如何在C#中的AES256加密和Java中的解密期间处理BadPaddingException
我不知道为什么会出现错误。
线程“主”中的异常javax.crypto.BadPaddingException:给定的最终块未正确填充。如果在解密过程中使用了错误的密钥,则会出现此类问题。
我了解到,在解密过程中使用了不正确的密钥时会发生此错误。但是,如果您查看下面的测试结果,您会发现C#和Java都是相同的(Key,IV,Salt是Base64编码的)。
- C#测试结果
- Java测试结果
相同!(键,IV,盐)
但是会生成当前的BadpaddingException错误。可能是什么问题呢? 我正在附加我的源文件。
- C#(加密)
class AES {
private readonly static string keyStr = "This is Key";
private readonly static string vector = "This is Vector";
public static Rfc2898DeriveBytes MakeKey(string password){
byte[] keyBytes = System.Text.Encoding.UTF8.GetBytes(password);
byte[] saltBytes = SHA512.Create().ComputeHash(keyBytes);
Rfc2898DeriveBytes result = new Rfc2898DeriveBytes(keyBytes, saltBytes, 65536);
return result;
}
public static Rfc2898DeriveBytes MakeVector(string vector){
byte[] vectorBytes = System.Text.Encoding.UTF8.GetBytes(vector);
byte[] saltBytes = SHA512.Create().ComputeHash(vectorBytes);
Rfc2898DeriveBytes result = new Rfc2898DeriveBytes(vectorBytes, saltBytes, 65536);
return result;
}
public static void Encrypt(String inputFile, String outputFile) {
using (RijndaelManaged aes = new RijndaelManaged()){
//Create Key and Vector
Rfc2898DeriveBytes key = AES.MakeKey(AES.keyStr);
Rfc2898DeriveBytes vector = AES.MakeVector(AES.vector);
//AES256
aes.BlockSize = 128;
aes.KeySize = 256;
// It is equal in java
// Cipher _Cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
aes.Key = key.GetBytes(32); //256bit key
aes.IV = vector.GetBytes(16); //128bit block size
//processing Encrypt
ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
byte[] encrypted;
using (MemoryStream msEncrypt = new MemoryStream()) {
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)) {
byte[] inputBytes = File.ReadAllBytes(inputFile);
csEncrypt.Write(inputBytes, 0, inputBytes.Length);
}
encrypted = msEncrypt.ToArray();
}
string encodedString = Convert.ToBase64String(encrypted);
File.WriteAllText(outputFile, encodedString);
}
}
}
- Java(解密)
public class AES256File {
private static final String algorithm = "AES";
private static final String blockNPadding = algorithm+"/CBC/PKCS5Padding";
private static final String password = "This is Key";
private static final String IV = "This is Vector";
private static IvParameterSpec ivSpec;
private static Key keySpec;
public static void MakeKey(String password) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException{
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
MessageDigest digest = MessageDigest.getInstance("SHA-512");
byte[] keyBytes = password.getBytes("UTF-8");
// C# : byte[] saltBytes = SHA512.Create().ComputeHash(keyBytes);
byte[] saltBytes = digest.digest(keyBytes);
//256bit
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), saltBytes, 65536, 256);
Key secretKey = factory.generateSecret(pbeKeySpec);
byte[] key = new byte[32];
System.arraycopy(secretKey.getEncoded(), 0, key, 0, 32);
SecretKeySpec secret = new SecretKeySpec(key, "AES");
setKeySpec(secret);
}
public static void MakeVector(String IV) throws NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException{
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
MessageDigest digest = MessageDigest.getInstance("SHA-512");
byte[] vectorBytes = IV.getBytes("UTF-8");
byte[] saltBytes = digest.digest(vectorBytes);
// 128bit
PBEKeySpec pbeKeySpec = new PBEKeySpec(IV.toCharArray(), saltBytes, 65536, 128);
Key secretIV = factory.generateSecret(pbeKeySpec);
byte[] iv = new byte[16];
System.arraycopy(secretIV.getEncoded(), 0, iv, 0, 16);
IvParameterSpec ivSpec = new IvParameterSpec(iv);
setIvSpec(ivSpec);
}
public void decrypt(File source, File dest) throws Exception {
Cipher c = Cipher.getInstance(blockNPadding);
c.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
fileProcessing(source, dest, c);
}
public void fileProcessing(File source, File dest, Cipher c) throws Exception{
InputStream input = null;
OutputStream output = null;
try{
input = new BufferedInputStream(new FileInputStream(source));
output = new BufferedOutputStream(new FileOutputStream(dest));
byte[] buffer = new byte[input.available()];
int read = -1;
while((read = input.read(buffer)) != -1){
output.write(c.update(buffer, 0, read));
}
byte[] deryptedBytes = c.doFinal(buffer); // -----------------------> Error!! Showing!
byte[] decodedBytes = Base64.getDecoder().decode(deryptedBytes);
String decodeString = new String(decodedBytes, "UTF-8");
decodedBytes = decodeString.getBytes(StandardCharsets.UTF_8);
output.write(decodedBytes);
}finally{
if(output != null){
try{output.close();}catch(IOException e){}
}
if(input != null){
try{input.close();}catch(IOException e){}
}
}
}
我已验证如下。
- C# 中的验证码和IV
//Key Verification
var salt = Convert.ToBase64String(saltBytes);
Console.Write("Salt Result : ");
Console.WriteLine(salt);
var result_test = Convert.ToBase64String(result.GetBytes(32));
Console.Write("Key Test Result: ");
Console.WriteLine(result_test);
//IV Verification (Salt is Using same code)
var result_test = Convert.ToBase64String(result.GetBytes(16));
Console.Write("IV Test Result: ");
Console.WriteLine(result_test);
-
Java 中的
- 验证密钥和IV
//Key Verification
/* print Salt */
String base64 = Base64.getEncoder().encodeToString(saltBytes);
System.out.println("Salt Result : " + base64);
/* print Key */
String result_test = Base64.getEncoder().encodeToString(key);
System.out.println("Key Test Result : " + result_test);
/* print generated Key */
System.out.println("Secret Key Result : " + Base64.getEncoder().encodeToString(secret.getEncoded()));
//IV Verification (Salt is Using same code)
/* print IV */
String result_test = Base64.getEncoder().encodeToString(iv);
System.out.println("IV Test Result : " + result_test);
/* print generated IV */
System.out.println("IV Result : " + Base64.getEncoder().encodeToString(ivSpec.getIV()));
已更新
c#.netframework 4.5 / Java8 修改了@Topaco所说的内容,并确认它运行良好。
我想对@Topaco和@ Gusto2表示非常感谢,我将对安全性已修改的部分进行更改,就像@ Gusto2所说的一样!
2 个答案:
答案 0 :(得分:1)
while((read = input.read(buffer)) != -1){
output.write(c.update(buffer, 0, read));
}
byte[] deryptedBytes = c.doFinal(buffer)
您正在解密文件的输入,然后使用相同的密码实例将最后读取的块(再次)解密到单独的数组中,而不是文件中
快速修复:
while((read = input.read(buffer)) != -1){
output.write(c.update(buffer, 0, read));
}
output.write(c.doFinal()); // write the padded block
如果您要创建并打印解密的String,则需要创建一个新的Cipher实例(或者不确定,重新确定该实例就足够了,我不确定),假定缓冲区包含整个输入
c.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
// assuming the buffer contains the whole input again
byte[] deryptedBytes = c.doFinal(buffer); // decrypting the whole file again
正确方法:
-
IV用于安全地将相同的加密密钥重用于多种加密。因此,如果您的密钥不是随机的,则应该为每种加密生成新的随机IV(并将IV沿密文传递,通常是最常用的)。否则,加密在语义上是不安全的,您可能会为两次破解攻击创造机会。因此从密钥派生IV可能不是很安全。
-
我建议使用通过密文传递的任何MAC(验证码)以确保完整性(例如HMAC)
-
您仍将所有文件输入全部读取到内存中,这对于REALLY LARGE文件不起作用。您可以将缓冲区初始化为任意长度(几MB?),然后将输入文件分块处理
答案 1 :(得分:1)
1)在C#Encrypt方法中,首先对纯文本进行加密,然后对Base64进行编码。因此,在解密过程中,必须先对数据进行Base64解码,然后再进行解密。当前,这是以错误的顺序处理的,即数据首先被解密然后被解码。因此,在Java fileProcessing方法中替换
while((read = input.read(buffer)) != -1){
output.write(c.update(buffer, 0, read));
}
与
while((read = input.read(buffer)) != -1) {
byte[] bufferEncoded = buffer;
if (read != buffer.length) {
bufferEncoded = Arrays.copyOf(buffer, read);
}
byte[] bufferDecoded = Base64.getDecoder().decode(bufferEncoded);
output.write(c.update(bufferDecoded));
}
2)不必将buffer(或bufferDecoded)传递给doFinal方法,因为这已经在update方法中完成了。因此,
byte[] deryptedBytes = c.doFinal(buffer);
必须替换为
output.write(c.doFinal());
3)由于在try块中的1)中已经完成了Base64解码,因此必须删除doFinal语句之后的所有行。总体而言,这导致
try {
input = new BufferedInputStream(new FileInputStream(source));
output = new BufferedOutputStream(new FileOutputStream(dest));
byte[] buffer = new byte[input.available()];
int read = -1;
while((read = input.read(buffer)) != -1) {
byte[] bufferEncoded = buffer;
if (read != buffer.length) {
bufferEncoded = Arrays.copyOf(buffer, read);
}
byte[] bufferDecoded = Base64.getDecoder().decode(bufferEncoded);
output.write(c.update(bufferDecoded));
}
output.write(c.doFinal());
}
4)缓冲区的大小必须为4的倍数,以确保正确的Base64解码。因此,更换更可靠
byte[] buffer = new byte[input.available()];
使用
byte[] buffer = new byte[4 * (input.available() / 4)];
只要将数据读入一个块中(这不能保证,请参见https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/InputStream.html#available()),就不会有问题。但是,如果以多个块读取数据,则读取4个字节的倍数很重要,否则Base64解码将失败。可以通过使用不是4的倍数的缓冲区大小来轻松证明这一点。如果对于较大的文件明确定义了缓冲区大小,则必须考虑这一点。
相关问题
- BadPaddingException RSA加密/解密错误
- ASP中的AES256加密和解密
- BlackBerry Decryption - BadPaddingException
- Java AES解密BadPaddingException
- iOS AES256解密
- RSA解密错误BadPaddingException
- BadPaddingException:解密错误
- BadPaddingException during decryption in java
- Scala RSA解密BadPaddingException:解密错误
- 如何在C#中的AES256加密和Java中的解密期间处理BadPaddingException
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?