Class AesCipherService

  • All Implemented Interfaces:
    CipherService

    public class AesCipherService
    extends DefaultBlockCipherService
    CipherService using the AES cipher algorithm for all encryption, decryption, and key operations.

    The AES algorithm can support key sizes of 128, 192 and 256 bits*. This implementation defaults to 128 bits.

    Note that this class retains changes the parent class's default CBC mode to GCM of operation instead of the typical JDK default of ECB. ECB should not be used in security-sensitive environments because ECB does not allow for initialization vectors, which are considered necessary for strong encryption. See the parent class's JavaDoc and the JcaCipherService JavaDoc for more on why the JDK default should not be used and is not used in this implementation.

    * Generating and using AES key sizes greater than 128 require installation of the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files.

    Since:
    1.0
    • Constructor Detail

      • AesCipherService

        public AesCipherService()
        Creates a new CipherService instance using the AES cipher algorithm with the following important cipher default attributes:
        Attribute Value
        keySize 128 bits
        blockSize 128 bits (required for AES
        mode GCM*
        paddingScheme NoPadding***
        initializationVectorSize 128 bits
        generateInitializationVectors true**

        * The GCM operation mode is used instead of the JDK default ECB to ensure strong encryption. ECB should not be used in security-sensitive environments - see the DefaultBlockCipherService class JavaDoc's "Operation Mode" section for more.

        **In conjunction with the default GCM operation mode, initialization vectors are generated by default to ensure strong encryption. See the JcaCipherService class JavaDoc for more.

        **Since GCM is a stream cipher, padding is implemented in the operation mode and an external padding scheme cannot be used in conjunction with GCM. In fact, AES/GCM/PKCS5Padding is just an alias in most JVM for AES/GCM/NoPadding.

        NOTE: As of Java 14, setting a streaming padding for the above example will throw a NoSuchAlgorithmException

        See Also:
        JDK-8180392