4 Replies Latest reply: Dec 9, 2011 4:42 PM by 896401 RSS

    SunJCE provider - AES - Padding

    896401
      Hi,

      I am using the SunJCE provider and using the AES based algorithm for encryption. I have few questions with respect to usage of this crypto algorithm:
      1) Does AES algorithm require Padding to be taken care if the data is not standard block size?
      2) What is the default mode used for AESCipher if not specified?
      3) What is the default padding used for AESCipher if not specified?

      Please advise!

      Thank You.

      Edited by: user13281086 on Oct 26, 2011 3:40 PM
        • 1. Re: SunJCE provider - AES - Padding
          sabre150
          user13281086 wrote:
          Hi,

          I am using the SunJCE provider and using the AES based algorithm for encryption. I have few questions with respect to usage of this crypto algorithm:
          1) Does AES algorithm require Padding to be taken care if the data is not standard block size?
          Yes. It is a straight-forwards minimal AES with no frills other than it's ability to handle more than one block at a time.
          2) What is the default mode used for AESCipher if not specified?
          If one specifies Cjpher.instance("AES") then by default one gets "AES/ECB/PKCS5Padding". ECB block mode should almost never be used in production systems since it has a serious vulnerability. One should almost always use one of the feedback modes such as CBC with a random IV.
          3) What is the default padding used for AESCipher if not specified?
          PKCS5

          >
          Please advise!

          Thank You.

          Edited by: user13281086 on Oct 26, 2011 3:40 PM
          • 2. Re: SunJCE provider - AES - Padding
            896401
            Thank you for the response. So, if I use the "CBC with a random IV" mode, is there need for developer to take care of padding the data or is it handled by the SunJCE provider automatically?

            Please recommend any links which will be helpful for someone not familiar with the usage of SunJCE provider detail.

            Edited by: user13281086 on Oct 27, 2011 3:58 PM
            • 3. Re: SunJCE provider - AES - Padding
              sabre150
              user13281086 wrote:
              Thank you for the response. So, if I use the "CBC with a random IV" mode, is there need for developer to take care of padding the data or is it handled by the SunJCE provider automatically?
              One specifies the padding to be used when one creates the Cipher object; for example, "AES/CBC/PKCS5Padding" .

              >
              Please recommend any links which will be helpful for someone not familiar with the usage of SunJCE provider detail.
              You can take a look at http://download.oracle.com/javase/1.4.2/docs/guide/security/jce/JCERefGuide.html but without understanding the background one can very very easily create an insecure system. A good starting point is "Beginning Cryptography with Java" by David Hook published by Wrox.
              • 4. Re: SunJCE provider - AES - Padding
                896401
                Thanks!