Lightweight way to encrypt/decrypt cookies in java
0
We need to keep some flags in the cookies for a spring MVC application
It will be checked and set in an interceptor for every request. Since we need to make the application stateless we don't want to store anything in the session.
My question is how do we encrypt/decrypt the cookie most efficiently? (As less CPU/time as possible).
Currently with AES encryption it takes around 200ms to encrypt and another similar time to decrypt. This is very high overhead considering we need to do it for every request.
Updated question with AES code taking long time
public static String encrypt(String value) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte encrypted = cipher.doFinal(value.getBytes());
return Base64.encodeBase64String(encrypted);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
public static String decrypt(String encrypted) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte original = cipher.doFinal(Base64.decodeBase64(encrypted));
return new String(original);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
Can anyone suggest standard practices for this kind of requirements?
Thanks in advance.
java spring-mvc encryption cookies
asked Jan 3 at 10:15
Amit TeliAmit Teli
355616
|
show 5 more comments
0
We need to keep some flags in the cookies for a spring MVC application
It will be checked and set in an interceptor for every request. Since we need to make the application stateless we don't want to store anything in the session.
My question is how do we encrypt/decrypt the cookie most efficiently? (As less CPU/time as possible).
Currently with AES encryption it takes around 200ms to encrypt and another similar time to decrypt. This is very high overhead considering we need to do it for every request.
Updated question with AES code taking long time
public static String encrypt(String value) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte encrypted = cipher.doFinal(value.getBytes());
return Base64.encodeBase64String(encrypted);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
public static String decrypt(String encrypted) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte original = cipher.doFinal(Base64.decodeBase64(encrypted));
return new String(original);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
Can anyone suggest standard practices for this kind of requirements?
Thanks in advance.
java spring-mvc encryption cookies
asked Jan 3 at 10:15
Amit TeliAmit Teli
355616
There is a lightweight Cryptography. 64 bit block size and and >=64-bit key sizes. See The Nist doc from archive.org?
– kelalaka
Jan 3 at 10:24
@kelalaka, Thanks, but the website seems to be inactive. But I will search more for lightweight cryptography.
– Amit Teli
Jan 3 at 13:10
try web.archive.org
– kelalaka
Jan 3 at 13:11
For trivial encryption where speed is more important than security, you can always go with the xor cipher: en.wikipedia.org/wiki/XOR_cipher
– mnistic
Jan 3 at 17:25
1
I mean, I get 8 ms per full sized (4KiB) cookie on Java using GCM mode and a random nonce (!). OK, that probably all fits in cache so cache switches will add time. But it is still 25 times (!) faster than your implementation and I'm on a cheap ass (i7 dual core low power) laptop that didn't even think it was prudent to switch on the fan any higher than minimum speed.
– Maarten Bodewes
Jan 5 at 15:54
|
show 5 more comments
0
0
0
We need to keep some flags in the cookies for a spring MVC application
It will be checked and set in an interceptor for every request. Since we need to make the application stateless we don't want to store anything in the session.
My question is how do we encrypt/decrypt the cookie most efficiently? (As less CPU/time as possible).
Currently with AES encryption it takes around 200ms to encrypt and another similar time to decrypt. This is very high overhead considering we need to do it for every request.
Updated question with AES code taking long time
public static String encrypt(String value) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte encrypted = cipher.doFinal(value.getBytes());
return Base64.encodeBase64String(encrypted);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
public static String decrypt(String encrypted) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte original = cipher.doFinal(Base64.decodeBase64(encrypted));
return new String(original);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
Can anyone suggest standard practices for this kind of requirements?
Thanks in advance.
java spring-mvc encryption cookies
asked Jan 3 at 10:15
Amit TeliAmit Teli
355616
We need to keep some flags in the cookies for a spring MVC application
It will be checked and set in an interceptor for every request. Since we need to make the application stateless we don't want to store anything in the session.
My question is how do we encrypt/decrypt the cookie most efficiently? (As less CPU/time as possible).
Currently with AES encryption it takes around 200ms to encrypt and another similar time to decrypt. This is very high overhead considering we need to do it for every request.
Updated question with AES code taking long time
public static String encrypt(String value) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte encrypted = cipher.doFinal(value.getBytes());
return Base64.encodeBase64String(encrypted);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
public static String decrypt(String encrypted) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes("UTF-8"), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte original = cipher.doFinal(Base64.decodeBase64(encrypted));
return new String(original);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
Can anyone suggest standard practices for this kind of requirements?
Thanks in advance.
java spring-mvc encryption cookies
java spring-mvc encryption cookies
asked Jan 3 at 10:15
Amit TeliAmit Teli
355616
asked Jan 3 at 10:15
Amit TeliAmit Teli
355616
edited Jan 7 at 8:13
Amit Teli
asked Jan 3 at 10:15
Amit TeliAmit Teli
355616
asked Jan 3 at 10:15
Amit TeliAmit Teli
355616
asked Jan 3 at 10:15
Amit TeliAmit Teli
355616
355616
There is a lightweight Cryptography. 64 bit block size and and >=64-bit key sizes. See The Nist doc from archive.org?
– kelalaka
Jan 3 at 10:24
@kelalaka, Thanks, but the website seems to be inactive. But I will search more for lightweight cryptography.
– Amit Teli
Jan 3 at 13:10
try web.archive.org
– kelalaka
Jan 3 at 13:11
For trivial encryption where speed is more important than security, you can always go with the xor cipher: en.wikipedia.org/wiki/XOR_cipher
– mnistic
Jan 3 at 17:25
1
I mean, I get 8 ms per full sized (4KiB) cookie on Java using GCM mode and a random nonce (!). OK, that probably all fits in cache so cache switches will add time. But it is still 25 times (!) faster than your implementation and I'm on a cheap ass (i7 dual core low power) laptop that didn't even think it was prudent to switch on the fan any higher than minimum speed.
– Maarten Bodewes
Jan 5 at 15:54
|
show 5 more comments
There is a lightweight Cryptography. 64 bit block size and and >=64-bit key sizes. See The Nist doc from archive.org?
– kelalaka
Jan 3 at 10:24
@kelalaka, Thanks, but the website seems to be inactive. But I will search more for lightweight cryptography.
– Amit Teli
Jan 3 at 13:10
try web.archive.org
– kelalaka
Jan 3 at 13:11
For trivial encryption where speed is more important than security, you can always go with the xor cipher: en.wikipedia.org/wiki/XOR_cipher
– mnistic
Jan 3 at 17:25
1
I mean, I get 8 ms per full sized (4KiB) cookie on Java using GCM mode and a random nonce (!). OK, that probably all fits in cache so cache switches will add time. But it is still 25 times (!) faster than your implementation and I'm on a cheap ass (i7 dual core low power) laptop that didn't even think it was prudent to switch on the fan any higher than minimum speed.
– Maarten Bodewes
Jan 5 at 15:54
There is a lightweight Cryptography. 64 bit block size and and >=64-bit key sizes. See The Nist doc from archive.org?
– kelalaka
Jan 3 at 10:24
There is a lightweight Cryptography. 64 bit block size and and >=64-bit key sizes. See The Nist doc from archive.org?
– kelalaka
Jan 3 at 10:24
@kelalaka, Thanks, but the website seems to be inactive. But I will search more for lightweight cryptography.
– Amit Teli
Jan 3 at 13:10
@kelalaka, Thanks, but the website seems to be inactive. But I will search more for lightweight cryptography.
– Amit Teli
Jan 3 at 13:10
try web.archive.org
– kelalaka
Jan 3 at 13:11
try web.archive.org
– kelalaka
Jan 3 at 13:11
For trivial encryption where speed is more important than security, you can always go with the xor cipher: en.wikipedia.org/wiki/XOR_cipher
– mnistic
Jan 3 at 17:25
For trivial encryption where speed is more important than security, you can always go with the xor cipher: en.wikipedia.org/wiki/XOR_cipher
– mnistic
Jan 3 at 17:25
1
1
I mean, I get 8 ms per full sized (4KiB) cookie on Java using GCM mode and a random nonce (!). OK, that probably all fits in cache so cache switches will add time. But it is still 25 times (!) faster than your implementation and I'm on a cheap ass (i7 dual core low power) laptop that didn't even think it was prudent to switch on the fan any higher than minimum speed.
– Maarten Bodewes
Jan 5 at 15:54
I mean, I get 8 ms per full sized (4KiB) cookie on Java using GCM mode and a random nonce (!). OK, that probably all fits in cache so cache switches will add time. But it is still 25 times (!) faster than your implementation and I'm on a cheap ass (i7 dual core low power) laptop that didn't even think it was prudent to switch on the fan any higher than minimum speed.
– Maarten Bodewes
Jan 5 at 15:54
|
show 5 more comments
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54020228%2flightweight-way-to-encrypt-decrypt-cookies-in-java%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54020228%2flightweight-way-to-encrypt-decrypt-cookies-in-java%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
There is a lightweight Cryptography. 64 bit block size and and >=64-bit key sizes. See The Nist doc from archive.org?
– kelalaka
Jan 3 at 10:24
@kelalaka, Thanks, but the website seems to be inactive. But I will search more for lightweight cryptography.
– Amit Teli
Jan 3 at 13:10
try web.archive.org
– kelalaka
Jan 3 at 13:11
For trivial encryption where speed is more important than security, you can always go with the xor cipher: en.wikipedia.org/wiki/XOR_cipher
– mnistic
Jan 3 at 17:25
1
I mean, I get 8 ms per full sized (4KiB) cookie on Java using GCM mode and a random nonce (!). OK, that probably all fits in cache so cache switches will add time. But it is still 25 times (!) faster than your implementation and I'm on a cheap ass (i7 dual core low power) laptop that didn't even think it was prudent to switch on the fan any higher than minimum speed.
– Maarten Bodewes
Jan 5 at 15:54