Symmetric Cipher

The symmetric cipher is a cipher where only one key is used to encrypt and decrypt the data.

This article is a series of article which will help us understand cryptography in a better way. Security should be not be enforced it should be incorporated by design or as muscle memory in the developer's day-to-day work.

In symmetric cipher, the same key is used to encrypt and decrypt the data.

With symmetric cipher, the key should be known to the person or system encrypting the data, and the person of the system decrypting the data.

Symmetric cryptography is faster to run (in terms of both encryption and decryption) because the keys used are much shorter than they are in asymmetric cryptography. Additionally, the fact that only one key gets used (versus two for asymmetric cryptography) also makes the entire process faster.

When should we use symmetric cipher?

The symmetric cipher is important when we are looking for security with speed. Majorly we can use it when the data is not leaving our system. It’s there on system disk only. Few examples mentioned below.

• Banking: Encrypting credit card information or other personally identifiable information (PII) required for transactions
• Data storage: Encrypting data stored on a device when that data is not being transferred

We should store the key in a place that is not accessible by anyone except the application. We can store it in a vault, there is various vault provider, but that is the topic for some other article.

Some example of Symmetric encryption algorithm:

• AES (Advanced Encryption Standard)
• DES (Data Encryption Standard)
• IDEA (International Data Encryption Algorithm)
• Blowfish (Drop-in replacement for DES or IDEA)
• RC4 (Rivest Cipher 4)
• RC5 (Rivest Cipher 5)
• RC6 (Rivest Cipher 6)

We will look at AES in a bit depth and how we can implement it in Java.

The most commonly used symmetric algorithm is the Advanced Encryption Standard (AES), which was originally known as Rijndael. This is the standard set by the U.S. National Institute of Standards and Technology in 2001 for the encryption of electronic data announced in U.S. FIPS PUB 197. This standard supersedes DES, which had been in use since 1977. Under NIST, the AES cipher has a block size of 128 bits but can have three different key lengths as shown with AES-128, AES-192, and AES-256.

Let see the java program and then we will understand it line by line.

In the AES algorithm, we first need a key that will be used for encryption and decryption.

We will be using SecureRandom class to generate a random number( random key), “java.security.SecureRandom, a class that provides a cryptographically strong random number generator.” We are generating 16-byte key, which is nothing but AES 128. ( 16 bytes * 8 ) = 128 bits

SecureRandom secureRandom = new SecureRandom();
byte [] key = new byte [16];
secureRandom.nextBytes(key);

Now we have a key, now we will need the initialization vector.

An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption. This number also called a nonce, is employed only one time in any session. The use of an IV prevents repetition in data encryption, making it more difficult for a hacker to use a dictionary attack to find patterns and break a cipher. We will be generating 16 bytes IV also.

byte [] iv =  new byte[16];
secureRandom.nextBytes(iv);

Now let's look into the encrypt method. In the encrypt method we will initialize the Cipher class by calling the get instance method. We will be using the algorithm “AES/CBC/PKCS5PADDING”. Below mentioned are the algorithm supported by java

Every implementation of the Java platform is required to support the following standard Cipher transformations with the keysizes in parentheses:

• AES/CBC/NoPadding (128)
• AES/CBC/PKCS5Padding (128)
• AES/ECB/NoPadding (128)
• AES/ECB/PKCS5Padding (128)
• DES/CBC/NoPadding (56)
• DES/CBC/PKCS5Padding (56)
• DES/ECB/NoPadding (56)
• DES/ECB/PKCS5Padding (56)
• DESede/CBC/NoPadding (168)
• DESede/CBC/PKCS5Padding (168)
• DESede/ECB/NoPadding (168)
• DESede/ECB/PKCS5Padding (168)
• RSA/ECB/PKCS1Padding (1024, 2048)
• RSA/ECB/OAEPWithSHA-1AndMGF1Padding (1024, 2048)
• RSA/ECB/OAEPWithSHA-256AndMGF1Padding (1024, 2048)

Using the key, iv and the cipher we will encrypt the data and the encrypted data can be decrypted using the decrypt method. Using the same key, iv and encrypted data.