Not-Yet-Commons-SSL has an implementation of PBE ("password based encryption") that is 100% compatible with OpenSSL's command-line "enc" utility. PBE is a form of symmetric encryption where the same key or password is used to encrypt and decrypt the file.
We are also compatible with openssl enc -K [key] -iv [IV]
, where the key and IV are provided explicitly,
instead of being derived from a password. Look for encrypt()/decrypt() methods that take
byte[] key, byte[] iv
instead of char[] password.
Please visit the Quick-FAQ if you are having problems.
PBE code example (DES-3):*
char[] password = {'c','h','a','n','g','e','i','t'};
byte[] data = "Hello World!".getBytes();
// Encrypt!
byte[] encrypted = OpenSSL.encrypt("des3", password, data);
System.out.println("ENCRYPTED: [" + new String(encrypted) + "]");
// Decrypt results of previous!
data = OpenSSL.decrypt("des3", password, encrypted);
System.out.println("DECRYPTED: [" + new String(data) + "]");
OUTPUT:
=======================
ENCRYPTED: [U2FsdGVkX19qplb9qVDVVEYxH8wjJDGpMS+F4/2pS2c=]
DECRYPTED: [Hello World!]
* - This code example is not quite right.
Some notes:
openssl enc -K [key] -iv [IV]
" where key and iv
are explicitly provided, rather than being derived from a password. The [key] and [IV] should be specified
in either raw binary, or hexidecimal (4 bits per character). This isn't really PBE anymore, but it's a
common use case.Here's a list of supported OpenSSL ciphers. The purple ones require the BouncyCastle JCE. The red ones (desx, desx-cbc) probably require RSA's BSAFE JCE, and have not been tested.
aes-128-cbc aes-128-cfb aes-128-cfb8 aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb aes-192-cfb8 aes-192-ecb aes-192-ofb aes-256-cbc aes-256-cfb aes-256-cfb8 aes-256-ecb aes-256-ofb aes128 aes192 aes256 bf bf-cbc bf-cfb bf-ecb bf-ofb blowfish camellia-128-cbc camellia-128-cfb camellia-128-cfb8 camellia-128-ecb camellia-128-ofb camellia-192-cbc camellia-192-cfb camellia-192-cfb8 camellia-192-ecb camellia-192-ofb camellia-256-cbc camellia-256-cfb camellia-256-cfb8 camellia-256-ecb camellia-256-ofb camellia128 camellia192 camellia256 cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb des des-cbc des-cfb des-cfb8 des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb des3 desx desx-cbc idea idea-cbc idea-cfb idea-ecb idea-ofb rc2 rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc4-40 rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb
Here are some additional ciphers supported by BouncyCastle, but not by OpenSSL:
cast6 gost (aka: gost28147) rc6 seed serpent skipjack tea twofish xtea
Other DownloadsYou can use DES-3 (168 bit keys) without installing the extra policy files.
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6
boolean useBase64 = true; boolean useSalt = false; // Omitting the salt is bad for security! byte[] result = OpenSSL.encrypt(alg, pwd, data, useBase64, useSalt);
PBE example (DES-3): char[] password = {'c','h','a','n','g','e','i','t'}; byte[] data = "Hello World!".getBytes("UTF-8"); // Encrypt! byte[] encrypted = OpenSSL.encrypt("des3", password, data); System.out.println("ENCRYPTED: [" + new String(encrypted, "UTF-8") + "]"); // Decrypt results of previous! data = OpenSSL.decrypt("des3", password, encrypted); System.out.println("DECRYPTED: [" + new String(data, "UTF-8") + "]"); OUTPUT: ====================== ENCRYPTED: [U2FsdGVkX19qplb9qVDVVEYxH8wjJDGpMS+F4/2pS2c=] DECRYPTED: [Hello World!]