我试图通过Ruby中的密码“DES-EDE3-CBC”加密数据,然后用Java解密加密数据。
以下是Ruby中的代码我进行了加密:
require 'digest'
require 'openssl'
require 'base64'
ALG = "DES-EDE3-CBC"
key = "80f28a1ef4aa9df6ee2ee3210316b98f383eb344"
cipher = OpenSSL::Cipher::Cipher.new(ALG)
cipher.pkcs5_keyivgen(key, nil)
cipher.encrypt
data = "hello"
result = cipher.update(data)
result << cipher.final
# Write the data to file.
File.open("enc.txt", "wb"){|f| f.write result}
然后用Java解密:
import java.security.*;
import java.*;
import java.io.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class Test{
public static void main(String[] args) throws Exception {
String key = "80f28a1ef4aa9df6ee2ee3210316b98f383eb344";
// Init the key
DESKeySpec desKeySpec = new DESKeySpec(key.getBytes());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
Key secretKey = keyFactory.generateSecret(desKeySpec);
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] buf = new byte[1024];
InputStream input = new FileInputStream(new File("enc.txt"));
FileOutputStream output = new FileOutputStream(new File("dec.txt"));
int count = input.read(buf);
// Read and decrypt file content
while (count >= 0) {
output.write(cipher.update(buf, 0, count));
count = input.read(buf);
}
output.write(cipher.doFinal());
output.flush();
}
}
但是在运行Java代码时我总是遇到异常:
Exception in thread "main" javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DESCipher.java:314)
at javax.crypto.Cipher.doFinal(Cipher.java:1969)
at Test.main(Test.java:29)
我认为问题是Ruby中的“DES-EDE3-CBC”密码与Java“DES / ECB / PKCS5Padding”不兼容。 我怎么能这样做?
答案 0 :(得分:6)
在Ruby方面,除非是严格的要求,否则不要使用Cipher#key_ivgen
。它已被弃用,而OpenSSL::PKCS5应该用于基于密码的加密。你的密钥似乎是十六进制,40个字符,这导致最多20个字节的熵。它有这种特殊形式的原因是什么?三重DES密钥长度为24个字节,创建安全密钥的最简单方法是:
cipher = OpenSSL::Cipher.new("DES-EDE3-CBC")
cipher.encrypt
key = cipher.random_key
执行此操作时,您还应在加密前always generate a random IV:
iv = cipher.random_iv
为了将密钥和IV传递给Java,如果你需要它们的十六进制表示:
hex_key = key.unpack("H*")[0]
在Java中,您错误地使用DES而不是DESede,并且在ECB模式下使用它,而在Ruby中使用CBC时。不要使用ECB。您还必须使用Ruby中使用的密钥和IV初始化Cipher
。你需要一个适当的十六进制/解码器(在网上搜索),我已经采取了我能找到的第一个代码示例,但要注意这不是最有效的方法,一个表 - 基于查找将更快。但我们需要一些东西让你开始,所以这里是:
public static byte[] hexDecode(String hex) {
ByteArrayOutputStream bas = new ByteArrayOutputStream();
for (int i = 0; i < hex.length(); i+=2) {
int b = Integer.parseInt(hex.substring(i, i + 2), 16);
bas.write(b);
}
return bas.toByteArray();
}
byte[] key = hexDecode("<hex representation of the Ruby key>");
byte[] iv = hexDecode("<hex representation of the Ruby IV>");
DESedeKeySpec desKeySpec = new DESedeKeySpec(key);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
Key secretKey = keyFactory.generateSecret(desKeySpec);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);
... /* do the decryption */