How to encrypt and decrypt an object in and from a file in Java

There are times when we need to write something on a file, but doesn't want it to be readable as a plain text. In this case we can use a...

There are times when we need to write something on a file, but doesn't want it to be readable as a plain text. In this case we can use any type of encryption mechanism, but what if we want to decrypt the encrypted file back and read its contents. For example a configuration file, etc.

Let's show some codes as usual:

public class CipherUtils {

 public static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";

 private CipherUtils() {


 public static void encode(Serializable object, String password, String path)
   throws IOException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException,
   IllegalBlockSizeException, InvalidAlgorithmParameterException {
  Cipher cipher = Cipher.getInstance(CIPHER_MODE);
  cipher.init(Cipher.ENCRYPT_MODE, fromStringToAESkey(password), new IvParameterSpec(new byte[16]));

  // read object from file
  SealedObject sealedObject = new SealedObject(object, cipher);
  FileOutputStream fos = new FileOutputStream(path);
  CipherOutputStream cipherOutputStream = new CipherOutputStream(new BufferedOutputStream(fos), cipher);

  ObjectOutputStream outputStream = new ObjectOutputStream(cipherOutputStream);

 public static Serializable decode(String password, String path)
   throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException,
   ClassNotFoundException, IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException {
  Cipher cipher = Cipher.getInstance(CIPHER_MODE);

  // write object to file
  cipher.init(Cipher.DECRYPT_MODE, fromStringToAESkey(password), new IvParameterSpec(new byte[16]));
  CipherInputStream cipherInputStream = new CipherInputStream(new BufferedInputStream(new FileInputStream(path)),

  ObjectInputStream inputStream = new ObjectInputStream(cipherInputStream);
  SealedObject sealedObject = (SealedObject) inputStream.readObject();
  Serializable serializeableObject = (Serializable) sealedObject.getObject(cipher);

  return serializeableObject;

 public static SecretKey fromStringToAESkey(String s) throws UnsupportedEncodingException {
  // 128bit key need 16 byte
  byte[] rawKey = new byte[16];
  // if you don't specify the encoding you might get weird results
  byte[] keyBytes = s.getBytes("UTF-8");
  System.arraycopy(keyBytes, 0, rawKey, 0, keyBytes.length);

  return new SecretKeySpec(rawKey, "AES");

This utility class can encrypt and decrypt any serialize-able object we have.

And here's how we use it:

public class CipherUtilsTest {

 private Person person;

 public void init() {
  person = new Person();

 public void testEncodeDecode() {
  try {
   CipherUtils.encode(person, "shirayuki", "c://temp//cipher");
   Person decodedPerson = (Person) CipherUtils.decode("shirayuki", "c://temp//cipher");
   assertEquals(person.getAge(), decodedPerson.getAge());
   assertEquals(person.getFirstname(), decodedPerson.getFirstname());
   assertEquals(person.getLastname(), decodedPerson.getLastname());
  } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException | IllegalBlockSizeException
    | IOException | ClassNotFoundException | BadPaddingException | InvalidAlgorithmParameterException e) {
   // TODO Auto-generated catch block



java 352347093981356256

Post a Comment