我使用AES算法在本地子网(192.168.1.x)中发出udp请求。 Playstore向我显示警告,因为我使用了静态密钥。
// Console alert refers to this method
public byte[] encryptionUtil(String key, String iv, byte[] plainText) {
Cipher cipher = Cipher.getInstance(“AES/GCM/NoPadding”);
SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), “AES”);
GCMParameterSpec paramSpec = new GCMParameterSpec(256, iv.getBytes());
cipher.init(Cipher.ENCRYPT_MODE, keySpec, paramSpec);
return cipher.doFinal(plainText);
}
// The unsafe key and initialisation vector are here and should be changed
byte[] cipherText = encryptionUtil(“abcdef...”, “010203040506”, plainText);
我尝试将iv随机发送到udp数据包中,我再次发布了apk,但playstore再次发出警告。
解决方案是什么?