All geek questions in one place

Advice on the effectiveness of file encryption in Java

I am doing some file encryption work. I can encrypt / decrypt files, but faced with a serious performance problem. When I just read / write a 700 MB video file, my code runs at about 27-28 MB / s. But when I do the encryption (I am currently using PBEWithMD5AndDES, which I will change later), the code shows a speed of 9 MB / s. Please advise where I can improve.

Code snippet:

int c = 0, BUF_SIZE = 8192; byte[] b = new byte[BUF_SIZE]; FileInputStream fis; DataInputStream dis; FileOutputStream fos; DataOutputStream dos; CipherOutputStream cos; try { // Create PBE parameter set pbeParamSpec = new PBEParameterSpec(salt, iterationCount); // Create PBE Cipher Cipher pbeCipher = Cipher.getInstance(algorithm); // get key key = generateKeyFromPassword(password); // Initialize PBE Cipher with key and parameters pbeCipher.init(Cipher.ENCRYPT_MODE, key, pbeParamSpec); fis = new FileInputStream(inFile); dis = new DataInputStream(fis); fos = new FileOutputStream(outFile); dos = new DataOutputStream(fos); cos = new CipherOutputStream(fos, pbeCipher); while ((c = dis.read(b)) > 0) { cos.write(b); //dos.write(b); } fis.close(); dis.close(); //dos.close(); cos.close(); } catch (Exception e) { e.printStackTrace(); }

Statistics without encryption:
The speed is about 27.97 MB / s
Exact time = 25.02 sec.
File size = 700 MB

Encrypted statistics:
The speed is about 9.69 MB / s
Exact time = 72.171 seconds
File size = 700 MB

+6
source share
4 answers

First: if at all possible, do not do it yourself. Encryption is very (very!) Easy to mess up in ways that make the results unsafe. If at all possible, use an external component or library to do as much of the encryption work as possible.

Secondly, if you do it yourself, as of now, do not use DES. DES is no longer a strong enough cipher. Triple-DES is fine, but what you really want to use is AES. He believed that during its development reliable modern processors were taken into account, you get a choice of key lengths to balance security from performance, and modern processors have hardware acceleration for AES (AES-NI). (I donโ€™t know if Java uses this, but if it is not, it can certainly start in the future, while the chances for Triple-DES are zero.)

Third, you read and write bytes at a time. Despite the fact that in any case, encryption will be intensively loaded into the CPU, doing it the way you are now will be slower than necessary. Reading and writing with byte[] 4 kB or so should have much better performance.

+4
source

Try wrapping the input stream with a buffered starter input stream. Also check out the link to compare the performance of various algorithms in java. AES will really give a much faster result than DES.

+2
source

Encryption is just intense. Perhaps you can find a more efficient implementation and shave off a couple of percent of the execution time or use a dedicated hardware engine and get better performance for quite a lot of dollars.

The first thing I could guarantee is that your application can handle the fact that it will take some time. This means cryptographic operations in the background, content preparation before use and similar design considerations.

0
source

Have you tried BouncyCastle as an alternative? Wherever I saw Java cryptography, it was used instead of the built-in APIs.

0
source

Source: https://habr.com/ru/post/907147/

More articles:


All Articles