我正在修改Java程序以解密由OpenSSL加密的密码。现在我收到以下异常
Exception in thread "main" javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:991)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
at javax.crypto.Cipher.doFinal(Cipher.java:2222)
at test.TestAesDecrypt.main(TestAesDecrypt.java:107)
在通过各种链接时,可以理解这是由于生成的密钥不同所致。 OpenSSL和程序中使用的密钥和iv不同。这些是由OpenSSL和程序在内部生成的。
如果我对OpenSSL密钥进行了硬编码并通过iv进行编程,则解密有效。
要加密的密码是helloworld!
密码为TIKpasskey001002。 原始程序来自here。
我该如何解决?
C:\WINDOWS\system32>C:\OpenSSL-Win64\bin\openssl.exe aes-256-cbc -salt -in D:\Misc\tryouts\encryption3\password.txt -out D:\Misc\tryouts\encryption3\enpassfile.encr -pass file:D:\Misc\tryouts\encryption3\passkeyfile.txt -p
salt=E68886B9E9C2ACD8
key=5F9A0BAF409AF8F9B9FECA9008508A91CEEE86B3A334EC6E00D08A7A8B8372C5
iv =FF3EC566671077A5CC7F0695F8CC590B
C:\WINDOWS\system32>C:\OpenSSL-Win64\bin\openssl.exe aes-256-cbc -d -salt -in D:\Misc\tryouts\encryption3\enpassfile.encr -out D:\Misc\tryouts\encryption3\decpassfile.dcr -pass file:D:\Misc\tryouts\encryption3\passkeyfile.txt -p
salt=E68886B9E9C2ACD8
key=5F9A0BAF409AF8F9B9FECA9008508A91CEEE86B3A334EC6E00D08A7A8B8372C5
iv =FF3EC566671077A5CC7F0695F8CC590B
Values from Java Program:
Values from Java Program:
Encrypted cipher: 53616C7465645F5FE68886B9E9C2ACD84CB17D3CA8FEFC54E189766B97E815BD
Encrypted cipher via Apache Commons Hex: 53616c7465645f5fe68886b9e9c2acd84cb17d3ca8fefc54e189766b97e815bd
Pass Key: 54494B706173736B6579303031303032
Pass Key: TIKpasskey001002
keyValue: 6F16A5F5DA36A6A479CEBFAB6A8258D490A0A3994D204AC1AFD338AF7B4D4306
keyValue via Apache Commons Hex: 6f16a5f5da36a6a479cebfab6a8258d490a0a3994d204ac1afd338af7b4d4306
IV: E19C6128D0851D09F7E01F34061C88E3
IV via Apache Commons Hex: e19c6128d0851d09f7e01f34061c88e3
程序是
import java.io.File;
import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.MessageDigest;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
public class TestAesDecrypt {
private final static char[] hexArray = "0123456789ABCDEF".toCharArray();
public static String bytesToHex(byte[] bytes) {
char[] hexChars = new char[bytes.length * 2];
for (int j = 0; j < bytes.length; j++) {
int v = bytes[j] & 0xFF;
hexChars[j * 2] = hexArray[v >>> 4];
hexChars[j * 2 + 1] = hexArray[v & 0x0F];
}
return new String(hexChars);
}
public static byte[] getBytes(String inputFile) {
String outputFile = inputFile;
File infile = new File(outputFile);
byte[] readBytes = null;
try {
readBytes = IOUtils.toByteArray(new FileInputStream(infile));
} catch (Exception e) {
e.printStackTrace();
}
return readBytes;
}
public static void main(final String[] args) throws Exception {
final byte[] pass = getBytes("D:\\\\Misc\\\\tryouts\\\\encryption3\\\\passkeyfile.txt");
final byte[] magic = "Salted__".getBytes(StandardCharsets.US_ASCII);
final String inFile = "D:\\Misc\\tryouts\\encryption3\\enpassfile.encr";
final byte[] inBytes = Files.readAllBytes(Paths.get(inFile));// decoder.decode(source);
System.out.println("Encrypted cipher: " + bytesToHex(inBytes));
System.out.println("Encrypted cipher via Apache Commons Hex: " + Hex.encodeHexString(inBytes));
System.out.println("Pass Key: " + bytesToHex(pass));
System.out.println("Pass Key: " + new String(pass));
final byte[] shouldBeMagic = Arrays.copyOfRange(inBytes, 0, magic.length);
if (!Arrays.equals(shouldBeMagic, magic)) {
System.out.println("Bad magic number");
return;
}
final byte[] salt = Arrays.copyOfRange(inBytes, magic.length, magic.length + 8);
final byte[] passAndSalt = concat(pass, salt);
byte[] hash = new byte[0];
byte[] keyAndIv = new byte[0];
for (int i = 0; i < 3; i++) {
final byte[] data = concat(hash, passAndSalt);
final MessageDigest md = MessageDigest.getInstance("MD5");
hash = md.digest(data);
keyAndIv = concat(keyAndIv, hash);
}
final byte[] keyValue = Arrays.copyOfRange(keyAndIv, 0, 32);
final byte[] iv = Arrays.copyOfRange(keyAndIv, 32, 48);
/*
* Key and IV from OpenSSL command -p
* final byte[] keyValue =
* javax.xml.bind.DatatypeConverter.parseHexBinary(
* "5F9A0BAF409AF8F9B9FECA9008508A91CEEE86B3A334EC6E00D08A7A8B8372C5"); final
* byte[] iv = javax.xml.bind.DatatypeConverter.parseHexBinary(
* "FF3EC566671077A5CC7F0695F8CC590B");
*/
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
final SecretKeySpec key = new SecretKeySpec(keyValue, "AES");
System.out.println("IV: " + bytesToHex(iv));
System.out.println("IV via Apache Commons Hex: " + Hex.encodeHexString(iv));
cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));
/**** EXCEPTION OCCURS HERE START *****/
final byte[] clear = cipher.doFinal(inBytes, 16, inBytes.length - 16);
/**** EXCEPTION OCCURS HERE STOP *****/
final String clearText = new String(clear, StandardCharsets.ISO_8859_1);
System.out.println(clearText);
}
private static byte[] concat(final byte[] a, final byte[] b) {
final byte[] c = new byte[a.length + b.length];
System.arraycopy(a, 0, c, 0, a.length);
System.arraycopy(b, 0, c, a.length, b.length);
return c;
}
}
答案 0 :(得分:2)
除了根据reinier的注释从密码值中删除CRLF:
您显然使用的是 OpenSSL 1.1.0 或更高版本,它已将enc PBKDF / PBE中默认使用的哈希值从MD5 更改为 SHA256 。请参阅Unixy系统上的man enc(可能需要一个特殊的部分,例如1ssl),但您显然不是Unixy系统,或者在HISTORY下可能是on the web,甚至可能是Password to key function compatible with OpenSSL commands?。请注意,使用SHA256,PBKDF中仅需要2个块而不是4个块。
仅供参考,您不需要复制数组切片; SecretKeySpec和IvParameterSpec都具有构造函数重载,该重载使用字节数组的一部分而不是整个数组。 AES-256密钥为32字节(至少在Java中为32字节),即使您注释不同也是如此。