</>
javaadvanced

AES Encryption and Decryption

Encrypt and decrypt data with AES-GCM in Java: key generation, secure random IV, and Base64 encoding.

java
import javax.crypto.*;
import javax.crypto.spec.*;
import java.security.SecureRandom;
import java.util.Base64;

public class AESCrypto {
    private static final int KEY_SIZE = 256;
    private static final int IV_SIZE = 12; // GCM recommended
    private static final int TAG_SIZE = 128;

    // Generate a random AES key
    public static SecretKey generateKey() throws Exception {
        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
        keyGen.init(KEY_SIZE);
        return keyGen.generateKey();
    }

    // Key from password
    public static SecretKey keyFromPassword(String password, byte[] salt) throws Exception {
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 100_000, KEY_SIZE);
        return new SecretKeySpec(factory.generateSecret(spec).getEncoded(), "AES");
    }

    // Encrypt (AES-GCM)
    public static String encrypt(String plaintext, SecretKey key) throws Exception {
        byte[] iv = new byte[IV_SIZE];
        new SecureRandom().nextBytes(iv);

        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, key, new GCMParameterSpec(TAG_SIZE, iv));
        byte[] encrypted = cipher.doFinal(plaintext.getBytes("UTF-8"));

        // Prepend IV to ciphertext
        byte[] combined = new byte[iv.length + encrypted.length];
        System.arraycopy(iv, 0, combined, 0, iv.length);
        System.arraycopy(encrypted, 0, combined, iv.length, encrypted.length);

        return Base64.getEncoder().encodeToString(combined);
    }

    // Decrypt
    public static String decrypt(String ciphertext, SecretKey key) throws Exception {
        byte[] combined = Base64.getDecoder().decode(ciphertext);

        byte[] iv = new byte[IV_SIZE];
        byte[] encrypted = new byte[combined.length - IV_SIZE];
        System.arraycopy(combined, 0, iv, 0, IV_SIZE);
        System.arraycopy(combined, IV_SIZE, encrypted, 0, encrypted.length);

        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.DECRYPT_MODE, key, new GCMParameterSpec(TAG_SIZE, iv));
        return new String(cipher.doFinal(encrypted), "UTF-8");
    }

    public static void main(String[] args) throws Exception {
        SecretKey key = generateKey();
        String encrypted = encrypt("Secret message!", key);
        System.out.println("Encrypted: " + encrypted);
        System.out.println("Decrypted: " + decrypt(encrypted, key));
    }
}

Use Cases

  • Encrypting sensitive data at rest
  • Secure data transmission between services
  • Password-based encryption for user data

Tags

#java#encryption#security#aes

Related Snippets

Similar patterns you can reuse in the same workflow.

javaadvanced

Spring Security — JWT Authentication

Implement JWT authentication with Spring Security: token generation, validation, and filter chain.

Best for: Securing REST APIs with JWT tokens

#spring-boot#jwt
javaintermediate

Secure Password Hashing

Hash passwords securely with PBKDF2 and verify them — no external libraries required.

Best for: User registration password storage

#java#security
javabeginner

Reverse a String in Java

Multiple ways to reverse a string in Java including StringBuilder, char array, and stream approaches.

Best for: String manipulation in coding interviews

#java#string
javabeginner

Read File Line by Line in Java

Read files using BufferedReader, Files.readAllLines, and Stream API with proper resource management.

Best for: Processing log files line by line

#java#file-io