Does anyone know what the default Java crypto behavior is for:
SecretKeySpec localSecretKeySpec = new SecretKeySpec(arrayOfByte, \"AES\");
Cipher localCipher = Cipher.getInstance(\"AES\");
Specifically I am looking to understand how those classes generate the IV, as well as what is the default encryption mode when just specifying \"AES\". Thanks.
For Oracle JDK 7 (tested), the default cipher for AES is AES/ECB/PKCS5Padding. The Java Security documentation doesn\'t mention about this though (http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#algspec), have to do some JUnit testing to find out.
Those details are provider specific, and relying on the default mode and padding can be very dangerous. If you are interested in what the values that the default provider currently bundled with Java uses you\'ll have to hunt down the source code for the algorithm in question. For instance, the default values it uses for the RSA algorithm are here. Also, the Java™ Cryptography Architecture (JCA) Reference Guide has quite a bit of information that could answer some of you other questions.
The details are provider specific. The JCA Reference Guide says that:
(Creating a Cipher Object) If no mode or padding is specified, provider-specific default values for the mode and padding scheme are used. For example, the SunJCE provider uses ECB as the default mode, and PKCS5Padding as the default padding scheme for DES, DES-EDE and Blowfish ciphers. This means that in the case of the SunJCE provider: Cipher.getInstance(\"DES\") and Cipher.getInstance(\"DES/ECB/PKCS5Padding\") are equivalent statements.
I would always use the full form (algorithm/mode/padding), not only because I think that leaving out such \"details\" to the implementation is bad practice, but also for achieving a ciphertext that is independent of the chosen provider (one usually encrypts for storage/transmission, then one cannot be sure that the same provider will be used later/on the other end).
It depends on the Providers. Different providers might have different default parameters. This is the link for Java 8.
https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SUNProvider
The javax.crypto.Cipher.getInstance(String transformation) factory
method generates Ciphers using transformations of the form
algorithm/mode/padding. If the mode/padding are omitted, the SunJCE
and SunPKCS11 providers use ECB as the default mode and PKCS5Padding
as the default padding for many symmetric ciphers.
It is recommended to use transformations that fully specify the
algorithm, mode, and padding instead of relying on the defaults.
Note: ECB works well for single blocks of data and can be
parallelized, but generally should not be used for multiple blocks of
data.
Therefore, you should not just use AES but specify the mode and padding. Furthermore, although the getInstance method could have another parameter for the provider, this is not recommended because
applications are tied to specific providers that may not be available
on other Java implementations