipher.ENCRYPT_MODE, key);
    byte[] encVal = c.doFinal(data.getBytes());
    return Base64.getEncoder().encodeToString(encVal);
}

4. Create a method to generate the encryption key:

private static Key generateKey() throws Exception {
    return new SecretKeySpec(keyValue, ALGORITHM);
}

Note: This example uses a unique key to be replaced with a secured random and share the key between the methods of encrypting and decrypting

5. Create a method to decrypt data:

public static String decrypt(String encryptedData) throws Exception {
    Key key = generateKey();
    Cipher c = Cipher.getInstance(ALGORITHM);
    c.init(Cipher.DECRYPT_MODE, key);
    byte[] decodedValue = Base64.getDecoder().decode(encryptedData);
    byte[] decVal = c.doFinal(decodedValue);
    return new String(decVal);
}

6. To encrypt data, call the encrypt method and pass in the data as a string:

String data = "secret data";
String encryptedData = AESEncryption.encrypt(data);

7. To decrypt data, call the decrypt method and pass in the encrypted data as a string:

String decryptedData = AESEncryption.decrypt(encryptedData);

8. Verify that the decrypted data is equal to the original data:

if (data.equals(decryptedData)) {
    System.out.println("Data is successfully encrypted and decrypted");
} else {
    System.out.println("Encryption and decryption failed");
}

Conclusion.

There are many other combinations to encrypt and de-encrypt data such as:

  1. AES-128 in ECB mode with No Padding: AES-128 is a symmetric encryption algorithm that uses a 128-bit key. ECB (Electronic Codebook) is a simple encryption mode that encrypts each block of data independently, without any chaining between blocks. No padding is used in this mode.
  2. AES-256 in CBC mode with PKCS5 Padding: AES-256 is a symmetric encryption algorithm that uses a 256-bit key. CBC (Cipher Block Chaining) is a more secure encryption mode that uses an Initialization Vector (IV) to ensure that each block of data is dependent on the previous block. PKCS5 padding is a commonly used padding method that ensures the encrypted data is a multiple of the block size.
  3. AES-192 in CTR mode with No Padding: AES-192 is a symmetric encryption algorithm that uses a 192-bit key. CTR (Counter) mode is an encryption mode that generates a counter for each block of data and uses the counter value to encrypt the block. No padding is used in this mode.
  4. AES-128 in OFB mode with PKCS7 Padding: AES-128 is a symmetric encryption algorithm that uses a 128-bit key. OFB (Output Feedback) mode is an encryption mode that generates a key stream and XORs the key stream with the plaintext to produce the ciphertext. PKCS7 padding is a padding method that ensures the encrypted data is a multiple of the block size.

These are just a few examples of the many combinations of AES encryption algorithms and padding methods that can be used. The specific combination you choose will depend on the security requirements of your application and the specific constraints you may have.

Final note if you are interested in an example with a specific combination you can comment

Java
Aes256
Spring Boot
Security
Algorithms

--

--

Daniel Angel
Daniel Angel

Written by Daniel Angel

85 Followers
25 Following

Backend developer | Java, Spring boot, Cloud| Laravel, Php

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams