security

DES with CBC using a nonce IV

This is an example of how to make a DES example in CBC mode using a nonce Iv. Encrypting data with the Data Encryption algorithm, in Chipher Block Chaining mode and with an initialization vector implies that you should:

  • Create three byte arrays, the first one for the password, the second one for the key and the third one for the message.
  • Create a SecretKeySpec with the specified key and the DES algorithm. Create a new IvParameterSpec and a new Cipher for the DES/CBC/PKCS7Padding tranformation, using the org.bouncycastle.jce.provider.BouncyCastleProvider().
  • Initialize the cipher in encryption mode, using the SecretKeySpec and the IvParameterSpec.
  • Encrypt the initial message. Use the encrypted byte array as an initialization vector to create a new IvParameterSpec from its first 8 bytes.
  • Initialize the cipher again in encryption mode, using the SecretKeySpec and the new IvParameterSpec, and use it to encrypt the password byte array.
  • Initialize the cipher again in encryption mode, using the key and the first IvParameterSpec and encrypt the initial message. Use the first 8 bytes of encrypted byte array as an initialization vector in a new IvParameterSpec.
  • Initialize the cipher again, this time in decryption mode, using the last IvParameterSpec and the key. Use the cipher to decrypt the encrypted password,

as described in the code snippet below.

package com.javacodegeeks.snippets.core;

import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/**
 * Basic symmetric encryption example with padding and ECB using DES
 */
public class Main {

    public static void main(String[] args) throws Exception {


  Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

  byte[] pass = "www.javacodegeeks.com".getBytes();

  byte[] pKey = new byte[]{0x01, 0x23, 0x45, 0x67, (byte) 0x89, (byte) 0xab, (byte) 0xcd,


(byte) 0xef};

  byte[] message = new byte[]{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};


  IvParameterSpec nonceIV = new IvParameterSpec(new byte[8]);

  SecretKeySpec nek = new SecretKeySpec(pKey, "DES");

  Cipher c = Cipher.getInstance("DES/CBC/PKCS7Padding", "BC");

  System.out.println("pass(plaintext) : " + new String(pass));


  c.init(Cipher.ENCRYPT_MODE, nek, nonceIV);

  IvParameterSpec enIVector = new IvParameterSpec(c.doFinal(message), 0, 8);


  // encryption phase


  c.init(Cipher.ENCRYPT_MODE, nek, enIVector);

  

  byte[] encrypt = new byte;

  

  int ctLen = c.update(pass, 0, pass.length, encrypt, 0);

  ctLen += c.doFinal(encrypt, ctLen);

  System.out.println("pass encrypted: " + new String(encrypt).getBytes("UTF-8").toString() + " bytes: " + ctLen);

  c.init(Cipher.ENCRYPT_MODE, nek, nonceIV);

  IvParameterSpec decryptionIv = new IvParameterSpec(c.doFinal(message), 0, 8);


  // decryption phase


  c.init(Cipher.DECRYPT_MODE, nek, decryptionIv);

  byte[] decrypt = new byte;

  int ptLen = c.update(encrypt, 0, ctLen, decrypt, 0);

  ptLen += c.doFinal(decrypt, ptLen);

  System.out.println("decrypt : " + new String(decrypt) + " bytes: " + ptLen);
    }
}

Output:

pass(plaintext) : www.javacodegeeks.com
pass encrypted: [B@3cca6a9e bytes: 24
decrypt : www.javacodegeeks.com

 
This was an example of how to encrypt data with the DES algorith in CBC mode, using a nonce IV.

Ilias Tsagklis

Ilias is a software developer turned online entrepreneur. He is co-founder and Executive Editor at Java Code Geeks.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Back to top button