首頁(yè) 猿問(wèn) 使用 CBC 的 Java...

使用 CBC 的 Java Blowfish 加密

Java

Cats萌萌 2022-10-12 15:31:55

我正在嘗試使用和生成此站點(diǎn)正在執(zhí)行的操作https://codebeautify.org/encrypt-decryptBlowfishCBC我不確定實(shí)際術(shù)語(yǔ)是什么，但我想實(shí)現(xiàn)的加密方法會(huì)產(chǎn)生不一致的加密字符串，盡管使用相同的內(nèi)容和密鑰，例如，如果我Hello用 key加密key123兩次，第一個(gè)結(jié)果可能會(huì)顯示abcde，第二個(gè)結(jié)果應(yīng)該顯示其他內(nèi)容，例如fghij. 但是同時(shí)解密abcde和fghijwithkey123將返回相同的Hello.我也可以知道他們用來(lái)產(chǎn)生最終結(jié)果的編碼類(lèi)型是什么？比如 hex/base64，因?yàn)槲叶荚囘^(guò)了，但似乎沒(méi)有產(chǎn)生類(lèi)似的結(jié)果。

查看完整描述

2 回答

瀟湘沐

TA貢獻(xiàn)1816條經(jīng)驗(yàn) 獲得超6個(gè)贊

更新時(shí)間 2019 年 4 月 21 日晚上 9:49 UTC

在@MaartenBodewes 和@MarkJeronimus 指出了一些需要考慮的事情之后，我正在更新答案以使其更正確。但是因?yàn)檫@個(gè)問(wèn)題是關(guān)于實(shí)現(xiàn)的，而不是關(guān)于使它更安全的，所以這個(gè)和舊版本應(yīng)該足以至少提供一些洞察力。同樣，通過(guò)修改以下代碼可以實(shí)現(xiàn)更安全的解決方案。

變更日志

密鑰派生
處理異常及其詳細(xì)信息
對(duì)每個(gè)數(shù)據(jù)使用單個(gè) SecureRandom 實(shí)例（iv[8 字節(jié)] 和 salt[32 字節(jié)]）
檢查要加密的明文和要解密的加密文本的空值和空值

import javax.crypto.*;

import javax.crypto.spec.SecretKeySpec;

import java.io.UnsupportedEncodingException;

import java.security.InvalidAlgorithmParameterException;

import java.security.InvalidKeyException;

import java.security.NoSuchAlgorithmException;

import java.security.spec.InvalidKeySpecException;

import java.util.Base64;

import javax.xml.bind.DatatypeConverter;

import java.security.SecureRandom;

import java.security.spec.KeySpec;

import javax.crypto.spec.IvParameterSpec;

import javax.crypto.spec.PBEKeySpec;

public class Crypto {

private static final char[] tempKey = new char[] {'T', 'E', 'M', 'P', '_', 'G', 'E', 'N', '_', 'K', 'E', 'Y'};

private static final SecureRandom secureRandomForSalt = new SecureRandom();

private static final SecureRandom secureRandomForIV = new SecureRandom();

private static byte[] generateSalt() throws RuntimeException {

try{

byte[] saltBytes = new byte[32];

secureRandomForSalt.nextBytes(saltBytes);

return saltBytes;

}

catch(Exception ex){

ex.printStackTrace();

throw new RuntimeException("An error occurred in salt generation part. Reason: " + ex.getMessage());

}

public static String enc(String content) throws RuntimeException {

String encClassMethodNameForLogging = Crypto.class.getName() + ".enc" + " || ";

byte[] salt;

byte[] encodedTmpSecretKey;

SecretKeySpec keySpec;

Cipher cipher;

byte[] iv;

IvParameterSpec ivParameterSpec;

String finalEncResult;

if(content == null || content.trim().length() == 0) {

throw new RuntimeException("To be encrypted text is null or empty");

}

System.out.println("-- Encrypting -----------");

try {

salt = generateSalt();

}

catch (Exception ex) {

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in salt generation part. Reason: " + ex.getMessage());

}

try {

SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

KeySpec spec = new PBEKeySpec(Crypto.tempKey, salt, 65536, 256);

SecretKey tmpSecretKey = factory.generateSecret(spec);

encodedTmpSecretKey = tmpSecretKey.getEncoded();

System.out.println("-- Secret Key Derivation in Encryption: " + Base64.getEncoder().encodeToString(encodedTmpSecretKey));

}

catch (NoSuchAlgorithmException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage() + " - Explanation: The particular cryptographic algorithm requested is not available in the environment");

}

catch (InvalidKeySpecException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage() + " - Explanation: Key length may not be correct");

}

catch (Exception ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage());

}

try {

keySpec = new SecretKeySpec(encodedTmpSecretKey, "Blowfish");

cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");

}

catch (NoSuchAlgorithmException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage() + " - Explanation: The particular cryptographic algorithm requested is not available in the environment");

}

catch (NoSuchPaddingException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage() + " - Explanation: The particular padding mechanism is requested but is not available in the environment");

}

catch (Exception ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage());

}

try {

iv = new byte[cipher.getBlockSize()];

secureRandomForIV.nextBytes(iv);

ivParameterSpec = new IvParameterSpec(iv);

}

catch (Exception ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in iv creation part. Reason: " + ex.getMessage());

}

try {

cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivParameterSpec);

byte[] encoding = cipher.doFinal(content.getBytes("UTF-8"));

String encCon = DatatypeConverter.printBase64Binary(encoding);

String ivStr = DatatypeConverter.printBase64Binary(iv);

String saltStr = DatatypeConverter.printBase64Binary(salt);

System.out.println("-- encCon : " + encCon);

System.out.println("-- iv : " + ivStr);

System.out.println("-- salt : " + saltStr);

finalEncResult = encCon + ":" + ivStr + ":" + saltStr;

System.out.println("-- finalEncRes : " + finalEncResult + "\n");

}

catch (InvalidKeyException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: Most probably you didn't download and copy 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'");

}

catch (InvalidAlgorithmParameterException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: IV length may not be correct");

}

catch (IllegalBlockSizeException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: The length of data provided to a block cipher is incorrect, i.e., does not match the block size of the cipher");

}

catch (BadPaddingException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: A particular padding mechanism is expected for the input data but the data is not padded properly (Most probably wrong/corrupt key caused this)");

}

catch (UnsupportedEncodingException ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: The Character Encoding is not supported");

}

catch (Exception ex){

ex.printStackTrace();

throw new RuntimeException(encClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage());

}

return finalEncResult;

}

public static String dec(String encContent) throws RuntimeException {

String decClassMethodNameForLogging = Crypto.class.getName() + ".dec" + " || ";

String decCon;

byte[] salt;

byte[] encodedTmpSecretKey;

SecretKeySpec keySpec;

Cipher cipher;

byte[] iv;

if(encContent == null || encContent.trim().length() == 0) {

throw new RuntimeException("To be decrypted text is null or empty");

}

System.out.println("-- Decrypting -----------");

try {

salt = DatatypeConverter.parseBase64Binary(encContent.substring(encContent.lastIndexOf(":") + 1));

}

catch (Exception ex) {

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in salt retrieving part. Reason: " + ex.getMessage());

}

try {

SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

KeySpec spec = new PBEKeySpec(Crypto.tempKey, salt, 65536, 256);

SecretKey tmpSecretKey = factory.generateSecret(spec);

encodedTmpSecretKey = tmpSecretKey.getEncoded();

System.out.println("-- Secret Key Gathering in Decryption: " + Base64.getEncoder().encodeToString(encodedTmpSecretKey));

}

catch (NoSuchAlgorithmException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage() + " - Explanation: The particular cryptographic algorithm requested is not available in the environment");

}

catch (InvalidKeySpecException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage() + " - Explanation: Key length may not be correct");

}

catch (Exception ex) {

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in key derivation part. Reason: " + ex.getMessage());

}

try {

keySpec = new SecretKeySpec(encodedTmpSecretKey, "Blowfish");

cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");

}

catch (NoSuchAlgorithmException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage() + " - Explanation: The particular cryptographic algorithm requested is not available in the environment");

}

catch (NoSuchPaddingException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage() + " - Explanation : The particular padding mechanism requested is not available in the environment");

}

catch (Exception ex) {

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in cipher instantiation part. Reason: " + ex.getMessage());

}

try {

iv = DatatypeConverter.parseBase64Binary(encContent.substring(encContent.indexOf(":") + 1, encContent.lastIndexOf(":")));

}

catch (Exception ex) {

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in iv creation part. Reason: " + ex.getMessage());

}

try {

cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv));

byte[] decoding = cipher.doFinal(Base64.getDecoder().decode(encContent.substring(0, encContent.indexOf(":"))));

decCon = new String(decoding, "UTF-8");

System.out.println("-- decCon : " + decCon + "\n");

}

catch (InvalidKeyException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: Most probably you didn't download and copy 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'");

}

catch (InvalidAlgorithmParameterException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: IV length may not be correct");

}

catch (IllegalBlockSizeException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage() + " - Explanation: The length of data provided to a block cipher is incorrect, i.e., does not match the block size of the cipher");

}

catch (BadPaddingException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: A particular padding mechanism is expected for the input data but the data is not padded properly (Most probably wrong/corrupt key caused this)");

}

catch (UnsupportedEncodingException ex){

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in encryption part. Reason: " + ex.getMessage() + " - Explanation: The Character Encoding is not supported");

}

catch (Exception ex) {

ex.printStackTrace();

throw new RuntimeException(decClassMethodNameForLogging + "An error occurred in decryption part. Reason: " + ex.getMessage());

}

return decCon;

}

public static void main(String args[]) {

System.out.println("-- Original -------------");

String plainText = "hello world";

System.out.println("-- origWord : " + plainText + "\n");

String e = Crypto.enc(plainText);

String d = Crypto.dec(e);

System.out.println("-- Results --------------");

System.out.println("-- PlainText: " + plainText);

System.out.println("-- EncryptedText: " + e);

System.out.println("-- DecryptedText: " + d);

}

此外，可執(zhí)行版本在下面；

https://www.jdoodle.com/a/19HT

反對(duì) 回復(fù) 2022-10-12

絕地?zé)o雙

TA貢獻(xiàn)1946條經(jīng)驗(yàn) 獲得超4個(gè)贊

將不同的輸出映射回同一輸入的唯一方法是向輸入添加額外的數(shù)據(jù)，并將其從解密的輸出中剝離。使用 PKCS5Padding 是不夠的，因?yàn)檫@不是隨機(jī)的，在最壞的情況下，只添加 1 個(gè)字節(jié)。使用 IV 沒(méi)有用，因?yàn)樗枰诮饷軙r(shí)知道。

最簡(jiǎn)單的方法是在加密時(shí)添加一定數(shù)量的字節(jié)（例如等于塊大?。┑碾S機(jī)數(shù)據(jù)，而在解密時(shí)忽略這些字節(jié)。此隨機(jī)數(shù)據(jù)的名稱(chēng)是 Number Used Once 中的“nonce”。（不要與密切相關(guān)的“鹽”混淆，后者是您保留以備后用的數(shù)字）。

順便說(shuō)一句，我沒(méi)有讓這個(gè)與網(wǎng)站相匹配。我不知道網(wǎng)站是如何加密的，因?yàn)樗鼘⑺休斎胫蛋l(fā)送到服務(wù)器并顯示響應(yīng)。談安全...

private static final SecureRandom SECURE_RANDOM = new SecureRandom();

public static String enc(String content, String key) {

String encCon = "";

try {

String IV = "12345678";

SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "Blowfish");

Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");

byte[] nonce = new byte[cipher.getBlockSize()];

SECURE_RANDOM.nextBytes(nonce);

// Construct plaintext = nonce + secret

byte[] secret = content.getBytes(StandardCharsets.UTF_8);

byte[] plaintext = new byte[nonce.length + secret.length];

System.arraycopy(nonce, 0, plaintext, 0, nonce.length);

System.arraycopy(secret, 0, plaintext, nonce.length, secret.length);

cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8)));

byte[] encoding = cipher.doFinal(plaintext);

encCon = DatatypeConverter.printBase64Binary(encoding);

} catch (Exception ex) {

ex.printStackTrace();

}

return encCon;

}

public static String dec(String content, String key) {

String decCon = "";

try {

String IV = "12345678";

SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(StandardCharsets.UTF_8), "Blowfish");

Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding");

// Decode Base64

byte[] ciphertext = DatatypeConverter.parseBase64Binary(content);

// Decrypt

cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(IV.getBytes(StandardCharsets.UTF_8)));

byte[] message = cipher.doFinal(ciphertext);

decCon = new String(message,

cipher.getBlockSize(),

message.length - cipher.getBlockSize(),

StandardCharsets.UTF_8);

} catch (Exception ex) {

ex.printStackTrace();

}

return decCon;

}

附言。您知道將秘密存儲(chǔ)在字符串中是個(gè)壞主意嗎？字符串是最終的，因此內(nèi)容不能被刪除。字節(jié)數(shù)組可以被擦除（為簡(jiǎn)潔起見(jiàn)，本例中沒(méi)有這樣做）。您是否還知道您可以制作任何可以查看任何其他 Windows 程序的完整內(nèi)存占用的 Windows 程序？

反對(duì) 回復(fù) 2022-10-12