java.security.InvalidKeyException:缺少参数

时间:2017-11-30 13:00:52

标签: java encryption

我需要将加密密码存储在DB 中,而不存储任何密钥或盐。我想确保它更安全,即使它是双向加密。所以在谷歌搜索后,我已经创建了一个示例程序来测试它。我的想法是创建一个自定义JPA AttributeConverter类来管理它。

以下是该计划: 

import java.security.Key;
import java.security.spec.KeySpec;
import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

public class Crypto {

    private static final String _algorithm = "AES";
    private static final String _password = "_pasword*";
    private static final String _salt = "_salt*";
    private static final String _keygen_spec = "PBKDF2WithHmacSHA1";
    private static final String _cipher_spec = "AES/CBC/PKCS5Padding";

    public static String encrypt(String data) throws Exception {
        Key key = getKey();
        System.out.println(key.toString());
        Cipher cipher = Cipher.getInstance(_cipher_spec);
        cipher.init(Cipher.ENCRYPT_MODE, key);
        byte[] encVal = cipher.doFinal(data.getBytes());
        String encryptedValue = Base64.getEncoder().encodeToString(encVal);
        System.out.println("Encrypted value of "+data+": "+encryptedValue);
        return encryptedValue;
    }

    public static void decrypt(String encryptedData) throws Exception {
        Key key = getKey();
        System.out.println(key.toString());
        Cipher cipher = Cipher.getInstance(_cipher_spec);
        cipher.init(Cipher.DECRYPT_MODE, key);
        byte[] decordedValue = Base64.getDecoder().decode(encryptedData);
        byte[] decValue = cipher.doFinal(decordedValue);
        String decryptedValue = new String(decValue);
        System.out.println("Decrypted value of "+encryptedData+": "+decryptedValue);
    }

    private static Key getKey() throws Exception {
        SecretKeyFactory factory = SecretKeyFactory.getInstance(_keygen_spec);
        KeySpec spec = new PBEKeySpec(_password.toCharArray(), _salt.getBytes(), 65536, 128);
        SecretKey tmp = factory.generateSecret(spec);
        SecretKey secret = new SecretKeySpec(tmp.getEncoded(), _algorithm);
        return secret;
    }

    public static void main(String []str) throws Exception {
        String value = encrypt("India@123");
        decrypt(value);
    }
}

但它抛出以下异常:

javax.crypto.spec.SecretKeySpec@17111
Encrypted value of India@123: iAv1fvjMnJqilg90rGztXA==
javax.crypto.spec.SecretKeySpec@17111
Exception in thread "main" java.security.InvalidKeyException: Parameters missing
    at com.sun.crypto.provider.CipherCore.init(CipherCore.java:469)
    at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:313)
    at javax.crypto.Cipher.implInit(Cipher.java:802)
    at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
    at javax.crypto.Cipher.init(Cipher.java:1249)
    at javax.crypto.Cipher.init(Cipher.java:1186)
    at org.lp.test.Crypto.decrypt(Crypto.java:37)
    at org.lp.test.Crypto.main(Crypto.java:54)

我无法弄清楚这一点。

我根据@Luke Park的回答纠正了异常我已经创建了一个JPA AttributeConverter,如下所示: 

    import java.security.Key;
import java.security.spec.KeySpec;
import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;

@Converter(autoApply=true)
public class CryptoJPAConverter implements AttributeConverter<String, String> {

    private static final String _algorithm = "AES";
    private static final String _password = "_pasword*";
    private static final String _salt = "_salt*";
    private static final String _keygen_spec = "PBKDF2WithHmacSHA1";
    private static final String _cipher_spec = "AES/ECB/PKCS5Padding";

    @Override
    public String convertToDatabaseColumn(String clearText) {
        Key key;
        Cipher cipher;
        try {
            key = getKey();
            cipher = Cipher.getInstance(_cipher_spec);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] encVal = cipher.doFinal(clearText.getBytes());
            String encryptedValue = Base64.getEncoder().encodeToString(encVal);
            return encryptedValue;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override
    public String convertToEntityAttribute(String encryptedText) {
        Key key;
        try {
            key = getKey();
            Cipher cipher = Cipher.getInstance(_cipher_spec);
            cipher.init(Cipher.DECRYPT_MODE, key);
            byte[] decordedValue = Base64.getDecoder().decode(encryptedText);
            byte[] decValue = cipher.doFinal(decordedValue);
            String decryptedValue = new String(decValue);
            return decryptedValue;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static Key getKey() throws Exception {
        SecretKeyFactory factory = SecretKeyFactory.getInstance(_keygen_spec);
        KeySpec spec = new PBEKeySpec(_password.toCharArray(), _salt.getBytes(), 65536, 128);
        SecretKey tmp = factory.generateSecret(spec);
        SecretKey secret = new SecretKeySpec(tmp.getEncoded(), _algorithm);
        return secret;
    }
}

我使用双向加密,因为我需要将密码作为明文传递给Java邮件客户端。

欢迎提出意见和建议

1 个答案:

答案 0 :(得分:3)

您正在使用AES/CBC/PKCS5Padding,但您没有将IV传递给cipher.init来电。

CBC模式需要对每个加密操作进行随机IV,每次加密时都应使用SecureRandom生成此值,并将值作为IvParameterSpec传递。你需要相同的IV进行解密。通常将IV添加到密文并在需要时检索。

单独注意,加密密码确实是一个非常糟糕的主意。事实上,你必须提出这个问题,这有点证明你无法做出与安全相关的决定。请自己和您的项目帮助,哈希密码。 PBKDF2和bcrypt都是不错的方式。

相关问题
最新问题