Java JCA - AES encryption, detecting if message was tampered with

Question

I am trying to figure out how to write a simple Java Class to encrypt and decrypt plain text files, using AES but it has to be able to tell if someone else has someone edited a file and encrypted it outside of that class through a use of a signature. If the signature doesn't match then the file gets deleted.

I had a look at Message Digest and though about storing a checksum in another file, but I would like some advice. Is there any way that we can easily implement that. The Java Class will need a function to be able to go through a folder and see if files have been tampered with.

Answer 1

What you want is authenticated encryption (aka AEAD). A very common way to achieve this is to use AES in Galois Counter Mode (GCM). Please keep in mind that this mode provides great security and efficiency when used correctly, but when used even slightly incorrectly all those benefits can quickly go out the window. For example, if you reuse an IV for different plaintexts you lose almost all your security assurances. If the terms I am using are foreign to you and the data you are trying to protect is very sensitive, I highly recommend that you hire someone knowledgeable in the field to do this for you. If you still wish to do this yourself you will need to first figure out the following:

1. How will you generate your AES key(s)? The source of entropy for this is important and needs to be appropriate for the sensitivity of the data you wish to protect.

2. How will you store your key(s)? Will they sit in a software-based keystore on the local machine or will they sit in some kind of tamper resistant hardware (e.g., an HSM)? If they will be only protected by software, how will you protect the passphrase(s)?

3. How will you store the ciphertext, IV, auth tag, and associated data? Will you use a predefined format (e.g., CMS) or a custom homegrown one?

4. In addition to files being modified, do you need to test if files were deleted and/or duplicated from the directory?

5. What length authentication tag would you like?

I am not sure how big your files are so I don't know if you want to read the entire file into memory and then perform encryption or use an Input/Output Stream approach. If you let me know more details I can point you to some better resources.