chapter five

5 Advanced Encryption Standard

This chapter covers

Using Advanced Encryption Standard (AES) to protect data confidentiality
Selecting a safe AES operating mode for typical application development needs
Using AES in Galois/Counter Mode to provide confidentiality, integrity, and authenticity

Users expect applications to protect their data and keep it confidential according to the laws where they live. Citizens of the European Union (EU), for example, expect applications to comply with the General Data Protection Regulation (GDPR). Encryption is required in most applications because most countries have laws governing data confidentiality. As a developer, you must be able to use encryption to protect user data.

The Advanced Encryption Standard (AES) is the most widely used technology for ensuring data confidentiality. All public cloud providers, including Amazon, Google, and Microsoft, use AES extensively to secure their APIs and services. Windows, Linux, and macOS use AES for disk encryption. Foundational networking protocols such as Internet Protocol Security (IPsec), Transport Layer Security (TLS), and Secure Shell (SSH) also use AES to deliver security.

5.1 AES overview

5.2 Modes of operation

5.2.1 CBC mode

5.2.2 Authenticated encryption

5.2.3 GCM

5.2.4 Exercises

5.3 Java support for AES

5.3.1 The ACME scenario

5.3.2 Implementing the ACME scenario

5.4 Authenticated Encryption with Associated Data

5.4.1 Exercises

5.5 AES best practices

5.5.1 Selecting the AES key size

5.5.2 Checklist for using AES-GCM correctly in Java

5.5.3 Exercises

5.6 Exercise answers

Summary