我在客户端使用cryptojs aes 256加密了消息。但是无法在java端解密它。首先,我将密钥作为十六进制直接传递给服务器端,然后将其从十六进制转换为java bytearray。它没用。然后我将短语salt,iv作为十六进制传递给服务器。然后生成密钥。它仍然无法正常工作。总是抱怨关键长度不对。
客户方:
var salt = CryptoJS.lib.WordArray.random(16);
var salt_hex = CryptoJS.enc.Hex.stringify(salt);
var iv = CryptoJS.lib.WordArray.random(256/32);
var iv_hex = CryptoJS.enc.Hex.stringify(iv);
var key = CryptoJS.PBKDF2(secret, salt, { keySize: 256/32, iterations: 10 });
var key_hex=CryptoJS.enc.Hex.stringify(key);
var encrypted = CryptoJS.AES.encrypt(plaintext, key, { iv: iv });
var encryptedtxt = secret+":"+salt_hex+":"+iv_hex+":"+encrypted.ciphertext.toString(CryptoJS.enc.Base64)+":"+key_hex;
服务器端:
if (encrypted != null)
{
//Get the passphras, salt, IV and msg
String data[] = encrypted.split(":");
String passphrase = data[0];
String salt_hex = data[1];
String iv_hex = data[2];
String msg64 = data[3];
String jskey_hex = data[4];
byte[] jskey = hexStringToByteArray(jskey_hex);
byte[] iv = hexStringToByteArray(iv_hex);
byte[] salt = hexStringToByteArray(salt_hex);
BASE64Decoder decoder = new BASE64Decoder();
byte[] msg = decoder.decodeBuffer(msg64);
try {
//theClear = AES.decrypt(encrypted);
/* Decrypt the message, given derived key and initialization vector. */
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(passphrase.toCharArray(), salt, 10, 256/32);
SecretKey key = new SecretKeySpec(factory.generateSecret(spec).getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));
String plaintext = new String(cipher.doFinal(msg), "UTF-8");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
答案 0 :(得分:1)
终于明白了。默认情况下,JRE 7不支持256位密钥。我必须从http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html下载新的jar并在jre / lib / security文件夹中覆盖它们。您将不得不为Websphere 6或7执行类似的操作。如果您不这样做,则会提示"非法密钥大小"。我还看到了"非法密钥大小x",其中x是一个数字。这意味着密钥大小不对。以下是代码。
服务器端:
//@Override
public String getClearText() throws IOException {
// Get the body
String encrypted = super.getParameter("aes"); //base64
if (encrypted != null)
{
//Get the passphras, salt, IV and msg
String data[] = encrypted.split(":");
String passphrase = data[0];
String salt_hex = data[1];
String iv_hex = data[2];
String msg64 = data[3];
String jskey_hex = data[4];
byte[] jskey = hexStringToByteArray(jskey_hex);
byte[] iv = hexStringToByteArray(iv_hex);
byte[] salt = hexStringToByteArray(salt_hex);
BASE64Decoder decoder = new BASE64Decoder();
byte[] msg = decoder.decodeBuffer(msg64);
String plaintext = "";
try {
SecretKey key = new SecretKeySpec(jskey, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));
plaintext = new String(cipher.doFinal(msg), "UTF-8");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
System.out.println("in filter, decrypted: " +plaintext);
}
return plaintext;
}
客户端:
$(function() {
$('#test').on('submit', function() {
var plaintext = $('#text').val();
var secret = '0123456789abcdef';
var salt = CryptoJS.lib.WordArray.random(16);
var salt_hex = CryptoJS.enc.Hex.stringify(salt);
var iv = CryptoJS.lib.WordArray.random(16);
var iv_hex = CryptoJS.enc.Hex.stringify(iv);
var key = CryptoJS.PBKDF2(secret, salt, { keySize: 256/32, iterations: 1 });
//var key_hex=CryptoJS.enc.Hex.stringify(key);
var key_hex= key;
var encrypted = CryptoJS.AES.encrypt(plaintext, key, { iv: iv });
//decrypt
var decrypted = CryptoJS.AES.decrypt(
encrypted,
CryptoJS.enc.Hex.parse(key_hex),
{ iv: CryptoJS.enc.Hex.parse(iv_hex) });
var text = decrypted.toString( CryptoJS.enc.Utf8 );
//console.log(encrypted);
// ----- base64 encoding ----------
var encryptedtxt = secret+":"+salt_hex+":"+iv_hex+":"+encrypted.ciphertext.toString(CryptoJS.enc.Base64)+":"+key_hex;
console.log('html - ciphere txt : ' +encryptedtxt);
// ---- testing ----
//var decrypted = CryptoJS.AES.decrypt(encrypted, key,{iv: CryptoJS.enc.Utf8.parse(iv)});
//console.log(decrypted.toString(CryptoJS.enc.Utf8));
post ('/E2Efilter/TheServlet', encryptedtxt);
return false;
});