Converting Secret Key into a String and Vice Versa

Question

I am generating a key and need to store it in DB  so I convert it into a String  but to get back the key from the String  What are the possible ways of accomplishing this   My code is   SecretKey key   KeyGenerator getInstance  AES   generateKey    String stringKey key toString    System out println stringKey     How can I get the key back from the String

User · Accepted Answer

You can convert the SecretKey to a byte array  byte     then Base64 encode that to a String   To convert back to a SecretKey  Base64 decode the String and use it in a SecretKeySpec to rebuild your original SecretKey   For Java 8  SecretKey to String      create new key SecretKey secretKey   KeyGenerator getInstance  AES   generateKey       get base64 encoded version of the key String encodedKey   Base64 getEncoder   encodeToString secretKey getEncoded       String to SecretKey      decode the base64 encoded string byte   decodedKey   Base64 getDecoder   decode encodedKey      rebuild key using SecretKeySpec SecretKey originalKey   new SecretKeySpec decodedKey  0  decodedKey length   AES         For Java 7 and before  including Android    NOTE I  you can skip the Base64 encoding decoding part and just store the byte   in SQLite   That said  performing Base64 encoding decoding is not an expensive operation and you can store strings in almost any DB without issues   NOTE II  Earlier Java versions do not include a Base64 in one of the java lang or java util packages  It is however possible to use codecs from Apache Commons Codec  Bouncy Castle or Guava   SecretKey to String      CREATE NEW KEY    GET ENCODED VERSION OF KEY  THIS CAN BE STORED IN A DB       SecretKey secretKey      String stringKey       try  secretKey   KeyGenerator getInstance  AES   generateKey         catch  NoSuchAlgorithmException e      LOG YOUR EXCEPTION          if  secretKey    null   stringKey   Base64 encodeToString secretKey getEncoded    Base64 DEFAULT     String to SecretKey      DECODE YOUR BASE64 STRING    REBUILD KEY USING SecretKeySpec      byte   encodedKey       Base64 decode stringKey  Base64 DEFAULT       SecretKey originalKey   new SecretKeySpec encodedKey  0  encodedKey length   AES

User · Answer

You don t want to use  toString      Notice that SecretKey inherits from java security Key  which itself inherits from Serializable  So the key here  no pun intended  is to serialize the key into a ByteArrayOutputStream  get the byte   array and store it into the db  The reverse process would be to get the byte   array off the db  create a ByteArrayInputStream offf the byte   array  and deserialize the SecretKey off it         or even simpler  just use the  getEncoded   method inherited from java security Key  which is a parent interface of SecretKey   This method returns the encoded byte   array off Key SecretKey  which you can store or retrieve from the database   This is all assuming your SecretKey implementation supports encoding  Otherwise  getEncoded   will return null   edit   You should look at the Key SecretKey javadocs  available right at the start of a google page    http   download oracle com javase 6 docs api java security Key html  Or this from CodeRanch  also found with the same google search    http   www coderanch com t 429127 java java Convertion-between-SecretKey-String-or

User · Answer

To show how much fun it is to create some functions that are fail fast I ve written the following 3 functions   One creates an AES key  one encodes it and one decodes it back  These three methods can be used with Java 8  without dependence of internal classes or outside dependencies    public static SecretKey generateAESKey int keysize          throws InvalidParameterException       try           if  Cipher getMaxAllowedKeyLength  AES    lt  keysize                   this may be an issue if unlimited crypto is not installed             throw new InvalidParameterException  Key size of     keysize                         not supported in this runtime                       final KeyGenerator keyGen   KeyGenerator getInstance  AES            keyGen init keysize           return keyGen generateKey          catch  final NoSuchAlgorithmException e               AES functionality is a requirement for any Java SE runtime         throw new IllegalStateException                   AES should always be present in a Java SE runtime   e            public static SecretKey decodeBase64ToAESKey final String encodedKey          throws IllegalArgumentException       try              throws IllegalArgumentException - if src is not in valid Base64            scheme         final byte   keyData   Base64 getDecoder   decode encodedKey           final int keysize   keyData length   Byte SIZE              this should be checked by a SecretKeyFactory  but that doesn t exist for AES         switch  keysize            case 128          case 192          case 256              break          default              throw new IllegalArgumentException  Invalid key size for AES      keysize                      if  Cipher getMaxAllowedKeyLength  AES    lt  keysize                   this may be an issue if unlimited crypto is not installed             throw new IllegalArgumentException  Key size of     keysize                         not supported in this runtime                          throws IllegalArgumentException - if key is empty         final SecretKeySpec aesKey   new SecretKeySpec keyData   AES            return aesKey        catch  final NoSuchAlgorithmException e               AES functionality is a requirement for any Java SE runtime         throw new IllegalStateException                   AES should always be present in a Java SE runtime   e            public static String encodeAESKeyToBase64 final SecretKey aesKey          throws IllegalArgumentException       if   aesKey getAlgorithm   equalsIgnoreCase  AES              throw new IllegalArgumentException  Not an AES key               final byte   keyData   aesKey getEncoded        final String encodedKey   Base64 getEncoder   encodeToString keyData       return encodedKey

User · Answer

try this  it s work without Base64   that is included only in JDK 1 8    this code run also in the previous java version     private static String SK    Secret Key in HEX         To Encrupt  public static String encrypt  String Message   throws Exception       byte   KeyByte   hexStringToByteArray  SK       SecretKey k   new SecretKeySpec KeyByte  0  KeyByte length   DES         Cipher c   Cipher getInstance  DES   SunJCE        c init 1  k       byte mes encrypted     cipher doFinal Message getBytes          String MessageEncrypted   byteArrayToHexString mes encrypted       return MessageEncrypted         To Decrypt  public static String decrypt  String MessageEncrypted  throws Exception       byte   KeyByte   hexStringToByteArray  SK        SecretKey k   new SecretKeySpec KeyByte  0  KeyByte length   DES         Cipher dcr    Cipher getInstance  DES   SunJCE        dc init Cipher DECRYPT MODE  k       byte   MesByte    hexStringToByteArray  MessageEncrypted        byte mes decrypted     dcipher doFinal  MesByte        String MessageDecrypeted   new String mes decrypted        return MessageDecrypeted     public static String byteArrayToHexString byte bytes          StringBuffer hexDump   new StringBuffer        for int i   0  i  lt  bytes length  i         if bytes i   lt  0                   hexDump append getDoubleHexValue Integer toHexString 256 - Math abs bytes i     toUpperCase          else               hexDump append getDoubleHexValue Integer toHexString bytes i    toUpperCase               return hexDump toString          public static byte   hexStringToByteArray String s         int len   s length        byte   data   new byte len   2       for  int i   0  i  lt  len  i    2                   data i   2     byte    Character digit s charAt i   16   lt  lt  4    Character digit s charAt i 1   16              return data

User · Answer

Actually what Luis proposed did not work for me  I had to figure out another way  This is what helped me  Might help you too   Links      getEncoded    https   docs oracle com javase 7 docs api java security Key html   Encoder information  https   docs oracle com javase 8 docs api java util Base64 Encoder html Decoder information  https   docs oracle com javase 8 docs api java util Base64 Decoder html     Code snippets  For encoding   String temp   new String Base64 getEncoder   encode key getEncoded        For decoding   byte   encodedKey   Base64 getDecoder   decode temp   SecretKey originalKey   new SecretKeySpec encodedKey  0  encodedKey length   DES

User · Answer

Converting SecretKeySpec to String and vice-versa   you can use getEncoded   method in SecretKeySpec which will give byteArray  from that you can use encodeToString   to get string value of SecretKeySpec in Base64 object   While converting SecretKeySpec to String  use decode   in Base64 will give byteArray  from that you can create instance for SecretKeySpec with the params as the byteArray to reproduce your SecretKeySpec   String mAesKey string  SecretKeySpec mAesKey  new SecretKeySpec secretKey getEncoded     AES       SecretKeySpec to String      byte   byteaes mAesKey getEncoded        mAesKey string Base64 encodeToString byteaes Base64 NO WRAP      String to SecretKeySpec     byte   aesByte   Base64 decode mAesKey string  Base64 NO WRAP       mAesKey  new SecretKeySpec aesByte   AES

[java] Converting Secret Key into a String and Vice Versa

For Java 8

For Java 7 and before (including Android):

Examples related to java

Examples related to string

Examples related to encryption