关于在Java中使用加密库进行AES加密的问题。

huangapple
未分类评论51阅读模式
标题翻译

Questions on AES encryption in Java using crypto library

问题

以下是翻译好的内容:

我目前正在寻找一个使用Java进行AES加密和解密的示例,并且我偶然发现了以下解决方案:

链接

其他解决方案提供了类似的方法。我成功使其工作,但我对其实现有一些疑问。

问题:

  1. 为什么PBEKeySpec类需要一个密码?它是用来做什么的?已经有一个密钥,为什么还需要额外的令牌或密码?

  2. 我理解密钥和盐是原始未加密字符串的加密值的一部分。为什么会这样?为什么不允许将生成的密钥和盐存储在其他地方?

谢谢,我欣赏任何形式的帮助。只是想理解为什么会以这种方式制作。

英文翻译

I was currently looking for a sample AES encryption and decryption using Java and I have stumbled upon something like this as a solution:

LINK

Other solutions offered the same approach. I managed to got it to work but I just have some questions on its implementation.

Questions:

  1. Why does the PBEKeySpec class need a password? what is it for? there
    is already a key, why does it need to have an additional token or
    password?

  2. I understand that the key and salt is part of the encrypted value of
    the original un-encrypted string. Why is that so? why not allow to
    store the generate key and salt somewhere else?

Thanks and I appreciate any form of help. Just want to understand why it was made that way.

答案1

得分: 0

对于易于使用且稳固的 Java 加密库,我建议使用 http://www.jasypt.org/

关于您的问题:

  1. 密码通常用于派生加密密钥;这是因为许多算法要求密钥满足某些属性,如长度和随机性,而这些属性通常由人们通常使用的许多密码不满足。也请参阅 https://docs.oracle.com/javase/7/docs/api/javax/crypto/spec/PBEKeySpec.html

  2. 盐和初始化向量与加密后的值一起存储(即它们未经加密),这是方便的——您可以轻松地检索它们并用于解密原始字符串。这仍然是安全的,因为通常您只需要这些值是唯一的,而不需要保密;例如,盐通过为每个值使用唯一的盐来帮助您防止彩虹表攻击。
    一个有用的资源解释了一些术语:https://crypto.stackexchange.com/questions/3965/what-is-the-main-difference-between-a-key-an-iv-and-a-nonce

英文翻译

For easy-to-use and rock-solid java encryption library I recommend to use http://www.jasypt.org/

To your questions:

  1. password is often used to derive the encryption key; this is needed because many algorithms require keys to meet certain properties such as length and randomness which isn't satisfied by many of the passwords normally used by people. See also https://docs.oracle.com/javase/7/docs/api/javax/crypto/spec/PBEKeySpec.html

  2. A salt and an initialization vector are stored alongside the encrypted value (that is they are NOT encrypted) because it's convenient - you can easily retrieve them and use them to decrypt the original string. This is still safe because you typically only need these values to be unique not to be kept secret; e.g. salt helps you prevent rainbow table attacks by having a unique salt for each value.
    A useful resource explaining some terminology: https://crypto.stackexchange.com/questions/3965/what-is-the-main-difference-between-a-key-an-iv-and-a-nonce

huangapple
  • 本文由 发表于 2020年3月16日 13:23:22
  • 转载请务必保留本文链接:https://java.coder-hub.com/60700718.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定