JCE填充未正确加密/解密

时间:2017-07-04 13:15:34

标签: java encryption jce

我正在开发一个程序,我将用它来使用JCE加密和解密文件。我的加密和解密在默认模式下正常工作(ECB / PKCS5PADDING)但是当我尝试使用CBC并解密我的文件时,我得到的一些文本是垃圾(或者当我尝试图像时它会被破坏。

谁能看到我做错了什么? (我没有包含我的导入,必要时可以添加)

public class encwork {
private static String keyString = "ykHySDZCWr16TVku"; //Encryption key
private static void bulkWork(int cipherMode, File inputFile, File outputFile) throws Exception{
    //Let the user enter the key they wish to use
    Key secretKey = new SecretKeySpec(keyString.getBytes(), "AES"); //Generates a key based on the default keysize for the specified algorithm

    //Generate an Initialization Vector (IV)
    final int ALG_KEYLENGTH = 128; //Change this as desired for the security level you want
    byte[] iv = new byte[ALG_KEYLENGTH / 8]; //Save the IV bytes or send it in plaintext with the encrypted data so you can decrypt the data later
    SecureRandom prng = new SecureRandom(); //Use SecureRandom to generate random bits. The size of the IV matches the blocksize of the cipher
    prng.nextBytes(iv); //Construct the appropriate IvParameterSpec object for the data to pass to Cipher's init() method

    //Create a Cipher by specifying the following parameters: Alg name, Mode (CBC), Padding (PKC7/PKCS5)
    Cipher cipherForEncryption = Cipher.getInstance("AES/CBC/PKCS5PADDING"); // Must specify the mode explicitly as most JCE providers default to ECB mode

    //Initialize the Cipher for Encryption
    cipherForEncryption.init(cipherMode, secretKey, new IvParameterSpec(iv));

    //Declare / Initialize the Data, Convert the Input to Bytes and encrypt or decrypt using doFinal.
    FileInputStream inputStream = new FileInputStream(inputFile);
    byte[] inputBytes = new byte[(int) inputFile.length()];
    inputStream.read(inputBytes);
    byte[] outputBytes = cipherForEncryption.doFinal(inputBytes);
    FileOutputStream outputStream = new FileOutputStream(outputFile);
    outputStream.write(outputBytes);
    inputStream.close();
    outputStream.close();
}

public static void main(String[] args) {
    File inputFile = new File("C:/Users/admin/Desktop/Crypto/In/test.txt"); 
    File encryptedFile = new File("C:/Users/admin/Desktop/Crypto/Enc/test.encrypted");
    File decryptedFile = new File("C:/Users/admin/Desktop/Crypto/Dec/testdec.txt");

    //Encryption
    try {
        encwork.encrypt(inputFile, encryptedFile); //Encrypt method
    } catch (Exception e) {
        e.printStackTrace(); //Will show what caused the error in the console if an error occurs
    }

    //Decryption
    try {
        encwork.decrypt(encryptedFile, decryptedFile); //Decrypt method
    } catch (Exception e) {
        e.printStackTrace(); //Will show what caused the error in the console if an error occurs
    }
}

public static void encrypt(File inputFile, File outputFile) throws Exception {
    bulkWork(Cipher.ENCRYPT_MODE, inputFile, outputFile); //ENC_MODE = Constant used to initialize cipher to encryption mode.
}

public static void decrypt(File inputFile, File outputFile) throws Exception {
    bulkWork(Cipher.DECRYPT_MODE, inputFile, outputFile); //ENC_MODE = Constant used to initialize cipher to encryption mode.
}}

1 个答案:

答案 0 :(得分:0)

您没有使用相同的IV进行加密和解密。

从解密开始的评论:“第一行是”çQßs} @L¤qMä]这是一个测试“,这意味着加密和解密的IV不一样。

这条评论说明了一切:

//保存IV字节或以明文形式发送加密数据,以便以后解密数据

或者:

  1. 通过从加密中返回并在解密时传递它来保存IV
    1. 使用IV对加密数据进行前缀,并在解密时将其拆分以用于解密。 (IV不需要保密)
    2. 有关IV和CBC模式的更多信息,请参阅Cipher Block Chaining (CBC)

      虽然IV影响整个加密数据,但CBC模式是自校正的,这意味着当解密时使用错误的IV时,只有第一个块不正确。