我在Play中存储了一些小块用户数据!会话cookie,以实现无状态服务器。有四个数据。出于安全考虑,我想加密其中两个。我正在使用Play Crypto库。加密看起来像这样(假设encryptKey
是一个有效的16字节字符串):
Redirect(successRedirectURL).withSession("id" -> (userProfile.get \ "_id").as[String],
"name" -> Crypto.encryptAES(name, encryptKey),
"imageUrl" -> { if (imageUrl.isEmpty) "" else imageUrl.get },
"email" -> Crypto.encryptAES((userProfile.get \ "email").as[String]))
解密看起来像这样:
def getUserName[A](implicit request: SecuredRequest[A]): String = Crypto.decryptAES(request.session.get("name").get, encryptKey)
def getUserEmail[A](implicit request: SecuredRequest[A]): String = Crypto.decryptAES(request.session.get("email").get, encryptKey)
现在,用户名解密就好了。电子邮件没有。我直接输入加密字符串来验证它不是会话机制,我得到了相同的行为。我打电话给getUserEmail
时得到的堆栈跟踪是这样的:
play.api.Application$$anon$1: Execution exception[[BadPaddingException: Given final block not properly padded]]
at play.api.Application$class.handleError(Application.scala:293) ~[play_2.10.jar:2.2.1]
at play.api.DefaultApplication.handleError(Application.scala:399) [play_2.10.jar:2.2.1]
at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$12$$anonfun$apply$1.applyOrElse(PlayDefaultUpstreamHandler.scala:165) [play_2.10.jar:2.2.1]
at play.core.server.netty.PlayDefaultUpstreamHandler$$anonfun$12$$anonfun$apply$1.applyOrElse(PlayDefaultUpstreamHandler.scala:162) [play_2.10.jar:2.2.1]
at scala.runtime.AbstractPartialFunction.apply(AbstractPartialFunction.scala:33) [scala-library.jar:na]
at scala.util.Failure$$anonfun$recover$1.apply(Try.scala:185) [scala-library.jar:na]
Caused by: javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811) ~[na:na]
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676) ~[na:na]
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313) ~[na:na]
at javax.crypto.Cipher.doFinal(Cipher.java:2087) ~[na:1.7.0_10]
at play.api.libs.Crypto$.decryptAES(Crypto.scala:229) ~[play_2.10.jar:2.2.1]
at play.api.libs.Crypto.decryptAES(Crypto.scala) ~[play_2.10.jar:2.2.1]
我试图找出如何设置它不做填充,但我无法找到我的application.conf中application.crypto.provider
或application.crypto.aes.transformation
的值。有什么想法吗?
答案 0 :(得分:2)
在您的加密中:
Redirect(successRedirectURL).withSession("id" -> (userProfile.get \ "_id").as[String],
"name" -> Crypto.encryptAES(name, encryptKey),
"imageUrl" -> { if (imageUrl.isEmpty) "" else imageUrl.get },
"email" -> Crypto.encryptAES((userProfile.get \ "email").as[String]))
我发现电子邮件的 encryptAES 未通过加密密钥,与名称一样。< / p>
这是一个错字,还是与你的问题有关?
尝试:
"email" -> Crypto.encryptAES((userProfile.get \ "email").as[String]), encryptKey)