AES Encryption example?

I'm new to the cryptography area, so bear with me if I get things mixed up a bit.
Here is what I need to do - using AES encryption.
I have a stand-alone swing application that I need to encode certain sets of passwords and serial numbers.
These will be stored in a database and compared against user input strings.
Basically, I want to be able to store the key for the encryption in the program and use it for the encoding
and decoding.
I realize this is probably not the best way to handle this, but the security is not all that critical for this application.
Basically we just don't want someone fetching the data from the database without having to use the application to decrypt it.
I have seen several examples where a SecretKeySpec gets generated for each time the example is run,
an example is http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html
but I have not been able to find anything where a "static" key is used for the encryption/decryption.
Can someone help me out here?
Thanks.

From your usage description, there is no need to encrypt anything. Just store a hash (MD5, SHA-1, SHA256 etc) of the passwords and serial numbers. You then compare the hash of whatever the user enters with the hash stored in the DB.

Similar Messages

Can't open a specific wesite with AES encryption on

WRT54GX2 router set up with WPA and AES encryption, will not open a website that I know is working (it's my ISP, webmail site). When I change to TKIP the site opens normally, but my wireless printer then drops off the network. Any one have a fix?

I agree with toomanydonuts suggestion. You can try the steps which toomanydonuts has mentioned and i think that will make your computer and printer work wirelessly.

WPA2 Aes encryption on cisco 1121G AP

hi
i wanted to increase the security on my 1121G accesspoint by enabling wpa2 with aes encryption. in a test environment i set this up and i configured my wireless client to connect, my wireless client (ibm thinkpad t42p with 11a/b/g Wireless LAN Mini PCI Adapter II has the ability to either select WPA or WPA2 and whether you use TKIP or AES. i selected WPA2 and AES enter the encryption key which i had entered on the AP and i connected,
i change the settings on the client to WPA and TKIP and entered the same encryption key and i managed to connect as well, which puzzles me, when i enter an incorrect encryption key it won't associate.
is this normal behaviour or do you think i have configured something incorrectly on the 1121G AP?
i have attached my config and have removed some personal data.
many thanks
rogier

i have finally figured it out, it is the windows client or mac clients being very smart, if you configure your windows client to use WPA instead of WPA2 and select TKIP instead of AES encryption somehow it figures out this is incorrect and automatically sets the WPA to WPA2 settings and changes TKIP to AES encryption, i am amazed, i finally figured it out when a windows machine which did not have the windows patch to allow it to connect to WPA2 could not connect, only after installing the WPA2 patch would it connect. in the AP log it always showed as logging in with the WPA2 EAS encryption.
i guess windows xp is a bit smarter than i originally thought

AES Encryption for Windows Phone

Hi,
We are developing a windows phone app and the same app is also being developed in Android and IOS. All three platforms are using a JSON web service for data access. Parameters to be passed are encrypted using AES algorithm.
The web service uses the Encryption and Decryption as shown in the following link :
https://msdn.microsoft.com/en-us/library/system.security.cryptography.aesmanaged(v=vs.110).aspx
The same is Encryption is available in IOS and Android and working fine.
I am unable to achieve the same encryption in Windows Phone as System.Security.Cryptography is not available in Windows Phone. I did browse around and found a few alternatives as shown below but i am not getting the desired result i.e. Encrypted data is
not the same and hence Decryption is not giving the same result in server side.
public static byte[] Encrypt(string plainText, string pw, string salt)
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf16LE);
IBuffer plainBuffer = CryptographicBuffer.ConvertStringToBinary(plainText, BinaryStringEncoding.Utf16LE);
// Derive key material for password size 32 bytes for AES256 algorithm
KeyDerivationAlgorithmProvider keyDerivationProvider = Windows.Security.Cryptography.Core.KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
// using salt and 1000 iterations
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
// create a key based on original key and derivation parmaters
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
// derive buffer to be used for encryption salt from derived password key
IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
// display the buffers – because KeyDerivationProvider always gets cleared after each use, they are very similar unforunately
string keyMaterialString = CryptographicBuffer.EncodeToBase64String(keyMaterial);
string saltMaterialString = CryptographicBuffer.EncodeToBase64String(saltMaterial);
SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
// create symmetric key from derived password key
CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
// encrypt data buffer using symmetric key and derived salt material
IBuffer resultBuffer = CryptographicEngine.Encrypt(symmKey, plainBuffer, saltMaterial);
byte[] result;
CryptographicBuffer.CopyToByteArray(resultBuffer, out result);
return result;
public static string Decrypt(byte[] encryptedData, string pw, string salt)
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf16LE);
IBuffer cipherBuffer = CryptographicBuffer.CreateFromByteArray(encryptedData);
// Derive key material for password size 32 bytes for AES256 algorithm
KeyDerivationAlgorithmProvider keyDerivationProvider = Windows.Security.Cryptography.Core.KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
// using salt and 1000 iterations
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
// create a key based on original key and derivation parmaters
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
// derive buffer to be used for encryption salt from derived password key
IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
// display the keys – because KeyDerivationProvider always gets cleared after each use, they are very similar unforunately
string keyMaterialString = CryptographicBuffer.EncodeToBase64String(keyMaterial);
string saltMaterialString = CryptographicBuffer.EncodeToBase64String(saltMaterial);
SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
// create symmetric key from derived password material
CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
// encrypt data buffer using symmetric key and derived salt material
IBuffer resultBuffer = CryptographicEngine.Decrypt(symmKey, cipherBuffer, saltMaterial);
string result = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, resultBuffer);
return result;
public static string AES_Encrypt(string input, string pass)
SymmetricKeyAlgorithmProvider SAP = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesEcbPkcs7);
CryptographicKey AES;
HashAlgorithmProvider HAP = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Md5);
CryptographicHash Hash_AES = HAP.CreateHash();
string encrypted = "";
try
byte[] hash = new byte[32];
Hash_AES.Append(CryptographicBuffer.CreateFromByteArray(System.Text.Encoding.UTF8.GetBytes(pass)));
byte[] temp;
CryptographicBuffer.CopyToByteArray(Hash_AES.GetValueAndReset(), out temp);
Array.Copy(temp, 0, hash, 0, 16);
Array.Copy(temp, 0, hash, 15, 16);
AES = SAP.CreateSymmetricKey(CryptographicBuffer.CreateFromByteArray(hash));
IBuffer Buffer = CryptographicBuffer.CreateFromByteArray(System.Text.Encoding.UTF8.GetBytes(input));
encrypted = CryptographicBuffer.EncodeToBase64String(CryptographicEngine.Encrypt(AES, Buffer, null));
return encrypted;
catch (Exception ex)
return null;
public static string AES_Decrypt(string input, string pass)
SymmetricKeyAlgorithmProvider SAP = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesEcbPkcs7);
CryptographicKey AES;
HashAlgorithmProvider HAP = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Md5);
CryptographicHash Hash_AES = HAP.CreateHash();
string decrypted = "";
try
byte[] hash = new byte[32];
Hash_AES.Append(CryptographicBuffer.CreateFromByteArray(System.Text.Encoding.UTF8.GetBytes(pass)));
byte[] temp;
CryptographicBuffer.CopyToByteArray(Hash_AES.GetValueAndReset(), out temp);
Array.Copy(temp, 0, hash, 0, 16);
Array.Copy(temp, 0, hash, 15, 16);
AES = SAP.CreateSymmetricKey(CryptographicBuffer.CreateFromByteArray(hash));
IBuffer Buffer = CryptographicBuffer.DecodeFromBase64String(input);
byte[] Decrypted;
CryptographicBuffer.CopyToByteArray(CryptographicEngine.Decrypt(AES, Buffer, null), out Decrypted);
decrypted = System.Text.Encoding.UTF8.GetString(Decrypted, 0, Decrypted.Length);
return decrypted;
catch (Exception ex)
return null;
Both methods shown above are not giving the same result.
I would require the following scenario :
Plain Text : "login@123"
Key : "0123456789abcdef"
IV : "fedcba9876543210"
Hex : 356F65678C82C137BDBB2A2C8F824A68
Encrypted Text : 5oegåÇ¡7Ωª*,èÇJh
Request you to please suggest alternative to obtain the same AES Encryption using a Key and IV in Windows Phone.
Thanks in advance.
Regards,
Vinay D

Hi,
The encryption and decryption in : http://dotnetspeak.com/2011/11/encrypting-and-decrypting-data-in-winrt-2 is
not giving me the desired result.
I would require the following scenario :
Plain Text : "login@123"
Key : "0123456789abcdef"
IV : "fedcba9876543210"
Encrypted Text : 5oegåÇ¡7Ωª*,èÇJh
But what i am getting from the above link is :
I would require the following scenario :
Plain Text : "login@123"
Key : "0123456789abcdef"
IV : "fedcba9876543210"
Encrypted Text : NW9lZ4yCwTe9uyosj4JKaA==
As u can see the encrypted string is not the same and hence i would get a different decrypt string on the server.
I cannot change the server as it is in production and working with Android and IOS.
Regards,
Vinay D

AES encryption with linux 64

Hello
We are using the AES encryption algorithm as one of our systems. To be able to use the AES did the installation of files and local_policy.jar US_export_policy.jar the JVM.
On Windows and Linux 32-bit func, but did not work on Linux 64. returns the following error message: java.security.InvalidKeyException: Invalid AES key length: 31 bytes.
The policys above are different JDK for Linux 64?
What may be happening?

I would suggest that you have not transferred your key correctly. You should note that keys are binary data and Strings should not be used to store binary data. It is possible that since you are using ASCII the two systems behave differently when converting a String to ASCII bytes. It would not surprise me if characters greater than 0x7f (which are not part of the ASCII set) are converted differently. Maybe somebody fixed a bug. Dump out in hex the bytes of your key created from key.getBytes("ASCII") in both systems and compare the two. I bet they are different.
P.S. Please enclose the code in a pair of tags when posting code.

Accept Certificate when connecting to an SSID with WPA2-AES encryption.

When I try to Connect my Iphone to an SSID with WPA2-AES encryption,i need to accept the certificate and gets authenticated.When i switchover to different SSID and reconnect again to the same WPA2-AES SSID i do not get the Certificate accept page.
When i click on the Forget Network and deisconnect from the SSID and re-connect again,i will be prompted to acept the certificate.Is this a normal behavior in Iphone.
Any suggestions would be greatly appreciated.
Thanks and regards,
Sendhil Balakrishnan

Hi
with the config i have i seem to be able to login using either tkip or aes, but i don't think i have got mixed mode configured on the AP so it should only accept WPA2-AES encryption but it also accepts TKIP making me believe something is configured incorrectly.
should i change anything in the config on the AP to only allow WPA2-AES encryption?
many thanks
rogier

WPA2 AES encryption Key Sizes

Hi all,
Just looking at the AES standard, or wiki of it
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
It mentions that AES supports the following (in the notes just at the bottom of the web page)
Key sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128, 192, and 256-bit key sizes are specified in the AES standard.
Block sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128-bit block size is specified in the AES standard.
What does the WLCs use for an AES key size when you enable a WPA2 policy with AES encryption?
Many thx
Ken

128 bits was supported on the autonomous code, so I'm sure the LWAPP solution also uses 128 bits with three possible key lengths 128, 192 and 256 bits.

AES Encryption No Longer Working

Last week we had users complaining that they could no longer connect to wireless. They were receiving a limited or no connectivity message. Upon researching the issue, I found that if I removed the AES encryption, from WPA2, users were able to connect again with TKIP. In speaking to a few admins, they stated that TKIP was the preferred method that was chosen years ago. My first question is this.....In our WLAN's, we had the options for WPA/TKIP-AES, and WPA2/TKIP-AES. I'm assuming this would allow the PC to use whichever encryption method was preferred. However, this doesn't seem to be the case. The PC chose AES, which caused the issue that they were having. Would this be something PC based? I'm assuming the controller only gives the ability. It won't actually dictate which encryption method is used, unless one of the options is turned off (like we did with AES). My second question is this....TKIP, being a weaker encryption method, isn't what I want our users using. How could I migrate to AES? Are there specific instructions to move from TKIP to AES? Is it more than just putting a check mark on the AES options, under WLAN security? Thanks for any help!

Its best to only use either WPA/TKIP or WPA2/AES, not both or a mix of either. This does cause issues with devices so its hit or miss. If you had configured everything for WPA2/TKIP, well... your stuck with a non standard IEEE setting, and you will have to just configure that on the WLC. It's the same if you were using WPA/AES.
The best way to move to a standard, is if your devices were domain machines and you can push out a GPO. Non domain machines, you would need to manually enter those unless you had a tool that manages them.

Enable AES encryption on 1310 Wireless bridge

Hi All,
I have requirment to enable the AES encryption on the management VLAN traffic between connected root and non root bridges . can any one share the configuration guidelines please ??
below is the network setup .
Router<---->SW1 ( main office)--> Root-bridge < ---------->non root-bride------SW2 ( remote end site)
Apart from the specific configuration on the wireless bridge is any extra configuration required on the Switch interfaces??
Regards
Lerner

Hello,
1. Make sure you are running version 12.3(7)JA or later since WPA2/AES was not always available for the 1310.
2. How do you currently have the root/non-root configured?
Ideally, adding AES shoudl be fairly straight forward. Keep in mind we recommend using WPA2 with AES.
configured on your root AND non-root:
dot11 ssid
authentication open
authentication key-management wpa version 2
interface do1
encryption mode ciphers aes-ccm

What configurations need to Enable AES encryptions on call on Expressway-e ??

hi guys
i've cucm 10.5 without token, on this cucm i've one sx80 registered, the cucm is configured to B2B call using one expressway-c and express-e, the b2b call work fine, but now i need configured aes encrypcion to call from SX80 to internet endpoint and viceversa.
what configurations i need to enable aes encryptions on expressway-e?
thanks.

Which browser are you using? Do you have Enable Java checked in it's preferences? When you get a message it's a good idea to write down exactly what it says rather than dismiss it and wonder later what it said about something.

AES Encryption - Encrypted value lengths

HI all -
I am attempting to use CF 8's AES encryption feature, and
have not found a critical piece of info in the docs to enable me to
progress.
I am using the function to encrypt a password that can be
from 6 to 16 characters long, which will be stored in a database. I
am using generateSecretKey("AES"), and that gives me a 24 character
key that I'm storing for future decryption use. I find that when I
use the key to encrypt a 6 character password the resulting
encrypted string is 32 characters long, but when I encrypt a 16
character password I get a 64 character encrypted string. This is
the case whether I specify "HEX" or "UU" as the encoding.
Without knowing how the length of the resulting encoded
string is determined, I cannot know how large to make my database
column. (MySQL's AES encryption gives the formula 16 ×
(trunc(string_length / 16) + 1) to arrive at the resulting string's
length, but that formula doesn't yield the results I'm seeing in
CFMX). Can anyone point me to a doc, or explain to me how to
determine the column length for storing the resulting encrypted
value?

No. Only things like key, encoding and string size should
matter. If the encoding is "hex", 1-15 characters should produce
size 32, 16-31 characters should produce 64, etcetera. Unless space
is at a premium, you could always increase the field size if that
makes you feel more comfortable.
Well, the results are dictated by the AES standard and basic
string encoding rules, not CF. I highly doubt either one is going
to change any time soon ;-) I agree documentation is good. However,
unlike aes_encrypt, the encrypt function supports many different
algorithms. Most of which have a distinct set of rules. So it would
probably be difficult to provide accurate information about all of
them. Especially as the specifications for each one alone probably
spans volumes ;-)

Aironet 1252 AES encryption

Dear all
I have two cisco airenet 1252 autonamous access point that are configured as point to point bridge. Now I want to confiure AES encryption or WPA2 using a pre-shared key however I do not see the option to do this . The only option I see under ciphers are:
wep 128
wep 40
TKIP
CKIP
CMIC
CKIP-CMIC
TKIP+WEP 128
TKIP+WEP 40
AES CCMP
AES CCMP + TKIP
AES CCMP + TKIP + WEP 128
AES CCMP + TKIP + WEP 40
Is it possible to use either AES or WPA2 using a pre-shared key on the 1252 autonamous access point? If possible please provide instruction preferably using the web interface.
Regards,
Screech

Sure ..
This is WPA2 Enterprise -- but you will see the PSK commands below
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008054339e.shtml
If you dont see these commands tehn you need to update your code.
- Go to Security > Encryption Manager > Select Cipher > AES CCMP from the drop down menu > Apply
- Go to Security > SSID Manager > Select (or create) the SSID > Link the SSID to the radio that you want
- Open authentication should be selected
- Key Management should be set to Mandatory
- "Enable WPA" needs to be checked
- Enter the Pre-Shared Key on the "WPA Pre-shared Key" field.
- Scroll down and click on the first apply (not the bottom one).
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

AES encrypt/decrypt

Hi,
I need to encrypt a file in Java using AES, given an 'EncryptionKey'. The "EncryptionKey" will be given to me as a String. Later, the client needs to be able to decrypt it using the same "EncryptionKey", with ANY decryption tool.
I'm not sure how this can be done. The sample codes I saw online usually use a KeyGenerator to generate the Key. It seems like maybe I can use the "EncryptionKey" as a password, and use this password to generate a Key like this:
http://javaalmanac.com/egs/javax.crypto/PassKey.html
However, the link above uses DES. If I want to use AES, is it possible? Also, the client is not supposed to know anything about the salt and iteration count, all he knows is the "EncryptionKey".
Thanks a lot!

The use of 'any' decryption tool needs to be constrained to those tools that support not just the prime encryption algorithm but also the secondary algorithms.
The code fragment I posted explicitly used
a) 'AES' as the prime encryption algorithm,
b) 'CBC' as the block mode,
c) 'PKCS5Padding' to pad the data to an integral number of blocks
and it implicitly used a separate Key and IV. It is possible to use a random IV and to send the IV as a prefix to the encrypted data. It is normal then to use a random IV so that no two messages use the the same IV. You could of course take a pragmatic approach and just use a fixed IV!
The JCE gives you other encryption algorithms, other block modes and other padding modes and, since it is really a framework, it can be extended to add in further algorithms and processing.
Further processing not included in the JCE could be applied. For example, the resultant encrypted data could be 'armored' by using Base64 or HEX encoding and it may be compressed before encryption.
As you can see, the 'devil is in the detail' and YOU have to decide how the data will be processed and therefore what algorithms any decryption tool must support.
The JCE gives you a set of building block but there are more operations (such as Base64 encoding) that may be needed. Using the JCE together with some 3rd party tools will allow you to create an encryption procedure that another tool will be able to decrypt BUT the other tool will need to specify what operations it performs to decrypt the data. You will need to study the decryption tool's manual to decide what operations you need to perform when encrypting your data.
If you need more general information then, as a starting point, there is an electronic book at http://www.cacr.math.uwaterloo.ca/hac/ and of course there is the JCE specification.

IPad: Open AES-encrypted zip files?

Is there an app which allows one to open zip files that were encrypted with AES-128 or AES-256? There was a discussion last year (https://discussions.apple.com/message/12429143) saying that there were none at the time, but I'm hoping for some progress since then. GoodReader, Filer LIte, and USB Disk Pro all failed to read files encrypted with either algorithm. Thanks,
John

Is there an app which allows one to open zip files that were encrypted with AES-128 or AES-256? There was a discussion last year (https://discussions.apple.com/message/12429143) saying that there were none at the time, but I'm hoping for some progress since then. GoodReader, Filer LIte, and USB Disk Pro all failed to read files encrypted with either algorithm. Thanks,
John

Cisco AnyConnect VPN client and 256 AES encryption in IE8

Hey,
We have a site that we are trying to connect to with the AnyConnect VPN client version 2.5.3055 on Windows XP SP3. As soon as we enter the site info and hit select, it says a connection was unable to be established.
I believe this has to do with the encryption, its set up with 256 bit AES. We are only able to install IE8, which on XP only supports up to 128 bit encryption, so in IE8 the page will not load. To fix that issue we installed firefox which supports 256 bit encryption. We can get to the page there, but when we go to connect to the same site VIA the VPN client it still will not connect. It will work fine on a windows 7 box with IE9 installed from the same network.
My question mainly pertains to how the AnyConnect client connects on the back end. Does it use Internet explorer's SSL layer by default? Or does it have its own? If it connects through internet explorer, is there a way to change it to firefox so it will actually be able to open up a connection?
Thank you for your answers in advance,
John

Hey Jeff,
Thanks for answering that question. Hmm, so it doesnt go through the browsers SSL layer. We have systems on the same network (same proxy, firewall, vlan, etc). All the systems with windows XP SP3 and IE8/IE7 can not connect to the VPN (they arent even able to start the connection and ask for proxy/logon info.), all the systems with windows 7 and IE9 can. Same setups on each one as far as the security policies go as well. I thought it may have to do with the 256 bit encryption that they are using.
If thats not the case, what else could be causing the problem? weve tested it on about 5 XP machines and 5 Win 7 machines, same results on each. Connects on Win 7, does not connect on Win XP.
Thanks,
John

AES Encryption example?

Similar Messages

Maybe you are looking for