Cryptosystem Project in Java

Cryptosystem is responsible for encrypting the user's data and provide a secure mechanism to store it in a virtual drive. The virtual drive will be created by the system for the particular user for the very first while using the system. The system provides limited storage area where the data can be saved. As we can say that, it's a cloud storage medium where data can be accessed from any location. It also enables us to synchronize our desktop or laptop while using this cryptosystem.

Cryptography Primitives

Cryptography primitives are nothing but the tools and techniques in Cryptography that can be selectively used to provide a set of desired security services

Encryption
Hash Functions
Message Authentication Codes (MAC)
Digital Signatures

The Java Cryptography Architecture (JCA) is a set of APIs to implement concepts of modern cryptography such as digital signatures, message digests, certificates, encryption, key generation and secure random number generation, etc. By using JCA developers can build their applications by integrating security into them. To integrate security in our applications rather than depending on the complicated security algorithms we can easily call the respective APIs provided in JCA for required services.

Java Cryptography Encrypting and Decrypting Data

We can encrypt and decrypt the data using the cipher class of the javax.crypto package. Follow the steps given below to decrypt using Java.

Step 1: Create a KeyPairGenerator object

The KeyPairGenerator class provides getInstance() method that accepts a String variable representing the required key-generating algorithm and returns a KeyPairGenerator object that generates keys.

Create the KeyPairGenerator object using the getInstance() method as shown below.

//Creating KeyPair generator object
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("DSA");

Step 2: Initialize the KeyPairGenerator object

The KeyPairGenerator class provides a method named initialize(). It is used to generate key and pair. It accepts an integer value representing the key size.

Initialize the KeyPairGenerator object created in the previous step using the initialize() method as shown below.

//Initializing the KeyPairGenerator
keyPairGen.initialize(2048);

Step 3: Generate the KeyPairGenerator

We can generate the KeyPair using the generateKeyPair() method of the KeyPairGenerator class.

//Generate the pair of keys
KeyPair pair = keyPairGen.generateKeyPair();

Step 4: Get the public key

We can get the public key from the generated KeyPair object using the getPublic() method as shown below.

//Getting the public key from the key pair
PublicKey publicKey = pair.getPublic();

Step 5: Create a Cipher object

The getInstance() method of the Cipher class accepts a String variable representing the required transformation and returns a Cipher object that implements the given transformation.

Create the Cipher object using the getInstance() method as shown below.

//Creating a Cipher object
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");

Step 6: Initialize the Cipher object

The init() method of the Cipher class accepts two parameters. An integer parameter representing the operation mode (encrypt/decrypt) and Key object representing the public key.

//Initializing a Cipher object
cipher.init(Cipher.ENCRYPT_MODE, publicKey);

Step 7: Add data to the Cipher object

The update() method of the Cipher class accepts a byte array representing the data to be encrypted and updates the current object with the data given.

Update the initialized Cipher object by passing the data to the update() method in the form of byte array as shown below.

//Adding data to the cipher
byte[] input = "Hello there, this is group 01".getBytes();
cipher.update(input);

Step 8: Encrypt the data

The doFinal() method of the Cipher class completes the encryption operation. Therefore, finish the encryption using this method as shown below.

//Encrypting the data
byte[] cipherText = cipher.doFinal();

Step 9: Initialize the Cipher object for decryption

To decrypt the cipher encrypted in the previous steps we need to initialize it for decryption.

Therefore, initialize the cipher object by passing the parameters Cipher.DECRYPT_MODE and PrivateKey object as shown below.

//Initializing the same cipher for decryption
cipher.init(Cipher.DECRYPT_MODE, pair.getPrivate());

Step 10: Decrypt the data

Finally, Decrypt the encrypted text using the doFinal() method as shown below.

//Decrypting the text
byte[] decipheredText = cipher.doFinal(cipherText);

Advantages of Asymmetric Cryptography

The key distribution problem is eliminated because there's no need for exchanging keys.
Security is increased since the private keys don't ever have to be transmitted or revealed to anyone.
The use of digital signatures is enabled so that a recipient can verify that a message comes from a particular sender.
It allows for nonrepudiation so the sender cannot deny sending a message.

Disadvantages of Asymmetric Cryptography

It's a slow process compared to symmetric cryptography. Therefore, it's not appropriate for decrypting bulk messages.
If an individual loses his private key, he can't decrypt the messages he receives.
Because public keys aren't authenticated, no one can ensure a public key belongs to the person specified. Consequently, users must verify that their public keys belong to them.
If a malicious actor identifies a person's private key, the attacker can read that individual's messages.

Common Security Challenges

Managing keys is a hot issue, especially when dealing with access rights to the data, the legal ramifications of outsourcing, and how risks are mitigated. Common questions we hear: How do I protect my company? We have moved to the cloud, but who is the actual owner of the data? What protections do I have in the cloud? What happens if I have all my information, including my cryptographic keys in a certain cloud provider, and they get subpoenaed? What happens to the data if my organization gets subpoenaed?

Other cloud and security considerations are single-source cloud provider or multi-cloud; how data is moved; and how organizations maintain control of the data while keeping it secure.

Cryptosystem.java

import java.security.KeyGenerator;
import java.security.SecureRandom;
import java.security.spec.KeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
public class Cryptosystem {
    private static final String ALGORITHM = "AES";
    private static final String KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final int KEY_LENGTH = 128;
    private static final int SALT_LENGTH = 16;
    private SecretKey secretKey;
    public Cryptosystem() throws Exception {
        // Generate a random secret key.
        KeyGenerator keyGenerator = KeyGenerator.getInstance(ALGORITHM);
        SecureRandom random = new SecureRandom();
        keyGenerator.init(KEY_LENGTH, random);
        secretKey = keyGenerator.generateKey();
    }
    public String encrypt(String plaintext) throws Exception {
        //Create a cipher object.
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, secretKey);
        // Encrypt the plaintext.
        byte[] ciphertext = cipher.doFinal(plaintext.getBytes());
        // Encode the ciphertext in Base64.
        return Base64.getEncoder().encodeToString(ciphertext);
    }
    public String decrypt(String ciphertext) throws Exception {
        // Decode the ciphertext from Base64.
        byte[] ciphertextBytes = Base64.getDecoder().decode(ciphertext);
        // Create a cipher object.
        Cipher cipher = Cipher.getInstance(ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, secretKey);
        // Decrypt the ciphertext.
        byte[] plaintextBytes = cipher.doFinal(ciphertextBytes);
        // Convert the plaintext bytes to a string.
        return new String(plaintextBytes);
    }
    public static void main(String[] args) throws Exception {
        // Create a cryptosystem object.
        Cryptosystem cryptosystem = new Cryptosystem();
        // Encrypt a plaintext message.
        String plaintext = "This is a secret message.";
        String ciphertext = cryptosystem.encrypt(plaintext);
        // Decrypt the ciphertext.
        String decryptedPlaintext = cryptosystem.decrypt(ciphertext);
        // Print the decrypted plaintext.
        System.out.println("Decrypted plaintext: " + decryptedPlaintext);
    }
}

Output:

Decrypted plaintext: This is a secret message.

Conclusion

At the end of the day, organizations want to improve their data security. Many organizations have been taking a minimalist approach to their key management until recently. As organizations grow, many find it challenging to build out their cryptographic architecture to manage PKI, identity management, and data at rest. They must untwine some bad habits, particularly concerning key and certificate management, to build for today but also plan for tomorrow.

Next TopicFarthest from Zero Program in Java

← prev next →