Java – 使用不同方法生成SecretKeySpec的AES CBC算法

huangapple 未分类评论58阅读模式
英文:

Java - AES CBC Algorithum different way to generating SecretKeySpec

问题

以下是翻译好的部分:

我正在尝试实现 AES CBC 256 算法。在线学习并检查了一些代码示例后,我意识到有两种不同的方法来获取 SecretKeySpec,而两种方法得到的加密消息是不同的。

  1. private static SecretKeySpec getSecretKeySpec(String secretKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
  2. String salt = "a";
  3. SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
  4. KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), 65536, 256);
  5. SecretKey tmp = factory.generateSecret(spec);
  6. return new SecretKeySpec(tmp.getEncoded(), "AES");
  7. }
  8. // private static SecretKeySpec getSecretKeySpec(String secretKey) throws NoSuchAlgorithmException {
  9. //
  10. // MessageDigest digest = MessageDigest.getInstance("SHA-256");
  11. // digest.update(secretKey.getBytes(StandardCharsets.UTF_8));
  12. // byte[] keyBytes = new byte[32];
  13. // System.arraycopy(digest.digest(), 0, keyBytes, 0, keyBytes.length);
  14. // return new SecretKeySpec(keyBytes, "AES");
  15. // }
  16. public static String encrypt(String strToEncrypt, String secret)
  17. {
  18. try
  19. {
  20. byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
  21. IvParameterSpec ivspec = new IvParameterSpec(iv);
  22. SecretKeySpec secretKeySpec = getSecretKeySpec(secret);
  23. Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
  24. cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivspec);
  25. return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8)));
  26. }
  27. catch (Exception e)
  28. {
  29. System.out.println("Error while encrypting: " + e.toString());
  30. }
  31. return null;
  32. }

请问是否有人能告诉我哪一种是正确的 AES CBC 256 位加密实现?

英文:

I am trying to implement AES CBC 256 algorithm. And after studying online and checking few code samples I realise that there are two different ways to retrive SecretKeySpec and both results in different encrypted message.

  1. private static SecretKeySpec getSecretKeySpec(String secretKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
  2. String salt = "a";
  3. SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
  4. KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), 65536, 256);
  5. SecretKey tmp = factory.generateSecret(spec);
  6. return new SecretKeySpec(tmp.getEncoded(), "AES");
  7. }
  8. // private static SecretKeySpec getSecretKeySpec(String secretKey) throws NoSuchAlgorithmException {
  9. //
  10. // MessageDigest digest = MessageDigest.getInstance("SHA-256");
  11. // digest.update(secretKey.getBytes(StandardCharsets.UTF_8));
  12. // byte[] keyBytes = new byte[32];
  13. // System.arraycopy(digest.digest(), 0, keyBytes, 0, keyBytes.length);
  14. // return new SecretKeySpec(keyBytes, "AES");
  15. // }
  16. public static String encrypt(String strToEncrypt, String secret)
  17. {
  18. try
  19. {
  20. byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
  21. IvParameterSpec ivspec = new IvParameterSpec(iv);
  22. SecretKeySpec secretKeySpec = getSecretKeySpec(secret);
  23. Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
  24. cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivspec);
  25. return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8)));
  26. }
  27. catch (Exception e)
  28. {
  29. System.out.println("Error while encrypting: " + e.toString());
  30. }
  31. return null;
  32. }

Would some please let me know which one is the correct implemention of AES CBC 256 bit encryption?

答案1

得分: 1

AES和CBC并未指定关于密钥派生的任何内容。任何128位、192位和256位的密钥都是有效的。使用实际的密钥派生函数,如PBKDF2WithHmacSHA256,比单次SHA-256更可取,可以减缓暴力攻击,但无论如何,它们都会生成有效的密钥。

英文:

AES & CBC don't specify anything about how you derive the key. Any 128, 192 and 256 bit key are valid. Using an actual key derivation function like PBKDF2WithHmacSHA256 is preferable than a single pass to SHA-256 to slow down brute force attack, but otherwise, they both generate valid key.

huangapple
  • 本文由 发表于 2020年4月7日 04:04:01
  • 转载请务必保留本文链接:https://java.coder-hub.com/61068044.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定