我使用Encryption类进行一些数据传输。 我一直收到这个错误:
javax.crypto.BadPaddingException: Given final block not properly padded
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:313)
at javax.crypto.Cipher.doFinal(Cipher.java:2131)
at com.casadelgato.util.Encryption.decrypt(Encryption.java:138)
at com.casadelgato.util.Encryption.decryptBase64(Encryption.java:124)
at com.casadelgato.util.Encryption.decryptBase64ToString(Encryption.java:109)
at com.casadelgato.util.Encryption.main(Encryption.java:156)
奇怪的是,如果我使用加密的相同加密对象运行解密,我就无法得到它。我只在新的Encryption对象尝试解密时才收到错误。 我已经使用下面的代码中的main()重现了这一点。
第二次解密呼叫失败。 显然,密码在会话之间保持状态???
如何解决此问题,以便其他程序可以解密其他地方加密的内容?
package com.casadelgato.util;
import java.io.UnsupportedEncodingException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class Encryption {
private final byte[] SALT = {
(byte) 0x26, (byte) 0xe4, (byte) 0x11, (byte) 0xa3,
(byte) 0x07, (byte) 0xc6, (byte) 0x55, (byte) 0x42
};
private Cipher ecipher;
private Cipher dcipher;
public Encryption( String password) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidParameterSpecException,
InvalidAlgorithmParameterException {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(password.toCharArray(), SALT, 65536, 128);
SecretKey tmp = factory.generateSecret(spec);
System.out.println("Encryption: " + Arrays.toString(tmp.getEncoded()));
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
ecipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
ecipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = ecipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
dcipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));
}
/**
* Encrypt the string and return the data encoded in base64
*
* @param encrypt String to encrypt
* @return base64 coded encrypted string
* @throws UnsupportedEncodingException
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws Exception
*/
public byte[] encryptStringToBase64( String encrypt) throws UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException {
byte[] bytes = encrypt.getBytes("UTF8");
return encryptToBase64(bytes);
}
/**
* Encrypt a block of data and encode to Base64
*
* @param bytes
* @return base64 encoded encrypted data
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws Exception
*/
public byte[] encryptToBase64( byte[] bytes) throws IllegalBlockSizeException, BadPaddingException {
byte[] encrypted = encrypt(bytes);
return Base64.encodeBase64(encrypted);
}
/**
* Encrypt a block of data
*
* @param plain
* @return encryped data
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws Exception
*/
public byte[] encrypt( byte[] plain) throws IllegalBlockSizeException, BadPaddingException {
return ecipher.doFinal(plain);
}
/**
* Decrypt a string that was encrypted and coded in base64
*
* @param base64
* @return
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws UnsupportedEncodingException
* @throws Exception
*/
public String decryptBase64ToString( byte[] base64) throws IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
byte[] decrypted = decryptBase64(base64);
return new String(decrypted, "UTF8");
}
/**
* Decrypt a Base64 encoded block
*
* @param base64
* @return
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws Exception
*/
public byte[] decryptBase64( byte[] base64) throws IllegalBlockSizeException, BadPaddingException {
byte[] decodedData = Base64.decodeBase64(base64);
byte[] decrypted = decrypt(decodedData);
return decrypted;
}
/**
* Decrypt a binary array.
*
* @param encrypt
* @return
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws Exception
*/
public byte[] decrypt( byte[] encrypt) throws IllegalBlockSizeException, BadPaddingException {
return dcipher.doFinal(encrypt);
}
public static void main( String[] args) throws Exception {
String messages[] = { "GETP", "Testing stuff that is longer" };
String password = "SanityLost";
try {
Encryption app = new Encryption(password);
Encryption app1 = new Encryption(password);
for (String message : messages) {
byte[] encrypted = app.encryptStringToBase64(message);
System.out.println("Encrypted string is: " + new String(encrypted, "UTF-8") + ", " + encrypted.length);
String decrypted = app.decryptBase64ToString(encrypted);
System.out.println("Decrypted string is: " + decrypted);
decrypted = app1.decryptBase64ToString(encrypted);
System.out.println("App1 Decrypted string is: " + decrypted);
}
} catch (Exception e1) {
e1.printStackTrace();
}
return;
}
}
答案 0 :(得分:3)
您的dcipher对象从ecipher对象获取其IV。问题是IV不依赖于密码或密钥。如果您不自己设置,它会随机生成。如果您创建第二个Encryption实例,您将获得不同于解密的IV而不是加密。
IV不应该是秘密的,所以你可以简单地将它与密文一起发送。由于IV总是具有相同的长度(AES / CBC为16字节),因此您可以简单地将其写在密文前面并在解密期间将其读回。你需要为此修改整个班级。请注意,随机IV对于语义安全很重要。
虽然我们正在努力。您还应该为每个加密随机化salt。如果我们假设salt总是8字节且IV总是16字节长,那么很容易为加密消息设计以下格式:
salt | IV | ciphertext
此处|表示连接。
您不需要两个Cipher个实例。只需在使用之前使用一个init进行加密或解密,而不是在构造函数内部。
答案 1 :(得分:1)
感谢Arjom的回答,我修改了代码:
package com.casadelgato.util;
import java.io.UnsupportedEncodingException;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
/**
* General data encryption/decryption handling. Can do Strings or byte[].
*
* @author John Lussmyer
*/
public class Encryption {
private String password;
private SecretKeyFactory factory;
public Encryption( String password) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidParameterSpecException,
InvalidAlgorithmParameterException {
this.password = password;
factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
return;
}
/**
* Encrypt the string and return the data encoded in base64
*
* @param encrypt String to encrypt
* @return base64 coded encrypted string
* @throws UnsupportedEncodingException
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws InvalidParameterSpecException
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws InvalidKeyException
* @throws Exception
*/
public byte[] encryptStringToBase64( String encrypt) throws UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidKeySpecException,
NoSuchAlgorithmException, NoSuchPaddingException, InvalidParameterSpecException {
byte[] bytes = encrypt.getBytes("UTF8");
return encryptToBase64(bytes);
}
/**
* Encrypt a block of data and encode to Base64
*
* @param bytes
* @return base64 encoded encrypted data
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws InvalidParameterSpecException
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws InvalidKeyException
* @throws Exception
*/
public byte[] encryptToBase64( byte[] bytes) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidKeySpecException, NoSuchAlgorithmException,
NoSuchPaddingException, InvalidParameterSpecException {
byte[] encrypted = encrypt(bytes);
return Base64.encodeBase64(encrypted);
}
/**
* Encrypt a block of data
*
* @param plain
* @return encryped data
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws InvalidParameterSpecException
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws InvalidKeySpecException
* @throws InvalidKeyException
* @throws Exception
*/
public byte[] encrypt( byte[] plain) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidKeySpecException, NoSuchAlgorithmException, NoSuchPaddingException,
InvalidParameterSpecException {
byte[] salt = new byte[8];
byte[] iv;
SecureRandom rand = new SecureRandom();
rand.nextBytes(salt);
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = cipher.getParameters();
iv = params.getParameterSpec(IvParameterSpec.class).getIV();
byte[] data = cipher.doFinal(plain);
byte[] result = new byte[data.length + salt.length + iv.length];
System.arraycopy(salt, 0, result, 0, salt.length);
System.arraycopy(iv, 0, result, salt.length, iv.length);
System.arraycopy(data, 0, result, salt.length + iv.length, data.length);
return result;
}
/**
* Decrypt a string that was encrypted and coded in base64
*
* @param base64
* @return
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws UnsupportedEncodingException
* @throws InvalidKeySpecException
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws InvalidAlgorithmParameterException
* @throws InvalidKeyException
* @throws Exception
*/
public String decryptBase64ToString( byte[] base64) throws IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException, InvalidKeyException, InvalidAlgorithmParameterException,
NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException {
byte[] decrypted = decryptBase64(base64);
return new String(decrypted, "UTF8");
}
/**
* Decrypt a Base64 encoded block
*
* @param base64
* @return
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws InvalidKeySpecException
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws InvalidAlgorithmParameterException
* @throws InvalidKeyException
* @throws Exception
*/
public byte[] decryptBase64( byte[] base64) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeySpecException {
byte[] decodedData = Base64.decodeBase64(base64);
byte[] decrypted = decrypt(decodedData);
return decrypted;
}
/**
* Decrypt a binary array.
*
* @param encrypt
* @return
* @throws BadPaddingException
* @throws IllegalBlockSizeException
* @throws InvalidKeySpecException
* @throws NoSuchPaddingException
* @throws NoSuchAlgorithmException
* @throws InvalidAlgorithmParameterException
* @throws InvalidKeyException
* @throws Exception
*/
public byte[] decrypt( byte[] encrypt) throws IllegalBlockSizeException, BadPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeySpecException {
byte[] desalt = new byte[8];
byte[] deiv = new byte[16];
byte[] data = new byte[encrypt.length - 8 - 16];
System.arraycopy(encrypt, 0, desalt, 0, desalt.length);
System.arraycopy(encrypt, desalt.length, deiv, 0, deiv.length);
System.arraycopy(encrypt, deiv.length + desalt.length, data, 0, encrypt.length - deiv.length - desalt.length);
KeySpec spec = new PBEKeySpec(password.toCharArray(), desalt, 65536, 128);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(deiv));
return cipher.doFinal(data);
}
/**
* Used to test the code.
*
* @param args ignored
* @throws Exception
*/
public static void main( String[] args) throws Exception {
String messages[] = { "GETP", "Testing stuff that is longer" };
String password = "SanityLost";
try {
Encryption app = new Encryption(password);
Encryption app1 = new Encryption(password);
for (String message : messages) {
byte[] encrypted = app.encryptStringToBase64(message);
System.out.println("Encrypted string is: " + new String(encrypted, "UTF-8") + ", " + encrypted.length);
String decrypted = app.decryptBase64ToString(encrypted);
System.out.println("Decrypted string is: " + decrypted);
decrypted = app1.decryptBase64ToString(encrypted);
System.out.println("App1 Decrypted string is: " + decrypted);
}
} catch (Exception e1) {
e1.printStackTrace();
}
return;
}
}