AES Encryption is implemented in ECB mode but it is not security compliant. How to implement CBC mode

Question

I have implemented AES encryption in java, but the algorithm is not accepted by team as it is implemented in ECB mode which is not security compliant.I am very new to cryptography and Security requirements.

Can someone please help me changing algorithm to CBC mode. I have attached my code implemented in ECB mode.

public String encrypt(String plainPwd)
{
    byte[] outputBytes = new byte[] {};
    String returnString = "";
    try
    {
        byte[] raw = "XXXXX@XXXXXX.XXX".getBytes("UTF-8");

        SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec);

        outputBytes = cipher.doFinal(plainPwd.getBytes("UTF-8"));
        if (null != outputBytes)
        {
            returnString = Base64Encrypter.getInstance().encode(outputBytes);
        }
        return returnString.trim();

    }
    catch (Exception e)
    {
        System.out.println(e);
    }

    return new String(outputBytes).trim();
}

public String decrypt(String encryptedPwd)
{
    byte[] outputBytes = new byte[] {};
    try
    {
        byte[] raw = "XXXXX@XXXXXX.XXX".getBytes("UTF-8");

        SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
        Cipher cipher = Cipher.getInstance("AES");
        cipher.init(Cipher.DECRYPT_MODE, skeySpec);

        byte[] inputBytes = Base64Encrypter.getInstance().decode(encryptedPwd);
        if (null != inputBytes)
        {
            outputBytes = cipher.doFinal(inputBytes);
        }
    }
    catch (Exception e)
    {
        System.out.println(e);
    }

    return new String(outputBytes).trim();
}

Early reply will be highly appreciated. Thanks in advance

Answer 1

If your data is short and random ECB might be acceptable (at least not worse than CBC). But it is most likely a good idea to not even try to get this right.

Keep in mind, CBC does also not offer integrity protection. Using a extra HMAC or a dedicated mode for wrapping secrets (AESKeywrap) or using an authenticated mode (AES/GCM) is better. (and this is not only a question of avoiding modifications it also closes a class of attacks against the privacy protection of the protocols).

If the data is not random/predictable you need to use a mode which also uses an IV. In case of CBC Java will pick a random IV if not specified.

However for decrypt (especially if you have a padding which does verification) you need to specify the exactly same IV, so dont forget to retrieve and transmit it. So the (unsecure because not authenticated) encryption becomes:

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
byte[] iv = cipher.getIV(); // randomly filled.
...

// on decrypt specify this IV again
cipher.init(Cipher.DECRYPT_MODE, skeySpec, new IvParameterSpec(iv));

This also has the advantage that it actually specifies the padding to use, so you do not depend on the default selection of Java (always specify the full mode string).

Answer 2

Change the request string from AES to AES/CBC/PKCS5PADDING and add an iv. While padding is not CBC specific it is good to explicitly define all parameters and with few exceptions padding is needed.

For the iv generate a cryptographically secure random number of block size (16-bytes for AES). In order to have the iv available for decryption common practice is to prepend it to the encrypted data, it does not need to be secret.

Answer 3

AES has around 6 different encryption modes. It's important that you use the correct mode for the application that you are using it for. as @eckes says, ECB is fine for small amounts of data where random encrypt/decrypt access is useful. The disadvantage of ECB is that the same input will have the same output, so an attacker could see patterns and may reverse engineer it if there are limited numbers of practical values.

Check out how to choose AES encryption mode for more guidance on picking the correct operation mode.