package javaxt.encryption;

import java.security.AlgorithmParameters;

import javax.crypto.*;

import java.security.spec.*;

import javax.crypto.spec.*;

//******************************************************************************

//** AES-256

//******************************************************************************

/**

* Provides static methods used to encrypt and decrypt strings using AES 256

* bit encryption.

*

* @credit http://stackoverflow.com/a/992413/

*

******************************************************************************/

public class AES256 {

private static String err = "Please install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.";

private AES256(){}

//**************************************************************************

//** encrypt

//**************************************************************************

/** Used to encrypt a block of text. Throws an java.security.InvalidKeyException

* if the JRE/JDK is missing the Java Cryptography Extension (JCE) unlimited

* strength jurisdiction policy files.

*/

public static byte[] encrypt(String text, String password) throws Exception {

try{

java.security.SecureRandom rand = new java.security.SecureRandom();

byte[] salt = new byte[32];

rand.nextBytes(salt);

SecretKey secret = getSecretKey(password, salt);

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

cipher.init(Cipher.ENCRYPT_MODE, secret);

AlgorithmParameters params = cipher.getParameters();

byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();

byte[] b = cipher.doFinal(text.getBytes("UTF-8"));

byte[] ret = new byte[salt.length + iv.length + b.length];

System.arraycopy(salt, 0, ret, 0, salt.length);

System.arraycopy(iv, 0, ret, salt.length, iv.length);

System.arraycopy(b, 0, ret, salt.length+iv.length, b.length);

return ret;

}

catch(java.security.InvalidKeyException e){

if (e.getMessage().equals("Illegal key size")){

throw new java.security.InvalidKeyException(err);

}

else{

throw e;

}

}

}

//**************************************************************************

//** decrypt

//**************************************************************************

/** Used to decrypt a byte array generated from the encrypt() method. Throws

* an java.security.InvalidKeyException if the JRE/JDK is missing the Java

* Cryptography Extension (JCE) unlimited strength jurisdiction policy files.

*/

public static String decrypt(byte[] bytes, String password) throws Exception {

try{

byte[] salt = new byte[32];

byte[] iv = new byte[16];

byte[] b = new byte[bytes.length-salt.length-iv.length];

System.arraycopy(bytes, 0, salt, 0, salt.length);

System.arraycopy(bytes, 32, iv, 0, iv.length);

System.arraycopy(bytes, 32+16, b, 0, b.length);

SecretKey secret = getSecretKey(password, salt);

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");

cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));

return new String(cipher.doFinal(b), "UTF-8");

}

catch(java.security.InvalidKeyException e){

if (e.getMessage().equals("Illegal key size")){

throw new java.security.InvalidKeyException(err);

}

else{

throw e;

}

}

}

//**************************************************************************

//** getSecretKey

//**************************************************************************

private static SecretKey getSecretKey(String password, byte[] salt) throws

java.security.NoSuchAlgorithmException, java.security.spec.InvalidKeySpecException, java.io.UnsupportedEncodingException {

SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");

KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 256);

SecretKey tmp = factory.generateSecret(spec);

return new SecretKeySpec(tmp.getEncoded(), "AES");

}

}