当使用Python simple-crypt(源here)加密某些任意数据时,我正在研究项目,然后在java应用程序中使用相同的加密数据。
我想了解JSSE和Pycrypto之间的概念差异。
这是进行加密的python部分(source):
counter = Counter.new(HALF_BLOCK, prefix=salt[:HALF_BLOCK//8])
cipher = AES.new(cipher_key, AES.MODE_CTR, counter=counter)
这是我尝试java重新实现相同的操作:
SecretKeySpec key = new SecretKeySpec(cipher_key, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(salt, 0, HALF_BLOCK / 8);
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
这里的问题是java Cipher抛出异常的初始化:
java.security.InvalidAlgorithmParameterException: IV must be 16 bytes long.
at org.bouncycastle.jce.provider.JCEBlockCipher.engineInit(Unknown Source)
at javax.crypto.Cipher.init(Cipher.java:1394)
at javax.crypto.Cipher.init(Cipher.java:1327)
HALF_BLOCK的值为64。
所以问题是,python的AES实现如何与HALF_BLOCK / 8密钥大小和java不兼容?
谢谢!
答案 0 :(得分:2)
nonce(IV的“左侧”;“right”是顺序计数器)应作为IV与密文一起传输。没有必要保持nonce秘密。只有不得重新使用由同一密钥加密的其他邮件。
似乎Python代码正在生成一个Counter位长的新64,并将prefix(我假设nonce值)设置为8变量的前salt个字节。它很可能(这里因为我无法访问Python代码而有很大的假设)在0x00 * 8处启动实际的计数器值,因此您的初始IV将是:
salt = '#Eg����' # => UTF-8 encoding of 0x0123456789ABCDEF (not familiar enough with Python for the actual expression)
# Really may be misunderstanding, but as the AES IV must be 16 bytes, I imagine the terminology here is prefix = 8 bytes, sequence = 8 bytes
counter = Counter.new(HALF_BLOCK, prefix=salt[:HALF_BLOCK]) # => '0x01234567 89ABCDEF 00000000 00000000'
# Perform one encryption
counter # => '0x01234567 89ABCDEF 00000000 00000001'
# etc.
要在Java中执行相同的操作,它应该像将IvParameterSpec初始化为与上面相同一样简单(即将带有0的盐的前8个字节右键填充到16个字节)。
// Intentionally verbose for demonstration; this can obviously be compacted
byte[] salt = org.bouncycastle.util.encoders.Hex.decode("0123456789ABCDEF");
byte[] nonceAndCounter = new byte[16];
System.arraycopy(salt, 0, nonceAndCounter, 0, ((int) (HALF_BLOCK / 8)));
IvParameterSpec iv = new IvParameterSpec(nonceAndCounter);
这是一个完整的测试用例,断言加密和解密是内部兼容的;你也可以使用Python端的数据运行它来验证。
@Test
public void testPythonCompatibility() {
// Arrange
byte[] cipher_key = org.bouncycastle.util.encoders.Hex.decode("0123456789ABCDEFFEDCBA9876543210");
final int HALF_BLOCK = 64;
byte[] salt = org.bouncycastle.util.encoders.Hex.decode("0123456789ABCDEF");
byte[] nonceAndCounter = new byte[16];
System.arraycopy(salt, 0, nonceAndCounter, 0, ((int) (HALF_BLOCK / 8)));
IvParameterSpec iv = new IvParameterSpec(nonceAndCounter);
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding", "BC");
SecretKeySpec key = new SecretKeySpec(cipher_key, "AES");
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
final String plaintext = "This is a plaintext message.";
// Act
byte[] cipherBytes = cipher.doFinal(plaintext.getBytes(StandardCharsets.UTF_8));
// Assert
cipher.init(Cipher.DECRYPT_MODE, key, iv);
byte[] recoveredBytes = cipher.doFinal(cipherBytes);
String recovered = new String(recoveredBytes, StandardCharsets.UTF_8);
assert recovered.equals(plaintext);
}