Java – Crypto : Encryption with AES/CBC, AES/EBC (Encryption of files)

Hello,
Through several articles, I would like present the cryptographic mechanisms, types of keys, certificate, types of algorithms …etc:

• PRESENTATION : Concepts of Cryptography (concepts, types of keys symmetric/asymmetric, …)
• The principles of SSL
• The principles of Signature and Certificate
• The principles of Hardware Security Module HSM
• Encoding with base64, base64url, rfc-4648
• Encryption with Blowfish (Anonymization)
• Encryption with AES/CBC, AES/EBC (Encryption of files)
• Encryption with PBEWithMD5AndDES (Encryption of files)
• Encryption with RSA (asymmetric keys private and public)
• KeyStore, JCEKS, SecretKey, PrivateKey, PublicKey, Certificate
• Example, Use of SecretKey, PrivateKey, PublicKey, CSV file (CryptoTools, GenericObfuscationFile)

Encryption with AES/CBC, AES/EBC (Encryption of files)
 

1. Presentation
   The AES (Advanced Encryption Standard), created in January 1997, also known as algorithm Rijndael, is a symmetric encryption standard replacing the Data Encryption Standard (DES), which has become too weak in the face of current attacks. It is currently the most used and the safest.
   
   This algorithm has the following specifications:
   • The AES is a standard, therefore free to use, without restriction of use or patent
   • The AES is symmetric type algorithm with secret key
   • The AES is block encryption algorithm,
   • The AES supports different combinations of [key length] – [block length]: 128-128, 192-128 and 256-128 bits (in fact, Rijndael also supports variable block sizes, but this is not retained in the standard)

    
   In decimal terms, these different possible sizes concretely mean that:

   • 3.4 x 1038 possible 128-bit keys
   • 6.2 x 1057 possible 192-bit keys
   • 1.1 x 1077 possible 256-bit keys

    
   There are online encryption Tools like http://aesencryption.net/ whici is a web tool to encrypt and decrypt text using AES encryption algorithm. The tool is free, without registration.
    

2. AES/CBC and AES/EBC
   What are the differences between ECB qnd CBC modes of AES algorithm? Which mode ECB of CBC is better? how to decide which mode to use? Are there any other modes which are better?

   ECB (electronic code book) is basically raw cipher. Each block of plaintext is encrypted independently of others blocks. The problem with this transform is that any resident properties of the plaintext might well show up in the ciphertext – possibly not as clearly – that’s what blocks and key schedules are supposed to protect againt, but analyzing the patterns, it is possible to deduce properties that were hidden.
    
   – With ECB, it is possible to manage a partial decryption and easily fill in the blanks, for example if extracting data from an encrypted hard disk.
   – ECB naturally supports operation in parallel since each block can be encrypted independently of the next
    
    

   CBC (cipher block chaining) needs an initialization vector used with a XOR operator on the first block of plaintext. After the encryption of this first block of plaintext, the next block of plaintext is xor’d against the previous encrypted block.
   
    
   – With CBC, if a few blocks in the sequence are missing then encryption becomes impossible.
   – CBC doesn’t supports operation in parallel, since it is necessary to wait on each block.
   – CBC can also be considered vulnerable in the use of predictable IVs.
   – CBC is not suitable for transport protocols.

    
   Others AES encryption mode (CBC ECB CTR OCB CFB)?
   See http://stackoverflow.com/questions/1220751/how-to-choose-an-aes-encryption-mode-cbc-ecb-ctr-ocb-cfb
   – CBC, OFB and CFB are similar, however OFB/CFB is better because you only need encryption and not decryption, which can save code space.
   – CTR is used if you want good parallelization (ie. speed), instead of CBC/OFB/CFB.
   – XTS mode is the most common if you are encoding a random accessible data (like a hard disk or RAM).
   – OCB is by far the best mode, as it allows encryption and authentication in a single pass. However there are patents on it in USA.

    

3. Tools
   As described in the post http://www.javablog.fr/javacrypto-encryption-list-providers-and-algo.html, we could find the available algorithm, tools (cipher, generator) in each reachable provider. In our case, we use the SunJCE Provider which is enough (http://javasearch.developpez.com/sun/j2se/1.6.0/technotes/guides/security/SunProviders.html#SunJCEProvider)
   The following algorithms are available in the SunJCE provider:
   
[4] SunJCE v1.6: SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)
- AlgorithmParameters.AES -> com.sun.crypto.provider.AESParameters
aliases: [Rijndael]
- Cipher.AES -> com.sun.crypto.provider.AESCipher
aliases: [Rijndael]
attributes: {SupportedKeyFormats=RAW, SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128}
- Cipher.AESWrap -> com.sun.crypto.provider.AESWrapCipher
attributes: {SupportedKeyFormats=RAW, SupportedPaddings=NOPADDING, SupportedModes=ECB}
- KeyGenerator.AES -> com.sun.crypto.provider.AESKeyGenerator
aliases: [Rijndael]

    
4. Example 1 : Encryption with “AES/ECB/PKCS5Padding” ALGO on 128bits
   Details:
   – 128 bit-keys
   – No initialization vector
   – 3 solutions to generated the secret key :
   • Solution 1 : Key randomly generated in bytes format. Secret key on 16 characters : random string whose length is the number of characters specified.
     view source

     print?

     1	//new byte[] { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

     2	byte[] keyValue = RandomStringUtils.randomAscii(16).getBytes("UTF-8");

     3	return keyValue;

   • Solution 2 : AES key generated using KeyGenerator Initialize the keysize to 128 bits (16 bytes)
     view source

     print?

     1	KeyGenerator keyGen = KeyGenerator.getInstance("AES");

     2	keyGen.init(128);

     3	SecretKey secretKey = keyGen.generateKey();

     4	return secretKey.getEncoded();

   • Solution 3 : Wrapped AES key : Generate an AES key using KeyGenerator Initialize the keysize to 128 bits (16 bytes) and wrapped in a AES key generated using KeyGenerator with a keysize of 256 bits.
     For this solution, we need the BouncyCastleProvider provider:
     [9] BC v1.47: BouncyCastle Security Provider v1.47
...
- KeyGenerator.2.16.840.1.101.3.4.1.41 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.1.42 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.1.43 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.1.44 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.1.45 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.42 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
     http://www.java2s.com/Tutorial/Java/0490__Security/AESKeygenerator.htm
     About the wrapped key : http://flylib.com/books/en/1.274.1.29/1/
     view source

     print?

     01	Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

     02

     03	// Key to be wrapped

     04	KeyGenerator generatorAES128ToBeWrapped = KeyGenerator.getInstance("AES", "BC"); // BC = BouncyCastle provider

     05	generatorAES128ToBeWrapped.init(128);

     06	Key keyToBeWrapped = generatorAES128ToBeWrapped.generateKey();

     07	System.out.println("input key to be wrapped : " + new String(keyToBeWrapped.getEncoded()));

     08

     09	// Key wrapper

     10	KeyGenerator generatorAES256Wrapper = KeyGenerator.getInstance("AES", "BC"); // BC = BouncyCastle provider

     11	generatorAES256Wrapper.init(256);

     12	Key wrapperKey = generatorAES256Wrapper.generateKey();

     13	System.out.println("wrapper key : " + new String(wrapperKey.getEncoded()));

     14

     15

     // Cipher

     16	Cipher cipher = Cipher.getInstance("AESWrap", "BC");

     17	cipher.init(Cipher.WRAP_MODE, wrapperKey);

     18	byte[] wrappedKey = cipher.wrap(keyToBeWrapped);

     19	System.out.println("wrapped key value : " + new String(wrappedKey));

     20

     //

     21	cipher.init(Cipher.UNWRAP_MODE, wrapperKey);

     22	Key unWrappedKey = cipher.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);

     23	System.out.println("unwrapped key value : " + new String(unWrappedKey.getEncoded()));

     24

     25	return unWrappedKey.getEncoded();

   … Encryption/ciphering code :

   view source

   print?

   01

   /**

   02	* Encrypt PDF file

   03	* @param keyValue : secret key

   04	* @param data

   05

   * @return

   06	* @throws Exception

   07

   */

   08	public static byte[] encrypt(byte[] keyValue, byte[] data) throws Exception {

   09	SecretKeySpec keyspec = new SecretKeySpec(keyValue, "AES");

   10	Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding");

   11	c.init(Cipher.ENCRYPT_MODE, keyspec);

   12	byte[] encVal = c.doFinal(data);

   13	return encVal;

   14

   }

   … Decryption/deciphering code :

   view source

   print?

   01

   /**

   02	* Decrypt PDF file

   03	* @param keyValue : secret key

   04	* @param data

   05

   * @return

   06	* @throws Exception

   07

   */

   08	public static byte[] decrypt(byte[] keyValue, byte[] encryptedData) throws Exception {

   09	SecretKeySpec keyspec = new SecretKeySpec(keyValue, "AES");

   10	Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding");

   11	c.init(Cipher.DECRYPT_MODE, keyspec);

   12	byte[] decValue = c.doFinal(encryptedData);

   13	return decValue;

   14

   }

   …here the class/method tests:

   view source

   print?

   01

   /**

   02	* Class Test of EncryptionAesEcbPkcs5Padding

   03	* @author Huseyin OZVEREN

   04

   */

   05	public class EncryptionAesEcbPkcs5PaddingTest {

   06

   07	public static void main(String[] args) {

   08

   try{

   09	byte[] keyValue = EncryptionAesEcbPkcs5Padding.generateSecretKey(EncryptionAesEcbPkcs5Padding.INTERNAL_KEY_GENERATION_MODE.GENERATED_WRAPPED_KEY);

   10	System.out.println("Generation of secret key : "+new String(keyValue));

   11	aEncryptFile(keyValue);

   12	bDecryptFile(keyValue);

   13	}catch(Throwable th){

   14	th.printStackTrace();

   15

   }

   16

   }

   17

   18

   /**

   19	* Encrypt PDF file

   20	* @param keyValue : secret key

   21	* @throws Exception

   22

   */

   23	public static void aEncryptFile(byte[] keyValue) throws Exception {

   24

   try {

   25	File sourceFile = new File(System.getProperty("user.dir") + "/resources/pdf_with_text.pdf");

   26	System.out.println("Size of source file (to encrypt): " + sourceFile.length());

   27	byte[] content = Files.readAllBytes(sourceFile.toPath());

   28	byte[] encryptContent = EncryptionAesEcbPkcs5Padding.encrypt(keyValue, content);

   29	File targetFile = new File(System.getProperty("user.dir") + "/resources/pdf_with_text_encrypted_aes_ecb.pdf");

   30	if(targetFile.exists()){

   31	targetFile.delete();

   32

   }

   33	Files.write(targetFile.toPath(), encryptContent, StandardOpenOption.CREATE_NEW);

   34	System.out.println("Size of encrypted file : " + targetFile.length());

   35	} catch (Exception e) {

   36	e.printStackTrace();

   37

   }

   38

   }

   39

   40

   41

   /**

   42	* Decrypt PDF file

   43	* @param keyValue : secret key

   44	* @throws Exception

   45

   */

   46	public static void bDecryptFile(byte[] keyValue) throws Exception {

   47

   try {

   48	byte[] encryptContent = Files.readAllBytes(new File(System.getProperty("user.dir") + "/resources/pdf_with_text_encrypted_aes_ecb.pdf").toPath());

   49	System.out.println("Size of encrypted file (to decrypt): " + encryptContent.length);

   50	byte[] decryptContent = EncryptionAesEcbPkcs5Padding.decrypt(keyValue, encryptContent);

   51	File targetFile = new File(System.getProperty("user.dir") + "/resources/pdf_with_text_decrypted_aes_ecb.pdf");

   52	if(targetFile.exists()){

   53	targetFile.delete();

   54

   }

   55	Files.write(targetFile.toPath(), decryptContent, StandardOpenOption.CREATE_NEW);

   56	System.out.println("Size of decrypted file : " + targetFile.length());

   57	} catch (Exception e) {

   58	e.printStackTrace();

   59

   }

   60

   61

   }

   62

   }

   …here the outputs:
   
input key to be wrapped : ñ'Yn??|Á§HìŠqî
wrapper key : ÓÌÔLKGÄX\tíÕÛ´éB2-ìW7΋«ˆà‚w
wrapped key value : ¼te ¶4©%¸NU¢Åç­«–À<›ª unwrapped key value : ñ'Yn??|Á§HìŠqî Generation of secret key : ñ'Yn??|Á§HìŠqî Size of source file (to encrypt): 882 Size of encrypted file : 896 Size of encrypted file (to decrypt): 896 Size of decrypted file : 882
   Notes:
   - the source key (to be wrapped) is equal to the value of unwrapped key;
   - the source file "/resources/pdf_with_text.pdf" and the file resulting of encryption/decryption "/resources/pdf_with_text_decrypted_aes_ecb.pdf" are equals.

    

5. Example 2 : Encryption with "AES/CBC/PKCS5Padding" ALGO on 128bits with Initialization vector
   Details:
   - 128 bit-keys
   - With initialization vector on 16 bytes
   - Encryption by data block : the data N+1 are encrypted on the basis of data encrypted N
   - 3 solutions to generated the secret key :
   • Solution 1 : Key randomly generated in bytes format. Secret key on 16 characters : random string whose length is the number of characters specified.
     view source

     print?

     1	//new byte[] { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

     2	byte[] keyValue = RandomStringUtils.randomAscii(16).getBytes("UTF-8");

     3	return keyValue;

   • Solution 2 : AES key generated using KeyGenerator Initialize the keysize to 128 bits (16 bytes)
     view source

     print?

     1	KeyGenerator keyGen = KeyGenerator.getInstance("AES");

     2	keyGen.init(128);

     3	SecretKey secretKey = keyGen.generateKey();

     4	return secretKey.getEncoded();

   • Solution 3 : Wrapped AES key : Generate an AES key using KeyGenerator Initialize the keysize to 128 bits (16 bytes) and wrapped in a AES key generated using KeyGenerator with a keysize of 256 bits.
     For this solution, we need the BouncyCastleProvider provider:
     [9] BC v1.47: BouncyCastle Security Provider v1.47
...
- KeyGenerator.2.16.840.1.101.3.4.1.41 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.1.42 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.1.43 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.1.44 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.1.45 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
- KeyGenerator.2.16.840.1.101.3.4.42 -> org.bouncycastle.jcajce.provider.symmetric.AES$KeyGen256
     http://www.java2s.com/Tutorial/Java/0490__Security/AESKeygenerator.htm
     About the wrapped key : http://flylib.com/books/en/1.274.1.29/1/
     view source

     print?

     01	Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

     02

     03	// Key to be wrapped

     04	KeyGenerator generatorAES128ToBeWrapped = KeyGenerator.getInstance("AES", "BC"); // BC = BouncyCastle provider

     05	generatorAES128ToBeWrapped.init(128);

     06	Key keyToBeWrapped = generatorAES128ToBeWrapped.generateKey();

     07	System.out.println("input key to be wrapped : " + new String(keyToBeWrapped.getEncoded()));

     08

     09	// Key wrapper

     10	KeyGenerator generatorAES256Wrapper = KeyGenerator.getInstance("AES", "BC"); // BC = BouncyCastle provider

     11	generatorAES256Wrapper.init(256);

     12	Key wrapperKey = generatorAES256Wrapper.generateKey();

     13	System.out.println("wrapper key : " + new String(wrapperKey.getEncoded()));

     14

     15

     // Cipher

     16	Cipher cipher = Cipher.getInstance("AESWrap", "BC");

     17	cipher.init(Cipher.WRAP_MODE, wrapperKey);

     18	byte[] wrappedKey = cipher.wrap(keyToBeWrapped);

     19	System.out.println("wrapped key value : " + new String(wrappedKey));

     20

     //

     21	cipher.init(Cipher.UNWRAP_MODE, wrapperKey);

     22	Key unWrappedKey = cipher.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);

     23	System.out.println("unwrapped key value : " + new String(unWrappedKey.getEncoded()));

     24

     25	return unWrappedKey.getEncoded();

   - Creation of the Initialization Vector (IV) via a Secure Random Number Generator and an empty 16byte array (Filling of array).

   view source

   print?

   01	public static IvParameterSpec generateIV() throws Exception {

   02	byte[] ivValue = null;

   03	//ivValue = new byte[] { '5', 'G', 'X', 'c', 'b', 'a', '9', '8', '7', '6', '5', '4', '3', '2', '1', '0' };

   04	//ivValue = "HuO12OZ45JAvaLuX".getBytes(UNICODE_FORMAT);

   05

   {

   06	SecureRandom r = new SecureRandom();

   07	byte[] newSeed = r.generateSeed(16);

   08	r.setSeed(newSeed);

   09	ivValue = new byte[16];

   10	r.nextBytes(ivValue);

   11

   }

   12	return new IvParameterSpec(ivValue);

   13

   }

   ... Encryption/ciphering code :

   view source

   print?

   01

   /**

   02	* Encrypt PDF file

   03	* @param keyValue : secret key

   04	* @param iv : Initialization vector

   05	* @param data

   06

   * @return

   07	* @throws Exception

   08

   */

   09	public static byte[] encrypt(byte[] keyValue, IvParameterSpec IV, byte[] data) throws Exception {

   10	SecretKeySpec keyspec = new SecretKeySpec(keyValue, "AES");

   11	Cipher c = Cipher.getInstance(ALGORITHM);

   12	c.init(Cipher.ENCRYPT_MODE, keyspec, IV);

   13	byte[] encVal = c.doFinal(data);

   14	return encVal;

   15

   }

   ... Decryption/deciphering code :

   view source

   print?

   01

   /**

   02	* Decrypt PDF file

   03	* @param keyValue : secret key

   04	* @param iv : Initialization vector

   05	* @param data

   06

   * @return

   07	* @throws Exception

   08

   */

   09	public static byte[] decrypt(byte[] keyValue, IvParameterSpec IV, byte[] encryptedData) throws Exception {

   10	SecretKeySpec keyspec = new SecretKeySpec(keyValue, "AES");

   11	Cipher c = Cipher.getInstance(ALGORITHM);

   12	c.init(Cipher.DECRYPT_MODE, keyspec, IV);

   13	byte[] decValue = c.doFinal(encryptedData);

   14	return decValue;

   15

   }

   ...here the class/method tests:

   view source

   print?

   01

   /**

   02	* Class Test of EncryptionAesCbcPkcs5Padding

   03	* @author Huseyin OZVEREN

   04

   */

   05	public class EncryptionAesCbcPkcs5PaddingTest {

   06

   07	public static void main(String[] args) {

   08

   try{

   09	byte[] keyValue = EncryptionAesCbcPkcs5Padding.generateSecretKey(EncryptionAesCbcPkcs5Padding.INTERNAL_KEY_GENERATION_MODE.GENERATED_WRAPPED_KEY);

   10	System.out.println("Generation of secret key : "+new String(keyValue));

   11	IvParameterSpec iv = EncryptionAesCbcPkcs5Padding.generateIV();

   12	System.out.println("Initialization vector used : "+new String(iv.getIV()));

   13	aEncryptFile(keyValue, iv);

   14	bDecryptFile(keyValue, iv);

   15	}catch(Throwable th){

   16	th.printStackTrace();

   17

   }

   18

   }

   19

   20

   /**

   21	* Encrypt PDF file

   22	* @param iv : Initialization vector

   23	* @throws Exception

   24

   */

   25	public static void aEncryptFile(byte[] keyValue, IvParameterSpec iv) throws Exception {

   26

   try {

   27	File sourceFile = new File(System.getProperty("user.dir") + "/resources/pdf_with_text.pdf");

   28	System.out.println("Size of source file (to encrypt): " + sourceFile.length());

   29	byte[] content = Files.readAllBytes(sourceFile.toPath());

   30	byte[] encryptContent = EncryptionAesCbcPkcs5Padding.encrypt(keyValue, iv, content);

   31	File targetFile = new File(System.getProperty("user.dir") + "/resources/pdf_with_text_encrypted_aes_cbc.pdf");

   32	if(targetFile.exists()){

   33	targetFile.delete();

   34

   }

   35	Files.write(targetFile.toPath(), encryptContent, StandardOpenOption.CREATE_NEW);

   36	System.out.println("Size of encrypted file : " + targetFile.length());

   37	} catch (Exception e) {

   38	e.printStackTrace();

   39

   }

   40

   }

   41

   42

   43

   /**

   44	* Decrypt PDF file

   45	* @param keyValue : secret key

   46	* @param iv : Initialization vector

   47	* @throws Exception

   48

   */

   49	public static void bDecryptFile(byte[] keyValue, IvParameterSpec iv) throws Exception {

   50

   try {

   51	byte[] encryptContent = Files.readAllBytes(new File(System.getProperty("user.dir") + "/resources/pdf_with_text_encrypted_aes_cbc.pdf").toPath());

   52	System.out.println("Size of encrypted file (to decrypt): " + encryptContent.length);

   53	byte[] decryptContent = EncryptionAesCbcPkcs5Padding.decrypt(keyValue, iv, encryptContent);

   54	File targetFile = new File(System.getProperty("user.dir") + "/resources/pdf_with_text_decrypted_aes_cbc.pdf");

   55	if(targetFile.exists()){

   56	targetFile.delete();

   57

   }

   58	Files.write(targetFile.toPath(), decryptContent, StandardOpenOption.CREATE_NEW);

   59	System.out.println("Size of decrypted file : " + targetFile.length());

   60	} catch (Exception e) {

   61	e.printStackTrace();

   62

   }

   63

   64

   }

   65

   }

   ...here the outputs:
   
input key to be wrapped : ëÙÀÓÔtT¬óÖNù~ÿÿ
wrapper key : ’8Ü%LÆÙ”L«w»j#\%%u„@ÆQQ>åÝ„E+‡ÿ¥
wrapped key value : Sõ|õƒéÌW1ëW@lËs}t¼¦ÕÇ
unwrapped key value : ëÙÀÓÔtT¬óÖNù~ÿÿ
Generation of secret key : ëÙÀÓÔtT¬óÖNù~ÿÿ
Initialization vector used : ÍLêm÷j{;™ù
Size of source file (to encrypt): 882
Size of encrypted file : 896
Size of encrypted file (to decrypt): 896
Size of decrypted file : 882

   Notes:
   - the source key (to be wrapped) is equal to the value of unwrapped key;
   - the source file "/resources/pdf_with_text.pdf" and the file resulting of encryption/decryption "/resources/pdf_with_text_decrypted_aes_cbc.pdf" are equals.

    

6. Example 3 : Encryption of PDF file stored in a GED
   Details:
   - Encryption with "AES/CBC/PKCS5Padding" ALGO on 128bits,
   - With initialization vector on 16 bytes
   - Encryption by data block : the data N+1 are encrypted on the basis of data encrypted N
   - The 16-byte initialization vector is available in the BACKEND (server) and on the FRONTEND (user station) via a keystore or in the hard-coded source code.
   - A secret key generated specifically for each document on the BACKEND and sent to the user station at the "same" time as the encrypted data.
   - The exchanges between BACKEND and FRONTEND can be done via an SSL tunnel.
   - The generated / specific secret key may also be encoded in Base64.
    

Sources : aes.zip

That's all!!!

Huseyin OZVEREN