为什么解密函数返回垃圾代码?

时间:2012-08-07 03:33:50

标签: java base64 apache-commons encryption

我已将基于C#的解密函数转换为Java。它工作正常,可用于解密已由C#程序加密的密码。 这是源代码:

import org.apache.commons.codec.binary.Base64;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;

public class TestDecrpt {
    public static void main(String[] args) throws Exception {
        String data = "encrypted data";
        String sEncryptionKey = "encryption key";
        byte[] rawData = new Base64().decode(data);
        byte[] salt = new byte[8];
        System.arraycopy(rawData, 0, salt, 0, salt.length);

        Rfc2898DeriveBytes keyGen = new Rfc2898DeriveBytes(sEncryptionKey, salt);

        byte[] IV = keyGen.getBytes(128 / 8);
        byte[] keyByte = keyGen.getBytes(256 / 8);

        Key key = new SecretKeySpec(keyByte, "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(IV));
        int pureDataLength = rawData.length - 8;
        byte[] pureData = new byte[pureDataLength];
        System.arraycopy(rawData, 8, pureData, 0, pureDataLength);
        String plaintext = new String(cipher.doFinal(pureData), "UTF-8").replaceAll("\u0000", "");
        System.out.println(plaintext);
    }
}

我按照其算法编写加密函数。代码是:

import org.apache.commons.codec.binary.Base64;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
import java.security.SecureRandom;


public class testEncrypt {
    public static void main(String[] args) throws Exception {
        String data = "Welcome2012~1@Welcome2012~1@Welcome2012~1@Welcome2012~1@Welcome2012~1@";
        String sEncryptionKey = "encryption key"; # the same key
        byte[] rawData = new Base64().decode(data);
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[8];
        random.nextBytes(salt);
        Rfc2898DeriveBytes keyGen = new Rfc2898DeriveBytes(sEncryptionKey, salt);

        byte[] IV = keyGen.getBytes(128 / 8);
        byte[] keyByte = keyGen.getBytes(256 / 8);

        Key key = new SecretKeySpec(keyByte, "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(IV));
        byte[] out2 = cipher.doFinal(rawData);

        byte[] out = new byte[8 + out2.length];
        System.arraycopy(salt, 0, out, 0, 8);
        System.arraycopy(out2, 0, out, 8, out2.length);
        //String outStr=new String(out,"UTF-8");
        String outStr = new Base64().encodeToString(out);
        System.out.println(outStr);
        System.out.print(outStr.length());

    }
}

但是,加密数据无法正确解密,它总是返回垃圾代码,例如

  

ꉜ뙧巓妵峩枢펶땝ꉜ뙧巓妵峩枢펶땝ꉜ뙧巓

加密功能有问题吗?

=============================================== ================================= [更新] 将代码更改为

byte[] rawData = data.getBytes("UTF-8");

可以成功加密和解密数据。 但是,用Java加密的数据无法在C#中正确解密。 这是C#版本解密函数:

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;


namespace Test
{
    class Program
    {
        public static void Main(string[] args)
        {
                string data="EncryptedData";
                string sEncryptionKey="EncryptionKey";

                byte[] rawData = Convert.FromBase64String(data);
                byte[] salt = new byte[8];
                for (int i = 0; i < salt.Length; i++)
                    salt[i] = rawData[i];

                Rfc2898DeriveBytes keyGenerator = new Rfc2898DeriveBytes(sEncryptionKey, salt);
                Rijndael aes = Rijndael.Create();
                aes.IV = keyGenerator.GetBytes(aes.BlockSize / 8);
                aes.Key = keyGenerator.GetBytes(aes.KeySize / 8);

                using (MemoryStream memoryStream = new MemoryStream())
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Write))
                {
                    cryptoStream.Write(rawData, 8, rawData.Length - 8);
                    cryptoStream.Close();

                    byte[] decrypted = memoryStream.ToArray();
                    Console.Out.WriteLine(Encoding.Unicode.GetString(decrypted));
                    Console.In.ReadLine();
                }

        }
    }
}

我发现原始代码使用“Unicode”作为输出格式,

Encoding.Unicode.GetString(decrypted)

所以我将我的Java代码更改为“Unicode”。

对于Java中的Decrypt:

String plaintext = new String(cipher.doFinal(pureData), "Unicode");
System.out.println(plaintext);

对于Java中的加密:

byte[] rawData = data.getBytes("Unicode");

但使用C#代码解密已由Java程序加密的数据仍然符合垃圾代码。

我该如何解决这个问题?有什么神奇的伎俩吗?

[最后更新] 使用“UTF-16LE”代替“UTF-8”之后,问题就消失了。似乎“UTF-16LE”是Java等同于C#的“Unicode”。

1 个答案:

答案 0 :(得分:3)

这是问题所在:

String data = "Welcome2012~1@Welcome2012~1@Welcome2012~1@Welcome2012~1@Welcome2012~1@";
byte[] rawData = new Base64().decode(data);

该文本不是base64编码的二进制数据。这只是文字。为什么要尝试将其解码为base64数据?

你想:

byte[] rawData = data.getBytes("UTF-8");

那样,当你后来写:

String plaintext = new String(cipher.doFinal(pureData), "UTF-8")
                                    .replaceAll("\u0000", "");
你正在做相反的动作。 (不可否认,你可能不需要replaceAll电话,但这是另一回事。)

对于这样的事情,你需要确保你在“出去”路上采取的步骤与“进入”路上的步骤相反。所以在正确的代码中,你有:

Unencrypted text data => unencrypted binary data (encode via UTF-8)
Unencrypted binary data => encrypted binary data (encrypt with AES)
Encrypted binary data => encrypted text data (encode with base64)

反过来说,我们这样做:

Encrypted text data => encrypted binary data (decode with base64)
Encrypted binary data => unencrypted binary data (decrypt with AES)
Unencrypted binary data => unencrypted text data (decode via UTF-8)
相关问题
最新问题