我有以下几乎可以使用的代码:
AES.java
import java.io.UnsupportedEncodingException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class AES {
private static final int KEY_LENGTH = 128;
private static final int ITERATIONS = 100;
private static final String ALGORITHM = "AES";
private static final String SECRET_KEY_ALGORITHM = "PBKDF2WithHmacSHA1";
private static final String TRANSFORMATION = "AES/CBC/PKCS5Padding";
private final Cipher m_enc_cipher;
private final Cipher m_dec_cipher;
private final byte[] m_iv;
public AES(final char[] password, final byte[] salt)
throws NoSuchAlgorithmException, InvalidKeySpecException,
NoSuchPaddingException, InvalidKeyException,
InvalidParameterSpecException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException,
InvalidAlgorithmParameterException {
// Derive the key, given password and salt
final SecretKeyFactory factory = SecretKeyFactory
.getInstance(SECRET_KEY_ALGORITHM);
final KeySpec spec = new PBEKeySpec(password, salt, ITERATIONS,
KEY_LENGTH);
final SecretKey tmp = factory.generateSecret(spec);
final SecretKey secret = new SecretKeySpec(tmp.getEncoded(), ALGORITHM);
// Build encryptor and get IV
final Cipher enc_cipher = Cipher.getInstance(TRANSFORMATION);
enc_cipher.init(Cipher.ENCRYPT_MODE, secret);
final AlgorithmParameters params = enc_cipher.getParameters();
final byte[] iv = params.getParameterSpec(IvParameterSpec.class)
.getIV();
// Build decryptor
final Cipher dec_cipher = Cipher.getInstance(TRANSFORMATION);
dec_cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));
this.m_enc_cipher = enc_cipher;
this.m_dec_cipher = dec_cipher;
this.m_iv = iv;
}
public AES(final byte[] iv) throws NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidKeyException, InvalidParameterSpecException,
IllegalBlockSizeException, BadPaddingException,
UnsupportedEncodingException, InvalidAlgorithmParameterException {
final AlgorithmParameterSpec aps = new IvParameterSpec(iv);
final KeyGenerator keygen = KeyGenerator.getInstance(ALGORITHM);
keygen.init(KEY_LENGTH);
final SecretKey secret = keygen.generateKey();
// Build encryptor
final Cipher enc_cipher = Cipher.getInstance(TRANSFORMATION);
enc_cipher.init(Cipher.ENCRYPT_MODE, secret, aps);
// Build decryptor
final Cipher dec_cipher = Cipher.getInstance(TRANSFORMATION);
dec_cipher.init(Cipher.DECRYPT_MODE, secret, aps);
this.m_enc_cipher = enc_cipher;
this.m_dec_cipher = dec_cipher;
this.m_iv = iv;
}
public byte[] get_iv() {
return this.m_iv;
}
public byte[] encrypt(final byte[] data) throws NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidKeyException, InvalidParameterSpecException,
IllegalBlockSizeException, BadPaddingException,
UnsupportedEncodingException {
return this.m_enc_cipher.doFinal(data);
}
public byte[] decrypt(final byte[] data) throws IllegalBlockSizeException,
BadPaddingException {
return this.m_dec_cipher.doFinal(data);
}
}
AESTest.java
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.junit.Test;
import static org.junit.Assert.*;
public class AESTest {
@Test
public void test() throws InvalidKeyException, NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidParameterSpecException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException,
InvalidAlgorithmParameterException {
final char[] password = "my_password".toCharArray();
final byte[] salt = new byte[] { 22, 11 };
final byte[] original_data = "Hello, World!".getBytes("UTF-8");
final AES aesA = new AES(password, salt);
final byte[] encrypted_data = aesA.encrypt(original_data);
System.out.println("Encrypted:");
System.out.println(javax.xml.bind.DatatypeConverter
.printBase64Binary(encrypted_data));
final AES aesB = new AES(aesA.get_iv());
final byte[] decrypted_data_B = aesB.decrypt(encrypted_data);
System.out.println("Decrypted B:");
System.out.println(javax.xml.bind.DatatypeConverter
.printBase64Binary(decrypted_data_B));
assertTrue(Arrays.equals(original_data, decrypted_data_B));
}
}
在测试(AESTest.java)上,它给了我这个错误:
javax.crypto.BadPaddingException: Given final block not properly padded
我的最终目的是能够发送加密数据块,然后将其取回 术语“稍后”可以指日/周/年 然后,使用我想要解密的相同密码。
因为“稍后”可能是一个月,所以我需要创建一个新的AES
对象。
现在,这个新的AES
对象必须能够使用相同的固定密码/ salt解密数据。
就是这样。
我尝试使用相同的IV,但它不起作用。
我在这里做错了什么?
编辑#1:
请注意ITERATIONS
。
答案 0 :(得分:3)
按iv
初始化AES时,您会创建不同的secret
。不是吗?
您没有使用相同的密码和盐。
答案 1 :(得分:2)
如前所述,第二个构造函数创建一个新的AES密钥,因此它不会与第一个构造函数中创建的密钥匹配。我真的没有意图拥有两个不同的构造函数,在每个构造函数中,您创建一个适合加密的AES实例以及另一个用于解密的实例?重新考虑该设计并仅使用一个实例可能是有意义的,具体取决于您是要加密还是解密。
虽然您在第一个构造函数中生成的密钥是保密的,但生成的IV是公共信息,可以安全地公开发布,这不会损害安全性。但是,您应该为每个加密邮件创建唯一的IV,否则可能会对您正在使用的CBC模式进行攻击。
所以,我建议你这样做:
<强>加密强>
基本上是第一个构造函数,省略了第二个实例进行解密。检索已创建的IV。
<强>解密:强>
再次基本上是第一个构造函数,带有一个额外的IV参数。使用完全相同的参数(salt,password,iterations)从头开始重新创建密钥,这次在解密模式下初始化Cipher
,另外传递IV参数。
应该这样做!