使用CBC进行Java河豚加密
我正在尝试使用Blowfish和CBC来制作https://codebeautify.org/encrypt-decrypt这个网站正在做的事情
我不确定实际的用词是什么,但是尽管使用相同的内容和密钥,我想实现的加密方法仍会产生不一致的加密字符串,
例如,如果我用密钥Hello加密key123,则两次,第一个结果可能显示abcde,第二个结果应该显示其他内容,例如fghij。但是用abcde解密fghij和key123都将返回相同的Hello。
我还可以知道他们用来产生最终结果的编码类型是什么吗?例如hex / base64,因为我同时尝试了这两种方法,但似乎不会产生相似的结果。
这就是我正在使用的:
加密类:
public static String enc(String content, String key) {
String encCon = "";
try {
String IV = "12345678";
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes("UTF-8"), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
String secret = content;
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new javax.crypto.spec.IvParameterSpec(IV.getBytes("UTF-8")));
byte[] encoding = cipher.doFinal(secret.getBytes("UTF-8"));
System.out.println("-- Encrypted -----------");
encCon = DatatypeConverter.printBase64Binary(encoding);
System.out.println("-- encCon : " + encCon);
} catch (Exception ex) {
logger.error(ex.getMessage(), ex);
}
return encCon;
}
public static String dec(String content, String key) {
String decCon = "";
try {
String IV = "12345678";
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes("UTF-8"), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
// Decode Base64
byte[] ciphertext = DatatypeConverter.parseBase64Binary(content);
// Decrypt
cipher.init(Cipher.DECRYPT_MODE, keySpec, new javax.crypto.spec.IvParameterSpec(IV.getBytes("UTF-8")));
byte[] message = cipher.doFinal(ciphertext);
System.out.println("-- Decrypted -----------");
decCon = new String(message, "UTF-8");
System.out.println("-- decCon : " + decCon);
} catch (Exception ex) {
logger.error(ex.getMessage(), ex);
}
return decCon;
}
调用类(例如Main.java)
// This is what I get from codebeautify site, encrypting Hello with key123
// However, I'm getting javax.crypto.BadPaddingException: Given final block not properly padded
Crypto.dec("08GCpwyZc+qGNuxSvXAD2A==", "key123");
// Below 2 lines works fine, the only problem is the result isn't randomized
String encContent = Crypto.enc("Hello", "key123");
Crypto.dec(encContent, "key123");
2 个答案:
答案 0 :(得分:2)
更新2019-04-21 09:49 P.M. UTC
@MaartenBodewes和@MarkJeronimus指出了一些要考虑的事项之后,我正在更新答案以使其更正确。但是因为这个问题是关于实现的,而不是关于使其更安全,所以这个旧版本应该足以至少提供一些见识。再次,可以通过修改以下代码来实现更安全的解决方案。
变更日志
- 密钥派生
- 处理异常及其详细信息
- 为每个数据(iv [8字节]和salt [32字节])使用单个SecureRandom实例
- 检查要加密的纯文本和要解密的加密文本的空值和空度
import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Base64;
import javax.xml.bind.DatatypeConverter;
import java.security.SecureRandom;
import java.security.spec.KeySpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
public class Crypto {
private static final char[] tempKey = new char[] {'T', 'E', 'M', 'P', '_', 'G', 'E', 'N', '_', 'K', 'E', 'Y'};
private static final SecureRandom secureRandomForSalt = new SecureRandom();
private static final SecureRandom secureRandomForIV = new SecureRandom();
private static byte[] generateSalt() throws RuntimeException {
try{
byte[] saltBytes = new byte[32];
secureRandomForSalt.nextBytes(saltBytes);
return saltBytes;
}
catch(Exception ex){
ex.printStackTrace();
throw new RuntimeException("An error occurred in salt generation part. Reason: " + ex.getMessage());
}
}
public static String enc(String content) throws RuntimeException {
String encClassMethodNameForLogging = Crypto.class.getName() + ".enc" + " || ";
byte[] salt;
byte[] encodedTmpSecretKey;
SecretKeySpec keySpec;
Cipher cipher;
byte[] iv;
IvParameterSpec ivParameterSpec;
String finalEncResult;
if(content == null || content.trim().length() == 0) {
throw new RuntimeException("To be encrypted text is null or empty");
}
System.out.println("-- Encrypting -----------");
try {
salt = generateSalt();
}
catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in salt generation part. Reason: " + ex.getMessage());
}
try {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec spec = new PBEKeySpec(Crypto.tempKey, salt, 65536, 256);
SecretKey tmpSecretKey = factory.generateSecret(spec);
encodedTmpSecretKey = tmpSecretKey.getEncoded();
System.out.println("-- Secret Key Derivation in Encryption: " + Base64.getEncoder().encodeToString(encodedTmpSecretKey));
}
catch (NoSuchAlgorithmException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage() + " - Explanation: The particular cryptographic algorithm requested is not available in the environment");
}
catch (InvalidKeySpecException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage() + " - Explanation: Key length may not be correct");
}
catch (Exception ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage());
}
try {
keySpec = new SecretKeySpec(encodedTmpSecretKey, "Blowfish");
cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
}
catch (NoSuchAlgorithmException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage() + " - Explanation: The particular cryptographic algorithm requested is not available in the environment");
}
catch (NoSuchPaddingException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage() + " - Explanation: The particular padding mechanism is requested but is not available in the environment");
}
catch (Exception ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage());
}
try {
iv = new byte[cipher.getBlockSize()];
secureRandomForIV.nextBytes(iv);
ivParameterSpec = new IvParameterSpec(iv);
}
catch (Exception ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in iv creation part. Reason: " + ex.getMessage());
}
try {
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivParameterSpec);
byte[] encoding = cipher.doFinal(content.getBytes("UTF-8"));
String encCon = DatatypeConverter.printBase64Binary(encoding);
String ivStr = DatatypeConverter.printBase64Binary(iv);
String saltStr = DatatypeConverter.printBase64Binary(salt);
System.out.println("-- encCon : " + encCon);
System.out.println("-- iv : " + ivStr);
System.out.println("-- salt : " + saltStr);
finalEncResult = encCon + ":" + ivStr + ":" + saltStr;
System.out.println("-- finalEncRes : " + finalEncResult + "\n");
}
catch (InvalidKeyException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: Most probably you didn't download and copy 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'");
}
catch (InvalidAlgorithmParameterException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: IV length may not be correct");
}
catch (IllegalBlockSizeException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: The length of data provided to a block cipher is incorrect, i.e., does not match the block size of the cipher");
}
catch (BadPaddingException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: A particular padding mechanism is expected for the input data but the data is not padded properly (Most probably wrong/corrupt key caused this)");
}
catch (UnsupportedEncodingException ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: The Character Encoding is not supported");
}
catch (Exception ex){
ex.printStackTrace();
throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage());
}
return finalEncResult;
}
public static String dec(String encContent) throws RuntimeException {
String decClassMethodNameForLogging = Crypto.class.getName() + ".dec" + " || ";
String decCon;
byte[] salt;
byte[] encodedTmpSecretKey;
SecretKeySpec keySpec;
Cipher cipher;
byte[] iv;
if(encContent == null || encContent.trim().length() == 0) {
throw new RuntimeException("To be decrypted text is null or empty");
}
System.out.println("-- Decrypting -----------");
try {
salt = DatatypeConverter.parseBase64Binary(encContent.substring(encContent.lastIndexOf(":") + 1));
}
catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in salt retrieving part. Reason: " + ex.getMessage());
}
try {
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec spec = new PBEKeySpec(Crypto.tempKey, salt, 65536, 256);
SecretKey tmpSecretKey = factory.generateSecret(spec);
encodedTmpSecretKey = tmpSecretKey.getEncoded();
System.out.println("-- Secret Key Gathering in Decryption: " + Base64.getEncoder().encodeToString(encodedTmpSecretKey));
}
catch (NoSuchAlgorithmException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage() + " - Explanation: The particular cryptographic algorithm requested is not available in the environment");
}
catch (InvalidKeySpecException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage() + " - Explanation: Key length may not be correct");
}
catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage());
}
try {
keySpec = new SecretKeySpec(encodedTmpSecretKey, "Blowfish");
cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
}
catch (NoSuchAlgorithmException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage() + " - Explanation: The particular cryptographic algorithm requested is not available in the environment");
}
catch (NoSuchPaddingException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage() + " - Explanation : The particular padding mechanism requested is not available in the environment");
}
catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage());
}
try {
iv = DatatypeConverter.parseBase64Binary(encContent.substring(encContent.indexOf(":") + 1, encContent.lastIndexOf(":")));
}
catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in iv creation part. Reason: " + ex.getMessage());
}
try {
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv));
byte[] decoding = cipher.doFinal(Base64.getDecoder().decode(encContent.substring(0, encContent.indexOf(":"))));
decCon = new String(decoding, "UTF-8");
System.out.println("-- decCon : " + decCon + "\n");
}
catch (InvalidKeyException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: Most probably you didn't download and copy 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'");
}
catch (InvalidAlgorithmParameterException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: IV length may not be correct");
}
catch (IllegalBlockSizeException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: The length of data provided to a block cipher is incorrect, i.e., does not match the block size of the cipher");
}
catch (BadPaddingException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: A particular padding mechanism is expected for the input data but the data is not padded properly (Most probably wrong/corrupt key caused this)");
}
catch (UnsupportedEncodingException ex){
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: The Character Encoding is not supported");
}
catch (Exception ex) {
ex.printStackTrace();
throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage());
}
return decCon;
}
public static void main(String args[]) {
System.out.println("-- Original -------------");
String plainText = "hello world";
System.out.println("-- origWord : " + plainText + "\n");
String e = Crypto.enc(plainText);
String d = Crypto.dec(e);
System.out.println("-- Results --------------");
System.out.println("-- PlainText: " + plainText);
System.out.println("-- EncryptedText: " + e);
System.out.println("-- DecryptedText: " + d);
}
}
此外,可执行文件版本在下面;
https://www.jdoodle.com/a/19HT
原始答案
我看到书面评论可以满足您的需求,但是我想在下面的解决方案中分享您的需求,以作为代码示例以及将来的参考;
**使用随机IV(为IV大小提供了密码块大小,但也可以定义静态字节大小,例如'16字节')
import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
import javax.xml.bind.DatatypeConverter;
import java.security.SecureRandom;
import javax.crypto.spec.IvParameterSpec;
public class Crypto {
public static String enc(String content, String key) {
String encCon = "";
String ivStr = "";
try {
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes("UTF-8"), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
byte[] iv = new byte[cipher.getBlockSize()];
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(iv);
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
String secret = content;
cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivParameterSpec);
byte[] encoding = cipher.doFinal(secret.getBytes("UTF-8"));
System.out.println("-- Encrypted -----------");
encCon = DatatypeConverter.printBase64Binary(encoding);
ivStr = DatatypeConverter.printBase64Binary(iv);
System.out.println("-- encCon : " + encCon);
System.out.println("-- iv : " + ivStr);
} catch (Exception ex) {
ex.printStackTrace();
}
return encCon + ":" + ivStr;
}
public static String dec(String encContent, String key) {
String decCon = "";
try {
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes("UTF-8"), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
byte[] iv = DatatypeConverter.parseBase64Binary(encContent.substring(encContent.indexOf(":") + 1));
String secret = encContent.substring(0, encContent.indexOf(":"));
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv));
byte[] decoding = cipher.doFinal(Base64.getDecoder().decode(secret));
System.out.println("-- Decrypted -----------");
decCon = new String(decoding, "UTF-8");
System.out.println("-- decCon : " + decCon);
} catch (Exception ex) {
ex.printStackTrace();
}
return decCon;
}
public static void main(String args[]) {
String e = Crypto.enc("hello world", "key123");
String d = Crypto.dec(e, "key123");
}
}
注意:当然可以实现更安全的解决方案。给出上述解决方案只是为了提供一些见识。
答案 1 :(得分:0)
您可以将不同的输出映射回同一输入的唯一方法是向输入中添加额外的数据,然后从解密的输出中剥离数据。使用PKCS5Padding是不够的,因为这不是随机的,在最坏的情况下,仅添加1个字节。使用IV没什么用,因为解密时需要知道它。
最简单的方法是在加密时添加一定数量的字节(例如,等于块大小)的随机数据,而在解密时忽略这些字节。该随机数据的名称是“一次使用的编号”中的“ nonce”。 (不要与密切相关的“盐”混淆,后者是您保留供以后使用的数字。)
顺便说一句,我没有让这个与网站匹配。我不知道网站如何加密,因为它会将所有输入值发送到服务器并显示响应。谈论安全...
private static final SecureRandom SECURE_RANDOM = new SecureRandom();
public static String enc(String content, String key) {
String encCon = "";
try {
String IV = "12345678";
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
byte[] nonce = new byte[cipher.getBlockSize()];
SECURE_RANDOM.nextBytes(nonce);
// Construct plaintext = nonce + secret
byte[] secret = content.getBytes(StandardCharsets.UTF_8);
byte[] plaintext = new byte[nonce.length + secret.length];
System.arraycopy(nonce, 0, plaintext, 0, nonce.length);
System.arraycopy(secret, 0, plaintext, nonce.length, secret.length);
cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8)));
byte[] encoding = cipher.doFinal(plaintext);
encCon = DatatypeConverter.printBase64Binary(encoding);
} catch (Exception ex) {
ex.printStackTrace();
}
return encCon;
}
public static String dec(String content, String key) {
String decCon = "";
try {
String IV = "12345678";
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");
// Decode Base64
byte[] ciphertext = DatatypeConverter.parseBase64Binary(content);
// Decrypt
cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8)));
byte[] message = cipher.doFinal(ciphertext);
decCon = new String(message,
cipher.getBlockSize(),
message.length - cipher.getBlockSize(),
StandardCharsets.UTF_8);
} catch (Exception ex) {
ex.printStackTrace();
}
return decCon;
}
Ps。您知道将秘密存储在字符串中是个坏主意吗?字符串是最后的,因此不能删除内容。可以删除字节数组(为简便起见,在此示例中未做此操作)。您还知道吗,您可以制作任何可以与其他Windows程序一起使用的全部内存的Windows程序?
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?