AES Key Generation Strategies #BAEL-4459 (#11685)

* ways to generate AES keys * exceptional cases Co-authored-by: IN22910366 <d7495b5879fca1ec1367476a5395a60a8e9baec9>
2022-01-13 12:26:28 +05:30 · 2022-01-13 12:26:28 +05:30 · 3133ffba7f
parent 29ebe5e849
commit 3133ffba7f
1 changed files with 99 additions and 0 deletions
--- a/core-java-modules/core-java-security-3/src/main/java/com/baeldung/secretkey/Main.java
+++ b/core-java-modules/core-java-security-3/src/main/java/com/baeldung/secretkey/Main.java
@ -0,0 +1,99 @@
+package com.baeldung.secretkey;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.charset.StandardCharsets;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+import java.util.Base64;
+import java.util.Random;
+
+import static javax.crypto.Cipher.ENCRYPT_MODE;
+
+public class Main {
+    private static final Logger logger = LoggerFactory.getLogger(Main.class);
+
+    private static final String CIPHER = "AES";
+
+    public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidKeySpecException, IllegalBlockSizeException, BadPaddingException {
+        String plainText = "How you doing Mike?";
+
+        encrypt(plainText, getRandomKey(CIPHER, 128));
+        encrypt(plainText, getRandomKey(CIPHER, 192));
+        encrypt(plainText, getRandomKey(CIPHER, 256));
+
+        encrypt(plainText, getSecureRandomKey(CIPHER, 128));
+        encrypt(plainText, getSecureRandomKey(CIPHER, 192));
+        encrypt(plainText, getSecureRandomKey(CIPHER, 256));
+
+        encrypt(plainText, getKeyFromKeyGenerator(CIPHER, 128));
+        encrypt(plainText, getKeyFromKeyGenerator(CIPHER, 192));
+        encrypt(plainText, getKeyFromKeyGenerator(CIPHER, 256));
+
+        encrypt(plainText, getPasswordBasedKey(CIPHER, 128, new char[] { 'R', 'a', 'n', 'd', 'o', 'm' }));
+        encrypt(plainText, getPasswordBasedKey(CIPHER, 192, new char[] { 'R', 'a', 'n', 'd', 'o', 'm' }));
+        encrypt(plainText, getPasswordBasedKey(CIPHER, 256, new char[] { 'R', 'a', 'n', 'd', 'o', 'm' }));
+
+        try {
+            encrypt(plainText, getSecureRandomKey(CIPHER, 111));
+        } catch (InvalidKeyException e) {
+            logger.error("Unable to generate key", e);
+        }
+
+        try {
+            encrypt(plainText, getKeyFromKeyGenerator(CIPHER, 111));
+        } catch (InvalidParameterException e) {
+            logger.error("Unable to generate key", e);
+        }
+    }
+
+    private static void encrypt(String plainText, Key key) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+        cipher.init(ENCRYPT_MODE, key);
+        byte[] cipherTextBytes = cipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8));
+        logger.info(Base64.getEncoder().encodeToString(cipherTextBytes));
+    }
+
+    private static Key getRandomKey(String cipher, int keySize) {
+        byte[] randomKeyBytes = new byte[keySize / 8];
+        Random random = new Random();
+        random.nextBytes(randomKeyBytes);
+        return new SecretKeySpec(randomKeyBytes, cipher);
+    }
+
+    private static Key getSecureRandomKey(String cipher, int keySize) {
+        byte[] secureRandomKeyBytes = new byte[keySize / 8];
+        SecureRandom secureRandom = new SecureRandom();
+        secureRandom.nextBytes(secureRandomKeyBytes);
+        return new SecretKeySpec(secureRandomKeyBytes, cipher);
+    }
+
+    private static Key getKeyFromKeyGenerator(String cipher, int keySize) throws NoSuchAlgorithmException {
+        KeyGenerator keyGenerator = KeyGenerator.getInstance(cipher);
+        keyGenerator.init(keySize);
+        return keyGenerator.generateKey();
+    }
+
+    private static Key getPasswordBasedKey(String cipher, int keySize, char[] password) throws NoSuchAlgorithmException, InvalidKeySpecException {
+        byte[] salt = new byte[100];
+        SecureRandom random = new SecureRandom();
+        random.nextBytes(salt);
+        PBEKeySpec pbeKeySpec = new PBEKeySpec(password, salt, 100000, keySize);
+        SecretKey pbeKey = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(pbeKeySpec);
+        return new SecretKeySpec(pbeKey.getEncoded(), cipher);
+    }
+}