Java 256-bit AES Password-Based Encryption
我需要实现256位AES加密,但是我在网上找到的所有示例都使用"keygenerator"来生成256位密钥,但是我想使用自己的密钥。如何创建自己的密钥?我试过将其填充到256位,但后来出现了一个错误,说明密钥太长。我确实安装了无限制权限补丁,所以这不是问题所在:)
也就是说,钥匙发生器看起来像这样…
1 2 3 4 5 6 7 | // Get the KeyGenerator KeyGenerator kgen = KeyGenerator.getInstance("AES"); kgen.init(128); // 192 and 256 bits may not be available // Generate the secret key specs. SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); |
代码取自此处
编辑
实际上,我把密码填充到了256字节,而不是太长的位。下面是我现在使用的一些代码,我有更多的经验。
1 2 3 4 5 6 7 8 | byte[] key = null; // TODO byte[] input = null; // TODO byte[] output = null; SecretKeySpec keySpec = null; keySpec = new SecretKeySpec(key,"AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding"); cipher.init(Cipher.ENCRYPT_MODE, keySpec); output = cipher.doFinal(input) |
你自己需要做的"要做的事":-)
将
1 2 3 4 5 | /* Derive the key, given password and salt. */ SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); KeySpec spec = new PBEKeySpec(password, salt, 65536, 256); SecretKey tmp = factory.generateSecret(spec); SecretKey secret = new SecretKeySpec(tmp.getEncoded(),"AES"); |
幻数(可以定义为常量)65536和256分别是密钥派生迭代计数和密钥大小。
密钥派生函数的迭代需要大量的计算工作,从而防止攻击者快速尝试许多不同的密码。迭代计数可以根据可用的计算资源进行更改。
密钥大小可以减少到128位,这仍然被认为是"强"加密,但如果发现攻击会削弱AES,它不会提供很大的安全边际。
使用适当的块链接模式时,可以使用相同的派生密钥加密许多消息。在密码块链接(CBC)中,为每个消息生成一个随机初始化向量(IV),即使纯文本相同,也会产生不同的密码文本。CBC可能不是您可以使用的最安全的模式(请参阅下面的AEAD);有许多具有不同安全属性的其他模式,但它们都使用类似的随机输入。在任何情况下,每个加密操作的输出都是密码文本和初始化向量:
1 2 3 4 5 6 | /* Encrypt the message. */ Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, secret); AlgorithmParameters params = cipher.getParameters(); byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV(); byte[] ciphertext = cipher.doFinal("Hello, World!".getBytes("UTF-8")); |
存储
1 2 3 4 5 |
Java 7包含了对AEAD密码模式的API支持,包括OpenJDK和Oracle发行版的"SunJCE"提供者实现了Java 8的这些启动。强烈建议使用其中一种模式来代替CBC;它将保护数据的完整性和隐私。
带有"非法密钥大小或默认参数"消息的
根据问题描述,似乎没有正确安装策略文件。系统可以轻松地拥有多个Java运行时;仔细检查以确保使用正确的位置。
考虑使用Spring安全加密模块
The Spring Security Crypto module provides support for symmetric encryption, key generation, and password encoding. The code is distributed as part of the core module but has no dependencies on any other Spring Security (or Spring) code.
它为加密提供了一个简单的抽象,并且似乎符合这里的要求,
The"standard" encryption method is 256-bit AES using PKCS #5's PBKDF2 (Password-Based Key Derivation Function #2). This method requires Java 6. The password used to generate the SecretKey should be kept in a secure place and not be shared. The salt is used to prevent dictionary attacks against the key in the event your encrypted data is compromised. A 16-byte random initialization vector is also applied so each encrypted message is unique.
通过对内部结构的观察,我们发现了一个类似于埃里克森答案的结构。
正如在该问题中所指出的,这也需要Java加密扩展(JCE)无限强度管辖权策略(否则您将遇到EDCOX1 OR 2)。它可以下载Java 6、Java 7和Java 8。
示例用法1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | import org.springframework.security.crypto.encrypt.Encryptors; import org.springframework.security.crypto.encrypt.TextEncryptor; import org.springframework.security.crypto.keygen.KeyGenerators; public class CryptoExample { public static void main(String[] args) { final String password ="I AM SHERLOCKED"; final String salt=KeyGenerators.string().generateKey(); TextEncryptor encryptor = Encryptors.text(password, salt); System.out.println("Salt: "" + salt +"""); String textToEncrypt ="*royal secrets*"; System.out.println("Original text: "" + textToEncrypt +"""); String encryptedText = encryptor.encrypt(textToEncrypt); System.out.println("Encrypted text: "" + encryptedText +"""); // Could reuse encryptor but wanted to show reconstructing TextEncryptor TextEncryptor decryptor = Encryptors.text(password, salt); String decryptedText = decryptor.decrypt(encryptedText); System.out.println("Decrypted text: "" + decryptedText +"""); if(textToEncrypt.equals(decryptedText)) { System.out.println("Success: decrypted text matches"); } else { System.out.println("Failed: decrypted text does not match"); } } } |
以及样本输出,
1 2 3 4 5 | Salt:"feacbc02a3a697b0" Original text:"*royal secrets*" Encrypted text:"7c73c5a83fa580b5d6f8208768adc931ef3123291ac8bc335a1277a39d256d9a" Decrypted text:"*royal secrets*" Success: decrypted text matches |
在阅读了Erickson的建议,并从其他几篇文章和这里的这个示例中收集到我可以做的事情之后,我尝试用推荐的更改来更新Doug的代码。请随意编辑以使其更好。
- 初始化向量不再固定
- 加密密钥是使用来自Erickson的代码派生的
- 使用secureRandom()在setupEncrypt()中生成8字节salt
- 解密密钥由加密盐和密码生成
- 解密密码由解密密钥和初始化向量生成
- 删除了十六进制旋转代替了org.apache.commons编解码器十六进制例程
一些注释:这使用128位加密密钥- Java显然不会做256位加密的方块。实现256需要在Java安装目录中安装一些额外文件。
另外,我不是加密人。注意。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 | import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.AlgorithmParameters; import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidParameterSpecException; import java.security.spec.KeySpec; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.CipherOutputStream; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; public class Crypto { String mPassword = null; public final static int SALT_LEN = 8; byte [] mInitVec = null; byte [] mSalt=null; Cipher mEcipher = null; Cipher mDecipher = null; private final int KEYLEN_BITS = 128; // see notes below where this is used. private final int ITERATIONS = 65536; private final int MAX_FILE_BUF = 1024; /** * create an object with just the passphrase from the user. Don't do anything else yet * @param password */ public Crypto (String password) { mPassword = password; } /** * return the generated salt for this object * @return */ public byte [] getSalt () { return (mSalt); } /** * return the initialization vector created from setupEncryption * @return */ public byte [] getInitVec () { return (mInitVec); } /** * debug/print messages * @param msg */ private void Db (String msg) { System.out.println ("** Crypt **" + msg); } /** * this must be called after creating the initial Crypto object. It creates a salt of SALT_LEN bytes * and generates the salt bytes using secureRandom(). The encryption secret key is created * along with the initialization vectory. The member variable mEcipher is created to be used * by the class later on when either creating a CipherOutputStream, or encrypting a buffer * to be written to disk. * * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException * @throws NoSuchPaddingException * @throws InvalidParameterSpecException * @throws IllegalBlockSizeException * @throws BadPaddingException * @throws UnsupportedEncodingException * @throws InvalidKeyException */ public void setupEncrypt () throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidParameterSpecException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException, InvalidKeyException { SecretKeyFactory factory = null; SecretKey tmp = null; // crate secureRandom salt and store as member var for later use mSalt=new byte [SALT_LEN]; SecureRandom rnd = new SecureRandom (); rnd.nextBytes (mSalt); Db ("generated salt :" + Hex.encodeHexString (mSalt)); factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); /* Derive the key, given password and salt. * * in order to do 256 bit crypto, you have to muck with the files for Java's"unlimted security" * The end user must also install them (not compiled in) so beware. * see here: http://www.javamex.com/tutorials/cryptography/unrestricted_policy_files.shtml */ KeySpec spec = new PBEKeySpec (mPassword.toCharArray (), mSalt, ITERATIONS, KEYLEN_BITS); tmp = factory.generateSecret (spec); SecretKey secret = new SecretKeySpec (tmp.getEncoded(),"AES"); /* Create the Encryption cipher object and store as a member variable */ mEcipher = Cipher.getInstance ("AES/CBC/PKCS5Padding"); mEcipher.init (Cipher.ENCRYPT_MODE, secret); AlgorithmParameters params = mEcipher.getParameters (); // get the initialization vectory and store as member var mInitVec = params.getParameterSpec (IvParameterSpec.class).getIV(); Db ("mInitVec is :" + Hex.encodeHexString (mInitVec)); } /** * If a file is being decrypted, we need to know the pasword, the salt and the initialization vector (iv). * We have the password from initializing the class. pass the iv and salt here which is * obtained when encrypting the file initially. * * @param initvec * @param salt * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException * @throws NoSuchPaddingException * @throws InvalidKeyException * @throws InvalidAlgorithmParameterException * @throws DecoderException */ public void setupDecrypt (String initvec, String salt) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, DecoderException { SecretKeyFactory factory = null; SecretKey tmp = null; SecretKey secret = null; // since we pass it as a string of input, convert to a actual byte buffer here mSalt=Hex.decodeHex (salt.toCharArray ()); Db ("got salt" + Hex.encodeHexString (mSalt)); // get initialization vector from passed string mInitVec = Hex.decodeHex (initvec.toCharArray ()); Db ("got initvector :" + Hex.encodeHexString (mInitVec)); /* Derive the key, given password and salt. */ // in order to do 256 bit crypto, you have to muck with the files for Java's"unlimted security" // The end user must also install them (not compiled in) so beware. // see here: // http://www.javamex.com/tutorials/cryptography/unrestricted_policy_files.shtml factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec spec = new PBEKeySpec(mPassword.toCharArray (), mSalt, ITERATIONS, KEYLEN_BITS); tmp = factory.generateSecret(spec); secret = new SecretKeySpec(tmp.getEncoded(),"AES"); /* Decrypt the message, given derived key and initialization vector. */ mDecipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); mDecipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(mInitVec)); } /** * This is where we write out the actual encrypted data to disk using the Cipher created in setupEncrypt(). * Pass two file objects representing the actual input (cleartext) and output file to be encrypted. * * there may be a way to write a cleartext header to the encrypted file containing the salt, but I ran * into uncertain problems with that. * * @param input - the cleartext file to be encrypted * @param output - the encrypted data file * @throws IOException * @throws IllegalBlockSizeException * @throws BadPaddingException */ public void WriteEncryptedFile (File input, File output) throws IOException, IllegalBlockSizeException, BadPaddingException { FileInputStream fin; FileOutputStream fout; long totalread = 0; int nread = 0; byte [] inbuf = new byte [MAX_FILE_BUF]; fout = new FileOutputStream (output); fin = new FileInputStream (input); while ((nread = fin.read (inbuf)) > 0 ) { Db ("read" + nread +" bytes"); totalread += nread; // create a buffer to write with the exact number of bytes read. Otherwise a short read fills inbuf with 0x0 // and results in full blocks of MAX_FILE_BUF being written. byte [] trimbuf = new byte [nread]; for (int i = 0; i < nread; i++) trimbuf[i] = inbuf[i]; // encrypt the buffer using the cipher obtained previosly byte [] tmp = mEcipher.update (trimbuf); // I don't think this should happen, but just in case.. if (tmp != null) fout.write (tmp); } // finalize the encryption since we've done it in blocks of MAX_FILE_BUF byte [] finalbuf = mEcipher.doFinal (); if (finalbuf != null) fout.write (finalbuf); fout.flush(); fin.close(); fout.close(); Db ("wrote" + totalread +" encrypted bytes"); } /** * Read from the encrypted file (input) and turn the cipher back into cleartext. Write the cleartext buffer back out * to disk as (output) File. * * I left CipherInputStream in here as a test to see if I could mix it with the update() and final() methods of encrypting * and still have a correctly decrypted file in the end. Seems to work so left it in. * * @param input - File object representing encrypted data on disk * @param output - File object of cleartext data to write out after decrypting * @throws IllegalBlockSizeException * @throws BadPaddingException * @throws IOException */ public void ReadEncryptedFile (File input, File output) throws IllegalBlockSizeException, BadPaddingException, IOException { FileInputStream fin; FileOutputStream fout; CipherInputStream cin; long totalread = 0; int nread = 0; byte [] inbuf = new byte [MAX_FILE_BUF]; fout = new FileOutputStream (output); fin = new FileInputStream (input); // creating a decoding stream from the FileInputStream above using the cipher created from setupDecrypt() cin = new CipherInputStream (fin, mDecipher); while ((nread = cin.read (inbuf)) > 0 ) { Db ("read" + nread +" bytes"); totalread += nread; // create a buffer to write with the exact number of bytes read. Otherwise a short read fills inbuf with 0x0 byte [] trimbuf = new byte [nread]; for (int i = 0; i < nread; i++) trimbuf[i] = inbuf[i]; // write out the size-adjusted buffer fout.write (trimbuf); } fout.flush(); cin.close(); fin.close (); fout.close(); Db ("wrote" + totalread +" encrypted bytes"); } /** * adding main() for usage demonstration. With member vars, some of the locals would not be needed */ public static void main(String [] args) { // create the input.txt file in the current directory before continuing File input = new File ("input.txt"); File eoutput = new File ("encrypted.aes"); File doutput = new File ("decrypted.txt"); String iv = null; String salt=null; Crypto en = new Crypto ("mypassword"); /* * setup encryption cipher using password. print out iv and salt */ try { en.setupEncrypt (); iv = Hex.encodeHexString (en.getInitVec ()).toUpperCase (); salt=Hex.encodeHexString (en.getSalt ()).toUpperCase (); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (InvalidKeySpecException e) { e.printStackTrace(); } catch (NoSuchPaddingException e) { e.printStackTrace(); } catch (InvalidParameterSpecException e) { e.printStackTrace(); } catch (IllegalBlockSizeException e) { e.printStackTrace(); } catch (BadPaddingException e) { e.printStackTrace(); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } /* * write out encrypted file */ try { en.WriteEncryptedFile (input, eoutput); System.out.printf ("File encrypted to" + eoutput.getName () +" iv:" + iv +" salt:" + salt +" "); } catch (IllegalBlockSizeException e) { e.printStackTrace(); } catch (BadPaddingException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } /* * decrypt file */ Crypto dc = new Crypto ("mypassword"); try { dc.setupDecrypt (iv, salt); } catch (InvalidKeyException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (InvalidKeySpecException e) { e.printStackTrace(); } catch (NoSuchPaddingException e) { e.printStackTrace(); } catch (InvalidAlgorithmParameterException e) { e.printStackTrace(); } catch (DecoderException e) { e.printStackTrace(); } /* * write out decrypted file */ try { dc.ReadEncryptedFile (eoutput, doutput); System.out.println ("decryption finished to" + doutput.getName ()); } catch (IllegalBlockSizeException e) { e.printStackTrace(); } catch (BadPaddingException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } } } |
我在一个非常简单的课堂上实现了埃里克森的答案:Java AES 256位加密/解密类如果您获得EDCOX1 0,则必须安装Java加密扩展(JCE)无限强度管辖权策略文件:
- Java 6链接
- Java 7链接
把罐子放在你的电脑里。
从字节数组生成自己的密钥很容易:
1 2 | byte[] raw = ...; // 32 bytes in size for a 256 bit key Key skey = new javax.crypto.spec.SecretKeySpec(raw,"AES"); |
但是创建一个256位的密钥是不够的。如果密钥生成器不能为您生成256位密钥,那么
1 2 3 | Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skey); byte[] encrypted = cipher.doFinal(plainText.getBytes()); |
缺少AES-256支持的一个解决方法是采用一些免费可用的AES-256实现,并将其用作自定义提供程序。这包括创建自己的
我过去所做的是通过类似sha256的方法散列密钥,然后将散列中的字节提取到密钥字节[]。
在您有了字节[]之后,您可以简单地执行以下操作:
1 2 3 4 | SecretKeySpec key = new SecretKeySpec(keyBytes,"AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] encryptedBytes = cipher.doFinal(clearText.getBytes()); |
添加到@wufoo的编辑中,以下版本使用inputstreams而不是文件,以使处理各种文件更加容易。它还将IV和salt存储在文件的开头,因此只需要跟踪密码。既然静脉注射和盐不需要是秘密的,这会让生活变得更容易一些。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 | import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.security.AlgorithmParameters; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidParameterSpecException; import java.security.spec.KeySpec; import java.util.logging.Level; import java.util.logging.Logger; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.CipherInputStream; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; public class AES { public final static int SALT_LEN = 8; static final String HEXES ="0123456789ABCDEF"; String mPassword = null; byte[] mInitVec = null; byte[] mSalt = new byte[SALT_LEN]; Cipher mEcipher = null; Cipher mDecipher = null; private final int KEYLEN_BITS = 128; // see notes below where this is used. private final int ITERATIONS = 65536; private final int MAX_FILE_BUF = 1024; /** * create an object with just the passphrase from the user. Don't do anything else yet * @param password */ public AES(String password) { mPassword = password; } public static String byteToHex(byte[] raw) { if (raw == null) { return null; } final StringBuilder hex = new StringBuilder(2 * raw.length); for (final byte b : raw) { hex.append(HEXES.charAt((b & 0xF0) >> 4)).append(HEXES.charAt((b & 0x0F))); } return hex.toString(); } public static byte[] hexToByte(String hexString) { int len = hexString.length(); byte[] ba = new byte[len / 2]; for (int i = 0; i < len; i += 2) { ba[i / 2] = (byte) ((Character.digit(hexString.charAt(i), 16) << 4) + Character.digit(hexString.charAt(i + 1), 16)); } return ba; } /** * debug/print messages * @param msg */ private void Db(String msg) { System.out.println("** Crypt **" + msg); } /** * This is where we write out the actual encrypted data to disk using the Cipher created in setupEncrypt(). * Pass two file objects representing the actual input (cleartext) and output file to be encrypted. * * there may be a way to write a cleartext header to the encrypted file containing the salt, but I ran * into uncertain problems with that. * * @param input - the cleartext file to be encrypted * @param output - the encrypted data file * @throws IOException * @throws IllegalBlockSizeException * @throws BadPaddingException */ public void WriteEncryptedFile(InputStream inputStream, OutputStream outputStream) throws IOException, IllegalBlockSizeException, BadPaddingException { try { long totalread = 0; int nread = 0; byte[] inbuf = new byte[MAX_FILE_BUF]; SecretKeyFactory factory = null; SecretKey tmp = null; // crate secureRandom salt and store as member var for later use mSalt=new byte[SALT_LEN]; SecureRandom rnd = new SecureRandom(); rnd.nextBytes(mSalt); Db("generated salt :" + byteToHex(mSalt)); factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); /* * Derive the key, given password and salt. * * in order to do 256 bit crypto, you have to muck with the files for Java's"unlimted security" * The end user must also install them (not compiled in) so beware. * see here: http://www.javamex.com/tutorials/cryptography/unrestricted_policy_files.shtml */ KeySpec spec = new PBEKeySpec(mPassword.toCharArray(), mSalt, ITERATIONS, KEYLEN_BITS); tmp = factory.generateSecret(spec); SecretKey secret = new SecretKeySpec(tmp.getEncoded(),"AES"); /* * Create the Encryption cipher object and store as a member variable */ mEcipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); mEcipher.init(Cipher.ENCRYPT_MODE, secret); AlgorithmParameters params = mEcipher.getParameters(); // get the initialization vectory and store as member var mInitVec = params.getParameterSpec(IvParameterSpec.class).getIV(); Db("mInitVec is :" + byteToHex(mInitVec)); outputStream.write(mSalt); outputStream.write(mInitVec); while ((nread = inputStream.read(inbuf)) > 0) { Db("read" + nread +" bytes"); totalread += nread; // create a buffer to write with the exact number of bytes read. Otherwise a short read fills inbuf with 0x0 // and results in full blocks of MAX_FILE_BUF being written. byte[] trimbuf = new byte[nread]; for (int i = 0; i < nread; i++) { trimbuf[i] = inbuf[i]; } // encrypt the buffer using the cipher obtained previosly byte[] tmpBuf = mEcipher.update(trimbuf); // I don't think this should happen, but just in case.. if (tmpBuf != null) { outputStream.write(tmpBuf); } } // finalize the encryption since we've done it in blocks of MAX_FILE_BUF byte[] finalbuf = mEcipher.doFinal(); if (finalbuf != null) { outputStream.write(finalbuf); } outputStream.flush(); inputStream.close(); outputStream.close(); outputStream.close(); Db("wrote" + totalread +" encrypted bytes"); } catch (InvalidKeyException ex) { Logger.getLogger(AES.class.getName()).log(Level.SEVERE, null, ex); } catch (InvalidParameterSpecException ex) { Logger.getLogger(AES.class.getName()).log(Level.SEVERE, null, ex); } catch (NoSuchAlgorithmException ex) { Logger.getLogger(AES.class.getName()).log(Level.SEVERE, null, ex); } catch (NoSuchPaddingException ex) { Logger.getLogger(AES.class.getName()).log(Level.SEVERE, null, ex); } catch (InvalidKeySpecException ex) { Logger.getLogger(AES.class.getName()).log(Level.SEVERE, null, ex); } } /** * Read from the encrypted file (input) and turn the cipher back into cleartext. Write the cleartext buffer back out * to disk as (output) File. * * I left CipherInputStream in here as a test to see if I could mix it with the update() and final() methods of encrypting * and still have a correctly decrypted file in the end. Seems to work so left it in. * * @param input - File object representing encrypted data on disk * @param output - File object of cleartext data to write out after decrypting * @throws IllegalBlockSizeException * @throws BadPaddingException * @throws IOException */ public void ReadEncryptedFile(InputStream inputStream, OutputStream outputStream) throws IllegalBlockSizeException, BadPaddingException, IOException { try { CipherInputStream cin; long totalread = 0; int nread = 0; byte[] inbuf = new byte[MAX_FILE_BUF]; // Read the Salt inputStream.read(this.mSalt); Db("generated salt :" + byteToHex(mSalt)); SecretKeyFactory factory = null; SecretKey tmp = null; SecretKey secret = null; factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); KeySpec spec = new PBEKeySpec(mPassword.toCharArray(), mSalt, ITERATIONS, KEYLEN_BITS); tmp = factory.generateSecret(spec); secret = new SecretKeySpec(tmp.getEncoded(),"AES"); /* Decrypt the message, given derived key and initialization vector. */ mDecipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); // Set the appropriate size for mInitVec by Generating a New One AlgorithmParameters params = mDecipher.getParameters(); mInitVec = params.getParameterSpec(IvParameterSpec.class).getIV(); // Read the old IV from the file to mInitVec now that size is set. inputStream.read(this.mInitVec); Db("mInitVec is :" + byteToHex(mInitVec)); mDecipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(mInitVec)); // creating a decoding stream from the FileInputStream above using the cipher created from setupDecrypt() cin = new CipherInputStream(inputStream, mDecipher); while ((nread = cin.read(inbuf)) > 0) { Db("read" + nread +" bytes"); totalread += nread; // create a buffer to write with the exact number of bytes read. Otherwise a short read fills inbuf with 0x0 byte[] trimbuf = new byte[nread]; for (int i = 0; i < nread; i++) { trimbuf[i] = inbuf[i]; } // write out the size-adjusted buffer outputStream.write(trimbuf); } outputStream.flush(); cin.close(); inputStream.close(); outputStream.close(); Db("wrote" + totalread +" encrypted bytes"); } catch (Exception ex) { Logger.getLogger(AES.class.getName()).log(Level.SEVERE, null, ex); } } /** * adding main() for usage demonstration. With member vars, some of the locals would not be needed */ public static void main(String[] args) { // create the input.txt file in the current directory before continuing File input = new File("input.txt"); File eoutput = new File("encrypted.aes"); File doutput = new File("decrypted.txt"); String iv = null; String salt = null; AES en = new AES("mypassword"); /* * write out encrypted file */ try { en.WriteEncryptedFile(new FileInputStream(input), new FileOutputStream(eoutput)); System.out.printf("File encrypted to" + eoutput.getName() +" iv:" + iv +" salt:" + salt +" "); } catch (IllegalBlockSizeException | BadPaddingException | IOException e) { e.printStackTrace(); } /* * decrypt file */ AES dc = new AES("mypassword"); /* * write out decrypted file */ try { dc.ReadEncryptedFile(new FileInputStream(eoutput), new FileOutputStream(doutput)); System.out.println("decryption finished to" + doutput.getName()); } catch (IllegalBlockSizeException | BadPaddingException | IOException e) { e.printStackTrace(); } } } |
考虑使用加密机4J
首先,确保在继续之前安装了无限制强度权限策略文件,以便可以使用256位AES密钥。
然后执行以下操作:
1 2 3 | String password ="mysupersecretpassword"; Key key = KeyFactory.AES.keyFromPassword(password.toCharArray()); Encryptor encryptor = new Encryptor(key,"AES/CBC/PKCS7Padding", 16); |
您现在可以使用加密程序加密您的邮件。如果愿意,还可以执行流加密。它会自动生成并准备一个安全的IV,以方便您使用。
如果你想压缩一个文件,看看这个答案。使用一个更简单的方法使用Java加密AES文件。
使用此类进行加密。它起作用了。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | public class ObjectCrypter { public static byte[] encrypt(byte[] ivBytes, byte[] keyBytes, byte[] mes) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException { AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivBytes); SecretKeySpec newKey = new SecretKeySpec(keyBytes,"AES"); Cipher cipher = null; cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, newKey, ivSpec); return cipher.doFinal(mes); } public static byte[] decrypt(byte[] ivBytes, byte[] keyBytes, byte[] bytes) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException, ClassNotFoundException { AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivBytes); SecretKeySpec newKey = new SecretKeySpec(keyBytes,"AES"); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, newKey, ivSpec); return cipher.doFinal(bytes); } |
}
这些是ivbytes和随机密钥;
1 2 3 4 | String key ="e8ffc7e56311679f12b6fc91aa77a5eb"; byte[] ivBytes = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; keyBytes = key.getBytes("UTF-8"); |