标题翻译
Questions on AES encryption in Java using crypto library
问题
以下是翻译好的内容:
我目前正在寻找一个使用Java进行AES加密和解密的示例,并且我偶然发现了以下解决方案:
其他解决方案提供了类似的方法。我成功使其工作,但我对其实现有一些疑问。
问题:
-
为什么PBEKeySpec类需要一个密码?它是用来做什么的?已经有一个密钥,为什么还需要额外的令牌或密码?
-
我理解密钥和盐是原始未加密字符串的加密值的一部分。为什么会这样?为什么不允许将生成的密钥和盐存储在其他地方?
谢谢,我欣赏任何形式的帮助。只是想理解为什么会以这种方式制作。
英文翻译
I was currently looking for a sample AES encryption and decryption using Java and I have stumbled upon something like this as a solution:
Other solutions offered the same approach. I managed to got it to work but I just have some questions on its implementation.
Questions:
-
Why does the PBEKeySpec class need a password? what is it for? there
is already a key, why does it need to have an additional token or
password? -
I understand that the key and salt is part of the encrypted value of
the original un-encrypted string. Why is that so? why not allow to
store the generate key and salt somewhere else?
Thanks and I appreciate any form of help. Just want to understand why it was made that way.
答案1
得分: 0
对于易于使用且稳固的 Java 加密库,我建议使用 http://www.jasypt.org/
关于您的问题:
-
密码通常用于派生加密密钥;这是因为许多算法要求密钥满足某些属性,如长度和随机性,而这些属性通常由人们通常使用的许多密码不满足。也请参阅 https://docs.oracle.com/javase/7/docs/api/javax/crypto/spec/PBEKeySpec.html
-
盐和初始化向量与加密后的值一起存储(即它们未经加密),这是方便的——您可以轻松地检索它们并用于解密原始字符串。这仍然是安全的,因为通常您只需要这些值是唯一的,而不需要保密;例如,盐通过为每个值使用唯一的盐来帮助您防止彩虹表攻击。
一个有用的资源解释了一些术语:https://crypto.stackexchange.com/questions/3965/what-is-the-main-difference-between-a-key-an-iv-and-a-nonce
英文翻译
For easy-to-use and rock-solid java encryption library I recommend to use http://www.jasypt.org/
To your questions:
-
password is often used to derive the encryption key; this is needed because many algorithms require keys to meet certain properties such as length and randomness which isn't satisfied by many of the passwords normally used by people. See also https://docs.oracle.com/javase/7/docs/api/javax/crypto/spec/PBEKeySpec.html
-
A salt and an initialization vector are stored alongside the encrypted value (that is they are NOT encrypted) because it's convenient - you can easily retrieve them and use them to decrypt the original string. This is still safe because you typically only need these values to be unique not to be kept secret; e.g. salt helps you prevent rainbow table attacks by having a unique salt for each value.
A useful resource explaining some terminology: https://crypto.stackexchange.com/questions/3965/what-is-the-main-difference-between-a-key-an-iv-and-a-nonce
专注分享java语言的经验与见解,让所有开发者获益!
评论