9

I have this simple code, that i found on the internet.. im learning this stuff of encryption/decryption.. this code seems to work fine, but i don't understand something... why after the "c.doFinal()" (which is for encrypt/decrypt with AES-256) this guy encode/decode that encrypted value, with BASE64? its not enough only by using AES? 

`private static final String ALGO = "AES"; private static final byte[] keyValue = new byte[] { 'T', 'h', 'e', 'B', 'e', 's', 't', 'S', 'e', 'c', 'r','e', 't', 'K', 'e', 'y' }; public static String encrypt(String Data) throws Exception { Key key = generateKey(); Cipher c = Cipher.getInstance("AES"); c.init(Cipher.ENCRYPT_MODE, key); byte[] encVal = c.doFinal(Data.getBytes()); String encryptedValue = new BASE64Encoder().encode(encVal); return encryptedValue; } public static String decrypt(String encryptedData) throws Exception { Key key = generateKey(); Cipher c = Cipher.getInstance(ALGO); c.init(Cipher.DECRYPT_MODE, key); byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedData); byte[] decValue = c.doFinal(decordedValue); String decryptedValue = new String(decValue); return decryptedValue; } private static Key generateKey() throws Exception { Key key = new SecretKeySpec(keyValue, ALGO); return key; } public static void main(String[] args) throws Exception { String data = "SOME TEXT"; String dataEnc = AES.encrypt(data); String dataDec = AES.decrypt(dataEnc); System.out.println("Plain Text : " + data); System.out.println("Encrypted Text : " + dataEnc); System.out.println("Decrypted Text : " + dataDec); }`

Thanks!!

Improve this question
1
  • 1
    This is actually using 128-bit AES, not 256. The key is 16 bytes; 16 bytes * 8 bits per byte = 128 bit key. Commented Jan 3, 2014 at 13:52

3 Answers 3

Reset to default
9

The encrypted data returned by doFinal is binary, and so it cannot be printed (it'll appear as a bunch of gibberish.) The Base64 encoding converts the binary to a set of ASCII characters, this makes it easily readable and also makes it possible to use the encrypted data in situations where only plaintext data can be used.

The Base64 encoding doesn't add any extra encryption or security, it simply makes the encrypted data usable in situations where you can't use binary.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

The resulting AES-256 encrypted value can contain some unusual characters that, when printed, or sent over internet, can be modified or misunderstood, truncated or replaced during transmission or visual representation.

Base64 provides a mechanism to encode/decode values, so they can "travel" without the content being modified. The user who wrote this code you found, probably would need to store or transport this value.

You can try it yourself, and check the resulting string before being encoded to Base64.

Improve this answer

2 Comments

Yes u are right. I have tried it before asking here, and it printed something like "??'.?????-". I am developing a program and i need to send data over internet.. so i think i should do encode in base64 before sending
in fact.. i tried printing it by " System.out.println(new String(encVal,"ASCII"));"
0

Because doFinal() returns a byte array and bytes are generally difficult to comprehend. Leaving aside this program does a AES-128 not AES-256.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.