Comparison of AES cipher modes: (Block size 128 bits, Key size 128, 192 or 256 bits)
| Property | ECB | CBC | CFB | OFB | CTR | GCM | EAX |
|---|---|---|---|---|---|---|---|
| Multi-block Semantic Security | ❌ | ✅ † | ✅ † | ✅ † | ✅ ‡ | ✅ ‡ | ✅ ‡ |
| No Padding Needed. Is a stream * | ❌ | ❌ | ✅ | ✅ | ✅ | ✅ | |
| Parallel Encrypt | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | |
| Parallel Decrypt | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ | |
| AEAD | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
* Stream because plaintext block is not input to the Encrypt/Decrypt block function. Hence padding of plaintext to match blocksize is not needed. Plaintext is XOR'ed to the output of the Encrypt/Decrypt block function. So output of the E/D block functions can be thought of as a stream cipher.
† When used with randomly chosen IV
‡ When used with one-time chosen nonce
JCA/JCE Documentation:
JAVA8 https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html
JAVA9 https://docs.oracle.com/javase/9/security/java-cryptography-architecture-jca-reference-guide.htm
JSSE Documentation:
JAVA8 https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html
JAVA9 https://docs.oracle.com/javase/9/security/java-secure-socket-extension-jsse-reference-guide.htm
TODO: Add documentation of how to use JSSE and JCE in combination for various cases eg using non-default TrustManager that are:
- Blind/naive/pass-thru, for accepting self-signed certificates,
- Use custom truststores, eg a custom certca,
- Use conditional hierarchy of default keystore, custom keystore or blind, as required.