AES Encryption and Decryption in Java with Bouncy Castle in ECB mode

AES aka advance encryption standard is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption. It operates on fixed-size blocks of data, typically 128 bits, and supports key lengths of 128, 192, or 256 bits.

Electronic Code Book (ECB) mode is the most basic form of symmetric cipher. In this mode, the cipher straightforwardly maps one block of bits to another block of bits using a secret key represented by a virtual code book. Depending on the encryption or decryption setting, the cipher produces either ciphertext or plaintext as output.

Setting Up Bouncy Castle Provider

The Bouncy Castle provider enhances Java’s cryptography capabilities and offers support for a wide range of algorithms. Before diving into AES encryption, ensure you have the Bouncy Castle provider added to your project by importing import org.bouncycastle.jce.provider.BouncyCastleProvider; .

package tutcoach;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.encoders.Hex;
import java.security.Security;

import org.bouncycastle.jce.provider.BouncyCastleProvider;

Add Bouncy Castle Provider

public class AesEcbMode {   public static void main(String[] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        
        }

Key and IV(Initialization Vector) Initialization

AES requires a key and an Initialization Vector (IV) for encryption. In our example, we define the key and IV in hexadecimal format

public class AesEcbMode {
    public static void main(String[] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider());

        // Define the key and IV in hexadecimal format
        byte[] keyBytes = Hex.decode("000102030405060708090a0b0c0d0e0f");
        byte[] ivBytes = Hex.decode("9f741fdb5d8845bdb48a94394e84f8a3");

        
    }
}

Initializing the Cipher

The Cipher class in Java is crucial for encryption and decryption. We initialize the Cipher instance for AES/CBC/PKCS5Padding mode with the Bouncy Castle provider:

public class AesEcbMode {

    public static void main(String[] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider());

        // Define the key and IV in hexadecimal format
        byte[] keyBytes = Hex.decode("000102030405060708090a0b0c0d0e0f");
        byte[] ivBytes = Hex.decode("9f741fdb5d8845bdb48a94394e84f8a3");

        // Create the SecretKeySpec and IvParameterSpec objects
        SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
        IvParameterSpec iv = new IvParameterSpec(ivBytes);

        // Initialize the Cipher instance for AES/CBC/NoPadding mode
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
}

Encrypting Data

After defining the input data, we encrypt it using the initialized cipher:

cipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] encrypted = cipher.doFinal(input);

Decrypting Data

To decrypt the encrypted data, we re-initialize the cipher in decryption mode.

cipher.init(Cipher.DECRYPT_MODE, key, iv);
byte[] decrypted = cipher.doFinal(encrypted);

Complete AES Example in java

package tutcoach;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import java.security.Security;


public class AesEcbMode {

    public static void main(String[] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider());

        // Define the key and IV in hexadecimal format
        byte[] keyBytes = Hex.decode("000102030405060708090a0b0c0d0e0f");
        byte[] ivBytes = Hex.decode("9f741fdb5d8845bdb48a94394e84f8a3");

        // Create the SecretKeySpec and IvParameterSpec objects
        SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
        IvParameterSpec iv = new IvParameterSpec(ivBytes);

        // Initialize the Cipher instance for AES/CBC/NoPadding mode
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");

        // Define the input data
        byte[] input = Hex.decode("a0a1a2a3a4a5a6a7a0a1a2a3a4a5a6a7"
                + "a0a1a2a3a4a5a6a7a0a1a2a3a4a5a6a7");

        // Print the input data in hexadecimal format
        System.out.println("Input: "  + Hex.toHexString(input));

        // Encrypt the input data
        cipher.init(Cipher.ENCRYPT_MODE, key, iv);
        byte[] encrypted = cipher.doFinal(input);

        // Print the encrypted data in hexadecimal format
        System.out.println("Encrypted: " + Hex.toHexString(encrypted));

        // Decrypt the encrypted data
        cipher.init(Cipher.DECRYPT_MODE, key, iv);
        byte[] decrypted = cipher.doFinal(encrypted);

        // Print the decrypted data in hexadecimal format
        System.out.println("Decrypted: " + Hex.toHexString(decrypted));
    }
}

Output

AES Encryption and Decryption in Java with Bouncy Castle in ECB mode AES Encryption and Decryption in Java with Bouncy Castle in ECB mode

Conclusion

Electronic Code Book (ECB) mode is the most basic form of symmetric cipher. In this mode, the cipher straightforwardly maps one block of bits to another block of bits using a secret key represented by a virtual code book. Depending on the encryption or decryption setting, the cipher produces either ciphertext or plaintext as output.

Below is a simple example demonstrating AES encryption in ECB mode. While it’s a basic implementation using the JCE (Java Cryptography Extension), it highlights the utilization of the Cipher class along with the SecretKeySpec class.

Leave a Comment