Java Cryptography Extensions (JCE)

Java's cryptography library is based on a provider model. Providers of cryptographic functions can be plugged in to extensible classes. This is important, because cryptography advances fairly regularly. New weaknesses are discovered, and new algorithms are invented to adress those weaknesses. Look at DES and AES as an example. The only way for a stable foundation like Java to keep up is to let providers plug in their own extensions.

Symmetric Algorithms

To encrypt or decrypt a message in Java, you'll use a symmetric algorithm. The current industry standard is AES, so we'll demonstrate with that. A symmetric algorithm uses the same key to both encrypt and decrypt. So the first thing we need to do is generate a key. Get an instance of a key generator for the AES algorithm. Initialize the key generator to the desired key length (for example, 256 bits), and then call the "generateKey" function.

KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
SecretKey key = keyGenerator.generateKey();

Once you have a key, you can encrypt and decrypt messages. Create a Cipher for the algorithm of choice. In this example, we are using the following options:

Cipher aes = Cipher.getInstance("AES/CBC/PKCS5Padding");

Then create a random initialization vector to apply to the first block. The IV is 16 bytes log, because each AES block is 16 bytes long. This is true regardless of the selected key size.

SecureRandom random = new SecureRandom();
byte[] buffer = new byte[16];
IvParameterSpec iv = new IvParameterSpec(buffer);

Prepare the cipher for encryption with the key and initialization vector.

aes.init(Cipher.ENCRYPT_MODE, key, iv);

Finally, write your message through a CipherOutputStream, which will in turn write it to your destination stream. In this case, the destination is a ByteArrayOutputStream so that I can get the ciphertext as an array of bytes.

ByteArrayOutputStream out = new ByteArrayOutputStream();
CipherOutputStream cipherOut = new CipherOutputStream(out, aes);
OutputStreamWriter writer = new OutputStreamWriter(cipherOut);

try {
finally {

return out.toByteArray();