Sidebar

In collaboration with Chat GPT, Using Java, what is the recommended AES cipher mode to use today?

0 votes
1.9K views
asked Jan 2, 2023 by rich-c-2789 (16,180 points)
edited Jan 2, 2023 by rich-c-2789

I recently worked on an issue and had to do some research of my own regarding encryption.  Which I created the following three questions to document what I learned in the way that was fullfilling to the way I processed/thought about the sources I read:

Why is ECB cipher mode not recommended for encryption?

What cipher modes are recommended for encryption?

How can I use "AES/GCM/NoPadding" encryption/cipher mode in QIE?

I then saw some interesting references to Chat GPT and thought I would ask it the following question to see if it would provide additional insight or if it could have saved me some time:

Using Java, what is the recommended AES cipher mode to use today?

I'll will share part the response in the answer but first i'll include this hear to make sure I comply with the Sharing & Publication Policy:

The author generated this text in part with GPT-3, OpenAI’s large-scale language-generation model. Upon generating draft language, the author reviewed, edited, and revised the language to their own liking and takes ultimate responsibility for the content of this publication.

I think I will add some supplemental answers to the above KBs based on my conversation with Chat GPT.

1 Answer

0 votes

Intial response from Chat GPT:

The recommended AES cipher mode to use today is the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM). GCM is a block cipher mode of operation that provides both confidentiality and authenticity for the data being encrypted. It is a widely used mode of operation for AES, and it is considered to be very secure.

To use GCM mode in Java, you can use the Cipher class from the javax.crypto package. Here is an example of how to use GCM mode to encrypt and decrypt data in Java:

import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

// Encrypt
byte[] key = ...; // secret key
byte[] iv = ...; // initialization vector
byte[] plaintext = ...; // plaintext to be encrypted

Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag length
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, gcmParameterSpec);
byte[] ciphertext = cipher.doFinal(plaintext);

// Decrypt
byte[] key = ...; // secret key
byte[] iv = ...; // initialization vector
byte[] ciphertext = ...; // ciphertext to be decrypted

Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag length
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, gcmParameterSpec);
byte[] plaintext = cipher.doFinal(ciphertext);

Note that in this example, we are using a 128-bit authentication tag length, but you can use a different tag length if needed. Additionally, it is important to use a strong and unique key for AES encryption, and to use a unique and randomly generated initialization vector (IV) for each encryption operation.

Later, I asked this follow up question (yes it had typos):

Can you turn you first response into a working example the can be executed?

Chat GPT:

Certainly! Here is a complete, runnable example of how to use AES in GCM mode to encrypt and decrypt data in Java:

import javax.crypto.Cipher;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.SecureRandom;

public class AESGCMExample {
    public static void main(String[] args) throws Exception {
        // Generate key and initialization vector (IV)
        SecureRandom secureRandom = new SecureRandom();
        byte[] key = new byte[16]; // 16 bytes = 128 bits
        secureRandom.nextBytes(key);
        byte[] iv = new byte[12]; // 12 bytes = 96 bits
        secureRandom.nextBytes(iv);

        // Encrypt
        byte[] plaintext = "Hello, World!".getBytes();
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag length
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, gcmParameterSpec);
        byte[] ciphertext = cipher.doFinal(plaintext);

        // Decrypt
        cipher = Cipher.getInstance("AES/GCM/NoPadding");
        gcmParameterSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag length
        secretKeySpec = new SecretKeySpec(key, "AES");
        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, gcmParameterSpec);
        byte[] decrypted = cipher.doFinal(ciphertext);

        // Print results
        System.out.println("Plaintext: " + new String(plaintext));
        System.out.println("Ciphertext: " + bytesToHex(ciphertext));
        System.out.println("Decrypted: " + new String(decrypted));
    }

    private static String bytesToHex(byte[] bytes) {
        StringBuilder sb = new StringBuilder();
        for (byte b : bytes) {
            sb.append(String.format("%02x", b));
        }
        return sb.toString();
    }
}

This example generates a random 128-bit key and a random 96-bit IV, and uses them to encrypt and decrypt the message "Hello, World!". The ciphertext and decrypted message are printed to the console.

Note that in this example, we are using a helper function bytesToHex to convert the ciphertext to a hexadecimal string for printing. This is not necessary for the encryption and decryption itself, but it can be useful for debugging or for storing the ciphertext in a human-readable format.

Results after running it:

Plaintext: Hello, World!
Ciphertext: 30fbd1496c089472ecb0e570f21a77ac666fccbb7f72584aca1d2b3899
Decrypted: Hello, World!

My thoughts:

It certainly generated a response that seems to be consistent with my own research.  It also quickly generated code that was syntactically correct.  I like how it added comments in the code to help the reader.  It might be a helpful tool to generate educational content.

See also my initial research documented and these questions and the supplemental answers I added from my conversations with Chat GPT:

Why is ECB cipher mode not recommended for encryption?

What cipher modes are recommended for encryption?

How can I use "AES/GCM/NoPadding" encryption/cipher mode in QIE?

 

answered Jan 2, 2023 by rich-c-2789 (16,180 points)
edited Jan 2, 2023 by rich-c-2789
...