我尝试使用Bouncy Castle 1.58(org.bouncycastle:bcprov-jdk15on:1.58)从密码开始加密有效负载:
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.security.SecureRandom;
import java.security.Security;
public class Scratch {
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider());
String password = "password";
SecureRandom randomGenerator = new SecureRandom();
byte[] salt = randomGenerator.generateSeed(256);
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, 65536, 32);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
SecretKey passwordKey = f.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
PBEParameterSpec parSpec = new PBEParameterSpec(salt, 65536);
cipher.init(Cipher.ENCRYPT_MODE, passwordKey, parSpec);
}
}
这是我得到的错误:
Exception in thread "main" org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$InvalidKeyOrParametersException: Key length not 128/192/256 bits.
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineInit(Unknown Source)
at javax.crypto.Cipher.init(Cipher.java:1394)
at javax.crypto.Cipher.init(Cipher.java:1327)
at tech.dashman.dashman.Scratch.main(Scratch.java:30)
Caused by: java.lang.IllegalArgumentException: Key length not 128/192/256 bits.
at org.bouncycastle.crypto.engines.AESEngine.generateWorkingKey(Unknown Source)
at org.bouncycastle.crypto.engines.AESEngine.init(Unknown Source)
at org.bouncycastle.crypto.modes.GCMBlockCipher.init(Unknown Source)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.init(Unknown Source)
... 4 more
如果我将对PBKeySpec的调用中的密钥长度更改为256,如下所示:
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.security.SecureRandom;
import java.security.Security;
public class Scratch {
public static void main(String[] args) throws Exception {
Security.addProvider(new BouncyCastleProvider());
String password = "password";
SecureRandom randomGenerator = new SecureRandom();
byte[] salt = randomGenerator.generateSeed(256);
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, 65536, 256);
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
SecretKey passwordKey = f.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
PBEParameterSpec parSpec = new PBEParameterSpec(salt, 65536);
cipher.init(Cipher.ENCRYPT_MODE, passwordKey, parSpec);
}
}
然后我收到了这个错误:
Exception in thread "main" java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
at javax.crypto.Cipher.init(Cipher.java:1393)
at javax.crypto.Cipher.init(Cipher.java:1327)
at tech.dashman.dashman.Scratch.main(Scratch.java:29)
我在这里缺少什么?什么尺寸应该是关键?
答案 0 :(得分:4)
如果您想使用密钥大小为&gt的AES,则需要安装无限加密扩展程序。 128位。例外实际上是在告诉你:
Exception in thread "main" java.security.InvalidKeyException: Illegal key size
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1039)
at javax.crypto.Cipher.init(Cipher.java:1393)
at javax.crypto.Cipher.init(Cipher.java:1327)
at tech.dashman.dashman.Scratch.main(Scratch.java:29)
它没有检查Cipher.java第1039行的加密权限
尝试将密钥长度设置为128位或安装无限密钥强度政策,您可以下载here