我有一个名为user.that的表有一个列 firstName varchar(25)。
使用AES algorthm插入时加密名字值。(AES / CBC / PKCS5Padding)
但每次我加密firstname值时我都没有得到相同长度的输出值(加密)。当firstname值字符串长度变化时,加密输出lenth doent适合为列定义的varchar lenth。
String input =“test”; //加密值:978fbfa24962827da56b1f00896a4f2cbfc25b744e836c2a22d4292fb16dd53a
String input =“this is test”; //加密值:978fbfa24962827da56b1f00896a4f2cbfc25b744e836c22a22d4292fb16dd53aa22d4292fb16dd53a
我收到以下异常。
数据截断:列
的数据太长
我在这里添加了我的代码。
public String encrypt(String plainText) {
byte[] cipherBytes = null;
log.info("Started encryption...");
if (plainText != null && !plainText.isEmpty()) {
if (cipher != null && key != null) {
try {
byte[] ivByte = new byte[cipher.getBlockSize()];
IvParameterSpec ivParamsSpec = new IvParameterSpec(ivByte);
cipher.init(Cipher.ENCRYPT_MODE, key, ivParamsSpec);
cipherBytes = cipher.doFinal(plainText.getBytes());
plainText = Hex.encodeHexString(cipherBytes);
log.info("Completed encryption.");
log.info("Encrypted data : "
+ new String(cipherBytes, "UTF8"));
} catch (BadPaddingException | IllegalBlockSizeException
| InvalidKeyException
| InvalidAlgorithmParameterException
| UnsupportedEncodingException e) {
log.error("Encryption failed : " + e.getMessage());
e.printStackTrace();
throw new RuntimeException("Encryption failed : "
+ e.getMessage());
}
} else {
log.error("Encryption failed, cipher, key is null.");
throw new RuntimeException(
"Encryption failed, cipher, key is null.");
}
} else {
return plainText;
}
return plainText;
}
public String decrypt(String cipherHexString) throws AuthorizationException {
log.info("Started decryption...");
byte[] plainTextBytes = null;
String resource = "kk";
String resourceCatagory = "kk tables";
String accessType = "write";
try {
if (decryptionAuthorizer.authorize(resource, resourceCatagory,
accessType)) {
if (cipherHexString != null && !cipherHexString.isEmpty()) {
if (cipher != null && key != null) {
try {
byte[] ivByte = new byte[cipher.getBlockSize()];
IvParameterSpec ivParamsSpec = new IvParameterSpec(
ivByte);
cipher.init(Cipher.DECRYPT_MODE, key, ivParamsSpec);
plainTextBytes = cipher.doFinal(Hex
.decodeHex(cipherHexString.toCharArray()));
cipherHexString = new String(plainTextBytes);
log.info("Completed decryption.");
} catch (InvalidKeyException
| InvalidAlgorithmParameterException
| IllegalBlockSizeException
| BadPaddingException | DecoderException e) {
log.error("Decryption failed : " + e.getMessage());
e.printStackTrace();
throw new RuntimeException("Decryption failed : "
+ e.getMessage());
}
} else {
log.error("Decryption failed, cipher, key is null.");
throw new RuntimeException(
"Decryption failed, cipher, key is null.");
}
} else {
return cipherHexString;
}
}
} catch (AuthorizationException e) {
throw new AuthorizationException(
"User not authorized to decrypt data.");
}
return cipherHexString;
}
/**
* This method is used to manually override max key length permission, as an
* application level solution instead of configuration changes in
* security.policy.
*/
private void fixKeyLength() {
String errorString = "Failed manually overriding key-length permissions.";
int newMaxKeyLength;
try {
newMaxKeyLength = javax.crypto.Cipher.getMaxAllowedKeyLength("AES");
log.info("Initial max key size for AES : " + newMaxKeyLength);
if (newMaxKeyLength < 256) {
Class c = Class
.forName("javax.crypto.CryptoAllPermissionCollection");
Constructor con = c.getDeclaredConstructor();
con.setAccessible(true);
Object allPermissionCollection = con.newInstance();
Field f = c.getDeclaredField("all_allowed");
f.setAccessible(true);
f.setBoolean(allPermissionCollection, true);
c = Class.forName("javax.crypto.CryptoPermissions");
con = c.getDeclaredConstructor();
con.setAccessible(true);
Object allPermissions = con.newInstance();
f = c.getDeclaredField("perms");
f.setAccessible(true);
((Map) f.get(allPermissions)).put("*", allPermissionCollection);
c = Class.forName("javax.crypto.JceSecurityManager");
f = c.getDeclaredField("defaultPolicy");
f.setAccessible(true);
Field mf = Field.class.getDeclaredField("modifiers");
mf.setAccessible(true);
mf.setInt(f, f.getModifiers() & ~Modifier.FINAL);
f.set(null, allPermissions);
newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES");
log.info("Max key size permission changed, new max key size for AES : "
+ newMaxKeyLength);
}
} catch (Exception e) {
throw new RuntimeException(errorString, e);
}
if (newMaxKeyLength < 256)
throw new RuntimeException(errorString);
}
public String getAlgo() {
return algo;
}
public void setAlgo(String algo) {
this.algo = algo;
}
public String getKeyAlias() {
return keyAlias;
}
有没有办法加密具有相同长度的产品输出,即使输入字符串值长度是变化的。所以我没有得到
数据截断:列
的数据太长
答案 0 :(得分:1)
很明显,你得不到相同长度的结果,因为对称加密的结果是加密算法的块大小的倍数(在非流模式的情况下,例如{{1} }和ECB)。
在您的情况下,您有CBC,因此最大大小为50字节长(每个varchar(25)为2个字节)。然后加密结果最长为32个字节,因为您使用的varchar算法具有16字节长的块大小。
如果必须具有相同的尺寸,则需要使用AES等流媒体模式。但我建议将列保持足够长的时间以保持CTR模式下的加密数据。
无论如何,您的加密结果太长了。我猜(只是一个猜测,因为没有足够的代码)从数据库获取字符串后,您将其编码为十六进制字符串,然后将其赋予加密功能。这就是为什么你得到一个很长的加密结果:
CBC