import java.io.*;
import java.security.MessageDigest;
import java.security.Security;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class NewKey{
public static void main(String[] args) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
String username = "username@teleparadigm.org";
String userdata = "depression"+" "+"headache";
// Get the Key
byte[] key = (username).getBytes();
MessageDigest sha = MessageDigest.getInstance("SHA-256");
key = sha.digest(key);
key = Arrays.copyOf(key, 16);
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
System.out.println("key used is "+username);
System.out.println("encrypted key used is "+key);
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding", "BC");
final byte[] IV = {-85, -67, -5, 88, 28, 49, 49, 85,114, 83, -40, 119, -65, 91, 76, 108};// Hard coded for now
final IvParameterSpec ivSpec = new IvParameterSpec(IV);
System.out.println("Derived AES key is: " +secretKeySpec.toString().getBytes().length );
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec,ivSpec);
byte[] encrypted = cipher.doFinal((userdata).getBytes());
System.out.println("encrypted userdata: " + encrypted);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec,ivSpec);
byte[] original = cipher.doFinal(encrypted);
String originalString = new String(original);
System.out.println("Original userdata: " + originalString );
}
}
我在初始化向量(IV)中使用了一些值,想知道使用AES CTR模式的正确方法是什么?
key = Arrays.copyOf(key, 16);
上述声明的目的是什么? 建议我改进一下这个程序。
答案 0 :(得分:0)
正确的方法是生成随机NONCE(Java使用IvParameterSpec,但它实际上是NONCE)并将其与密文一起发送。您应该使用PBKDF2来获取密码,不应该使用getBytes()或new String(byte[]),因为它使用平台的默认编码而不是明确的编码。