我多年来一直试图解决这个问题。
第三方网络服务要求我使用3DES与ECB一起发送加密数据 和PKCS7padding - 他们正在使用.NET
railo CFML中的加密函数仅限于DESede而没有任何其他选项(即默认值用于密码模式和填充)。
有没有人在Railo中遇到过这个问题并想出一个解决方案(也许是基于java的)? - 我真的把头发拉到这里了!
根据Leigh的建议,我做了一些改动:
我已经取得了一些进展,我认为这个密钥在它上面有某种MD5散列。
我在网上钓鱼并稍微修改了你的解决方案 - 我不认为填充是必要的,但最初的结果加密字符串似乎是我应该期待的但是接近检查它是不正确的:
IvParameterSpec = createObject("java", "javax.crypto.spec.IvParameterSpec");
Cipher = createObject("java", "javax.crypto.Cipher");
SecretKeySpec = createObject("java", "javax.crypto.spec.SecretKeySpec");
BASE64Decoder = createObject("java", "sun.misc.BASE64Decoder");
Str = createObject("java", "java.lang.String");
MessageDigest = createObject("java", "java.security.MessageDigest");
input = "<xml><PanNumber>6280390027626871</PanNumber><Req_Currency_Code>826</Req_Currency_Code><Card_Pin>1234</Card_Pin><Till_Amount></Till_Amount><Auth_Code></Auth_Code></xml>";
key = "06098140901984F95E139F29B479D952CB6545C177D21456";
md = MessageDigest.getInstance("MD5");
md.update(key.getBytes("UTF-8"), 0, key.length());
keyBytes = md.digest();
newKey = tobase64(keyBytes);
keyBytes2 = binaryDecode(newKey, "base64");
keyBytes2 = arrayMerge(keyBytes, arraySlice(keyBytes, 1, 8));
allnewKey = binaryEncode(javacast("byte[]", keyBytes2), "base64");
encrypted = encrypt(input, allnewKey, "desede", "base64");
WriteDump("encrypted (CF): "& encrypted);`
其结果是:的 26sfwv2DHDj7EHYd5Qao8veDtPbKIcv8rDVhbLPDEaWHO27EUGRF6KrdbXe7NBUVADYMdGuagfO4Tev584dUcgKGJ2h6kWPZxooNUGMgL2xB7e00YOkLosA8wFD569sZUd1MGKuF9yCjY1zCsAE4SgohkcuK9YZ7BizQma99 / W9yOsIjAfHtAqGiep4tMTQ + eFASYtPybccsgi8H4brIB / HAu0kaDSAw
预期结果是: 的 26sfwv2DHDj7EHYd5Qao8veDtPbKIcv8rDVhbLPDEaWHO27EUGRF6MxaAzUpJDqQBq8NGgdqmtn6q / wVQNHGWrOE8 + aetKVC78nszS3ZO8AHjwoT1igv4lGl78n8jCHHU + KwnBT7KfXIYMTCuwO / MohIiFbGyhMXPsvv3 / G4OY1C2nEkN0LweLh4mTgtU8syT1M9XdmvwhaltsmPoFtoE9FujvQpJCY3
答案 0 :(得分:4)
railo CFML中的加密功能仅限于DESede 任何其他选项(即默认值用于密码模式和 填充)。
是的,我相信它使用java的默认值,即DESede/ECB/PKCS5Padding,它与.NET中的TripleDES/ECB/PKCS7padding兼容。因此,只要您使用24字节密钥,它就可以开箱即用。
我不知道更多,我猜你的密钥大小可能有问题。 .NET支持16和24字节密钥,但java仅支持24字节密钥。因此,如果您的密钥只有16个字节,则需要使用前八(8)个字节填充它,以使其可以被Java / Railo接受。
CF / Railo代码
<cfscript>
input = "DESede (3DES) Encryption in RAILO CFML";
key = "ru8femXhTm9jwdGdhb/4Sw==";
// pad the key with the first eight bytes. then convert back to base64
keyBytes = binaryDecode(key, "base64");
keyBytes = arrayMerge(keyBytes, arraySlice(keyBytes, 1, 8));
newKey = binaryEncode(javacast("byte[]", keyBytes), "base64");
encrypted = encrypt(input, newKey, "desede", "base64");
WriteDump("encrypted (CF): "& encrypted);
</cfscript>
C#代码
byte[] input = Encoding.UTF8.GetBytes("DESede (3DES) Encryption in RAILO CFML");
byte[] key = Convert.FromBase64String("ru8femXhTm9jwdGdhb/4Sw==");
TripleDESCryptoServiceProvider algorithm = new TripleDESCryptoServiceProvider();
algorithm.Mode = CipherMode.ECB;
algorithm.BlockSize = 64;
algorithm.KeySize = 128; // 16 byte key
algorithm.Key = key;
ICryptoTransform cipher = algorithm.CreateEncryptor();
byte[] encrypted = cipher.TransformFinalBlock(input, 0, input.Length);
Console.WriteLine("encrypted (.NET): {0}", Convert.ToBase64String(encrypted));
<强>结果:
encrypted (CF): fMPlk0ZqHDwp2zzZs/Cng7Y6r8Acr55UPJYWJTruEesxkBApsEFo6w==
encrypted (.NET): fMPlk0ZqHDwp2zzZs/Cng7Y6r8Acr55UPJYWJTruEesxkBApsEFo6w==
更新:很奇怪。当我在.NET中使用MD5哈希键时,我得到的是第一个结果,而不是“预期结果”
String rawInput = "<xml><PanNumber>6280390027626871</PanNumber><Req_Currency_Code>826</Req_Currency_Code><Card_Pin>1234</Card_Pin><Till_Amount></Till_Amount><Auth_Code></Auth_Code></xml>";
String rawKey = "06098140901984F95E139F29B479D952CB6545C177D21456";
byte[] input = Encoding.UTF8.GetBytes(rawInput);
byte[] key = MD5.Create().ComputeHash(Encoding.UTF8.GetBytes(rawKey));
// ... rest of code
结果:
encrypted (.NET): 26sfwv2DHDj7EHYd5Qao8veDtPbKIcv8rDVhbLPDEaWHO27EUGRF6KrdbXe7NB
UVADYMdGuagfO4Tev584dUcgKGJ2h6kWPZxooNUGMgL2xB7e00YOkLosA8wFD569sZUd1MGKuF9yCjY1
zCsAE4SgohkcuK9YZ7BizQma99/W9yOsIjAfHtAqGiep4tMTQ+eFASYtPybccsgi8H4brIB/HAu0kaDS
Aw