Encryption allows us to change information from a readable form to an undecipherable form. The reason we change the data is so that those that listen in on the information will not be able to understand or use its contents unless they have a key. Think if it like a safe with documents inside, without a certain combination a person would not be able to open the safe.
Data encryption is a little bit trickier than having a bank vault. Imagine if the safe was instantly accessible by highly intelligent and insanely fast lock picks all around the world. It might be simpler for them to break into the safe. If a safe had 1,000,000 different possible combinations it would be near impossible for a user to guess the key without winning the lottery so to speak, very unlikely. Computers can attempt 1,000,000 different combinations against encrypted data very quickly. This poses a problem if the encryption method only had 1,000,000 combinations.
Mathematicians build encryption that theoretically cannot be broken by current computers. My guess is some governments have the ability to break most current encryption methods, so make sure to only use this for purposes that don’t break the law. I discuss more about this in the State of Surveillance section below.
Symmetric Encryption
Symmetric Encryption is where both the sender and receiver have the same key. The sender encrypts the data with the key and the receiver decrypts the data with the same key.
Below is example Java code for encryption and decryption. Bytes don’t always convert well to Strings so I added utility methods for Base64 encoding as well. The below output just shows the Base64 encoded as the convert bytes don’t work well with HTML.
Standard Disclaimer: The below code is licensed under the MIT license, so do with it as you wish and please understand this was provided as an example so there are no guarantees it is tested properly or will work 100% of the time.
I apologize for the formatting, need to work on that a bit and I might need an upgraded version of the blog to have more editing tools.
Main method for calling utility class:
private static Logger logger = Logger.getGlobal();
public static void main(String args[]) {try {String inputText = "Hello Encryption World!";// AES Encryption using javax.crypto
SecretKey secretKey = AesEncryptUtil.generateSecretKey();logger.info("Secret Key: "+secretKey);logger.info("Text to encrypt: "+inputText);byte [] encryptedBytes = AesEncryptUtil.encrypt(secretKey, inputText);logger.info("Encrypted text: "+(new String(encryptedBytes)));byte [] decryptedBytes = AesEncryptUtil.decrypt(secretKey, encryptedBytes);logger.info("Decrypted text: "+(new String(decryptedBytes)));
// AES Encryption and encoded into Base 64 StringString keyText = AesEncryptUtil.generateBase64SecretKey();logger.info("Text to encrypt: "+inputText);logger.info("Base64 encoded encryption key: "+keyText);String encryptedText = AesEncryptUtil.encryptAesBase64(keyText, inputText);
logger.info("Base64 encrypted text: "+encryptedText);String decryptedText = AesEncryptUtil.decryptAesBase64(keyText, encryptedText);logger.info("Base64 decrypted text: "+decryptedText);
} catch (Exception e) {e.printStackTrace();}}
The Encryption Utility class:
public class AesEncryptUtil {
public static SecretKey generateSecretKey() throws NoSuchAlgorithmException {
return KeyGenerator.getInstance("AES").generateKey();
}
public static String generateBase64SecretKey() throws Exception {
return Base64.getEncoder().encodeToString(generateSecretKey().getEncoded());
}
public static SecretKey getBase64KeyFromString(String keyText) {
byte [] key = Base64.getDecoder().decode(keyText);
return new SecretKeySpec(key,"AES");
}
public static String encryptAesBase64(String keyText, String inputText) throws Exception {
SecretKey secretKey = getBase64KeyFromString(keyText);
byte encryptedText[] = encrypt(secretKey, inputText);
String encryptedAndBase64Encoded = Base64.getEncoder().encodeToString(encryptedText);
return encryptedAndBase64Encoded;
}
public static String decryptAesBase64(String keyText, String encryptedBase64Text) throws Exception {
SecretKey secretKey = getBase64KeyFromString(keyText);
byte aesEncryptedBytes[] = Base64.getDecoder().decode(encryptedBase64Text);
byte aesDecryptedBytes[] = decrypt(secretKey,aesEncryptedBytes);
return new String(aesDecryptedBytes);
}
public static byte [] encrypt(SecretKey secretKey, String inputText)
throws NoSuchPaddingException, InvalidKeyException, NoSuchAlgorithmException,
BadPaddingException, IllegalBlockSizeException, ShortBufferException {
byte inputBytes[] = inputText.getBytes();
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte cipherBytes[] = new byte[cipher.getOutputSize(inputText.length())];
cipher.doFinal(inputBytes,0,inputText.length(),cipherBytes,0);
return cipherBytes;
}
public static byte [] decrypt(SecretKey secretKey,byte[] cipherBytes) throws
BadPaddingException, InvalidKeyException, NoSuchPaddingException,
NoSuchAlgorithmException, IllegalBlockSizeException,
ShortBufferException {
Cipher decodeCipher = Cipher.getInstance("AES");
decodeCipher.init(Cipher.DECRYPT_MODE, secretKey);
byte decipheredBytes[] = new byte[decodeCipher.getOutputSize(cipherBytes.length)];
decodeCipher.doFinal(cipherBytes,0,cipherBytes.length,decipheredBytes,0);
return decipheredBytes;
}
}
Example output
INFO: Text to encrypt: Hello Encryption World!
INFO: Base64 encoded encryption key: 4Es490DZhfdIUmpZqLefWw==
INFO: Base64 encrypted text: auxb0UW8zxLBh3CAiLvgFZExWSzNwXnlXZuD8Npxbsw=
INFO: Base64 decrypted text: Hello Encryption World!
Browser Encryption and Beware of Public Computers
Browsers use SSL/TLS encryption and there is a good article at Apache’s website. This encryption theoretically makes it impossible for other users to listen in on browser communication. When making purchases online generally websites require an SSL connection which is usually signified by a lock in the browser address bar. One thing people fail to understand at times is that if their computer has been compromised both the connection itself could be faked as through a proxy as well as the certificate authority and certificate itself. A man in the middle attack.
Obviously if the computer has been compromised others can use it as they wish, so they could make purchases in your name. Vice versa is possible as well, if they can control the site your connecting to and the other sites you are using to verify their identity, they can make a computer look secure when it really is not.
State of Surveillance
There are many ways to listen to keyboards, or on the particular computers themselves, so even if the data is encrypted before sending over the network it does not mean another user or organization hasn’t already seen the real information. This is something to be aware of especially when typing on a computer.
Just because you don’t hit send it doesn’t mean others haven’t already read what you typed before you hit backspace. This is an invasion of privacy and makes people distrust computers. Under normal circumstances listening in on a persons computer should be highly illegal but for national security purposes it can make sense. Many advertisers and development companies write fine print in their privacy statements as well so they can legally listen to every key stroke you type on their site. Conversations or thoughts you had and expected to be private are not always so be careful. Just because something is legal doesn’t make it right.
Further employers will listen to your computers and I wouldn’t doubt that some employees would be listening in on their employers computers or other employees computers. So if you have some criticism for the boss, or if you are a boss and have criticism for the employees, make sure you know what you want to say before you type it. From my personal advice, wait a day and make sure you still want to say it or saying it will actually add value to the situation. This advice applies to anywhere with a cell phone as well, remember there are microphones everywhere. I wish it wasn’t like that but the higher up the ladder and the bigger the corporation, people don’t like leaving things to chance.
My Tech Blog 