我最近遇到过一段代码,它使用BouncyCastle的PBE和CBC模式的AES(“PBEWithSHA1And256BitAES-CBC-BC”)。
public static final String ALGORITHM = "PBEWithSHA1And256BitAES-CBC-BC";
public static byte[] encrypt(final byte[] key, final byte[] salt, final byte[] plainText) throws CryptoException {
try {
// Create the encryption key
final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM, "BC");
final PBEKeySpec keySpec = new PBEKeySpec(new String(key).toCharArray());
final SecretKey secretKey = keyFactory.generateSecret(keySpec);
// Encrypt the plain text
final PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, ITERATIONS);
final Cipher cipher = Cipher.getInstance(ALGORITHM, "BC");
cipher.init(Cipher.ENCRYPT_MODE, secretKey, cipherSpec);
final byte[] encryptedBytes = cipher.doFinal(plainText);
return encryptedBytes;
} catch (final Throwable t) {
throw new CryptoException(t.toString());
}
}
如您所见,此代码未指定执行AES CBC加密的正确IV。
我不知道如何为密码指定salt,迭代次数和要使用的IV 。
我该怎么做?
谢谢。
答案 0 :(得分:3)
你可以使用jasypt(java简单加密)PBEWithSHA1And256BitAES-CBC-BC
示例代码如下所示:
StandardPBEStringEncryptor myFirstEncryptor = new StandardPBEStringEncryptor();
myFirstEncryptor.setProvider(new BouncyCastleProvider());
myFirstEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC");
FixedStringSaltGenerator generator = new FixedStringSaltGenerator();
generator.setSalt("justAnotherSaltforGX");
//myFirstEncryptor.setSaltGenerator(new ZeroSaltGenerator());
myFirstEncryptor.setSaltGenerator(generator);
myFirstEncryptor.setKeyObtentionIterations(1);
String myPassword="creditCard";
myFirstEncryptor.setPassword(myPassword);
String myText="Redeem Gacha ";
String myFirstEncryptedText = myFirstEncryptor.encrypt(myText);
System.out.println("myFirstEncryptedText AES encrypt=="+myFirstEncryptedText);
System.out.println("myFirstEncryptedText AES decrypt =="+myFirstEncryptor.decrypt(myFirstEncryptedText));
答案 1 :(得分:1)
我认为如果你想使用IV,你需要生成一个随机密钥并在你现在加密纯文本的地方加密它。然后,您可以使用它来加密数据,使用IvParameterSpec指定IV。当然,您需要将加密密钥和IV存储在已加密的数据旁边。只有在使用相同的密钥加密多个明文时才需要这样做。
答案 2 :(得分:1)
使用Jasypt和BouncyCastle 1.51(SpongyCastle),我可以使用以下
Algorithm: PBEWITHSHAAND128BITAES-CBC-BC
Algorithm: PBEWITHSHAAND192BITAES-CBC-BC
Algorithm: PBEWITHSHAAND256BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND128BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND192BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND256BITAES-CBC-BC
Algorithm: PBEWITHMD5AND128BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND192BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND256BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND128BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND192BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND256BITAES-CBC-OPENSSL
Algorithm: PBEWITHSHAAND128BITAES-CBC-BC
Algorithm: PBEWITHSHAAND192BITAES-CBC-BC
Algorithm: PBEWITHSHAAND256BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND128BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND192BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND256BITAES-CBC-BC
这种方式很容易
StandardPBEByteEncryptor strongBinaryEncryptor = new StandardPBEByteEncryptor();
strongBinaryEncryptor.setAlgorithm("PBEWITHSHAAND192BITAES-CBC-BC");
strongBinaryEncryptor.setKeyObtentionIterations(1000);
strongBinaryEncryptor.setProviderName(BouncyCastleProvider.PROVIDER_NAME);
strongBinaryEncryptor.setPassword(password);
byte[] encryptedBytes = strongBinaryEncryptor.encrypt(password);
您也可以设置SaltGenerator。