Java:ChaCha20 w / Poly1305作为MAC用于通用文件加密

时间:2016-04-10 15:12:44

标签: java encryption

我需要使用ChaCha20 / Poly1305对来自任何来源的任何数据进行通用加密和解密(与我们使用I / O流的方式相同,例如CipherInputStream)。

This question已经询问是否可以使用Bouncy Castle的ChaCha20Poly1305类来处理数据,但似乎只支持TLS事务。

所以现在我离开了纯ChaCha20(ChaCha20Engine)。我想知道是否编写我自己的加密 - 然后 - MAC方案是一个好主意,所以我得到了我所需要的。

tl; dr我可以编写自己的ChaCha20 / Poly1305加密 - 然后 - MAC操作模式吗?

1 个答案:

答案 0 :(得分:0)

Java 11 添加了“ ChaCha20-Poly1305 / None / NoPadding密码” 现在可以在没有任何第三方库或其他魔术的情况下使用->

这里是参考资料实施

package chaCha20Poly1305Encryption;

import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Base64;

public class ChaCha20Poly1305 {

public static byte[] encrypt(byte[] data, SecretKey key) throws NoSuchPaddingException, NoSuchAlgorithmException,
        InvalidAlgorithmParameterException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
    if(key == null) throw new InvalidKeyException("SecretKey must NOT be NULL");

    byte[] nonceBytes = new byte[12];

    // Get Cipher Instance
    Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305/None/NoPadding");

    // Create IvParamterSpec
    AlgorithmParameterSpec ivParameterSpec = new IvParameterSpec(nonceBytes);

    // Create SecretKeySpec
    SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "ChaCha20");

    // Initialize Cipher for ENCRYPT_MODE
    cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivParameterSpec);

    // Perform Encryption
    return cipher.doFinal(data);
}

public static byte[] decrypt(byte[] cipherText, SecretKey key) throws Exception {
    if(key == null) throw new InvalidKeyException("SecretKey must NOT be NULL");
    byte[] nonceBytes = new byte[12];

    // Get Cipher Instance
    Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305/None/NoPadding");

    // Create IvParamterSpec
    AlgorithmParameterSpec ivParameterSpec = new IvParameterSpec(nonceBytes);

    // Create SecretKeySpec
    SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), "ChaCha20");

    // Initialize Cipher for DECRYPT_MODE
    cipher.init(Cipher.DECRYPT_MODE, keySpec, ivParameterSpec);

    // Perform Decryption
    return cipher.doFinal(cipherText);
}

public static void main(String[] args) throws Exception {
    SecretKey key = ChaCha20Poly1305KeyGenerator.generateKey();

    String testMessage = "hallo!";
    byte[] encryptedBytes = encrypt(testMessage.getBytes(), key);
    String decryptedMessage = new String(decrypt(encryptedBytes,key));
    System.out.println("testMessage: " + testMessage);
    System.out.println(key.getAlgorithm() + " SecretKey: " + Base64.getEncoder().encodeToString(key.getEncoded()));
    System.out.println("encryptedBytes: " + Base64.getEncoder().encodeToString(encryptedBytes));
    System.out.println("decryptedMessage: "+ decryptedMessage);

}
}

以及相应的密钥生成器:

package chaCha20Poly1305Encryption;

import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;

public class ChaCha20Poly1305KeyGenerator {
    public static SecretKey generateKey() throws NoSuchAlgorithmException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("ChaCha20");
        //Keysize MUST be 256 bit - as of Java11 only 256Bit is supported
        keyGenerator.init(256);
        return keyGenerator.generateKey();
    }
    public static void main(String[] args) throws NoSuchAlgorithmException {
        SecretKey key = generateKey();
        System.out.println(key.getAlgorithm() + " SecretKey: " + Base64.getEncoder().encodeToString(key.getEncoded()));
    }
}

我的Github GIST使用的代码: https://gist.github.com/eXspir3/7a0821a6cfdb0495ccc3e69b475a61b9