5 Advanced Encryption Standard

This chapter covers

Using Advanced Encryption Standard (AES) to protect data confidentiality
Selecting a safe AES operating mode for typical application development needs
Using AES in Galois Counter Mode (GCM) to provide data integrity, authenticity, and confidentiality

Users expect applications to protect their data and keep it confidential according to the laws where they live. For example, European Union (EU) citizens expect applications to comply with the General Data Protection Regulation (GDPR) law. Encryption is needed in most applications because most countries have laws governing data confidentiality, as a developer you must be able to use encryption to protect user data.

The Advanced Encryption Standard (AES) is the most widely used technology for ensuring data confidentiality. All the public cloud providers including Amazon, Google and Microsoft use the Advanced Encryption Standard (AES) extensively to secure their APIs and services. Windows, Linux, and MacOS use AES for disk encryption. Foundational networking protocols such as Internet Protocol Security (IPsec), Transport Layer Security (TLS), Secure Shell (SSH) protocol, all leverage AES to deliver security.

5.1 ACME Inc. Scenario

5.2 Advanced Encryption Standard Overview

5.3 Mode of operation

5.3.1 Cipher Block Chaining (CBC) mode

5.3.2 Authenticated encryption

5.3.3 Galois Counter Mode (GCM)

5.4 Java Support for AES

5.4.1 Implementing the ACME Inc. Scenario

5.5 Authenticated Encryption with Associated Data (AEAD)

5.6 Data encryption and compression

5.7 AES Best Practices

5.7.1 Selecting the AES key size

5.7.2 Checklist for using AES-GCM correctly in Java

5.8 The problem with shared secrets

5.9 Exercises

5.10 Summary