此 C OpenSSL 加密函数的 Java JCE 等效项是什么?
我正在编写一个最初用 C 编写的应用程序的 Java 实现。我无法修改 C 版本,并且 Java 版本必须与 C 版本共享加密数据。
以下是 C 加密代码的相关部分:
makekeys(password,&key1,&key2); /* turns password into two 8 byte arrays */
fill_iv(iv); /* bytes 8 bytes of randomness into iv */
des_key_sched(&key1,ks1);
des_key_sched(&key2,ks2);
des_ede2_ofb64_encrypt(hashed,ctext,hashedlen,ks1,ks2,
&iv,&num);
我可以看到 JCE 等效项类似于:
SecretKey key = new SecretKeySpec(keyBytes, "DESede");
IvParameterSpec iv = new IvParameterSpec(new byte[8]);
Cipher cipher = Cipher.getInstance("DESede/?????/?????"); // transformation spec?
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] cipherTextBytes = cipher.doFinal(plaintext);
问题:
- C 代码需要两个密钥,JCE需要一个。我该如何协调这个问题?只是将两者附加到一个数组中吗?按什么顺序?
- 什么转换规范(如果有!)相当于 OpenSSL 的 des_ede2_ofb64_encrypt?除了在互联网上询问陌生人之外,我如何才能找到答案? ;)
I am writing a Java implementation of an app originally written in C. I can't modify the C version, and the Java version must share encrypted data with the C version.
Here's the relevant part of the C encryption code:
makekeys(password,&key1,&key2); /* turns password into two 8 byte arrays */
fill_iv(iv); /* bytes 8 bytes of randomness into iv */
des_key_sched(&key1,ks1);
des_key_sched(&key2,ks2);
des_ede2_ofb64_encrypt(hashed,ctext,hashedlen,ks1,ks2,
&iv,&num);
I can see that the JCE equivalent is something like:
SecretKey key = new SecretKeySpec(keyBytes, "DESede");
IvParameterSpec iv = new IvParameterSpec(new byte[8]);
Cipher cipher = Cipher.getInstance("DESede/?????/?????"); // transformation spec?
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
byte[] cipherTextBytes = cipher.doFinal(plaintext);
Questions:
- The C code takes two keys, JCE takes one. How do I reconcile this? Just append the two into one array? In which order?
- What transformation spec (if any!) is equivalent to OpenSSL's des_ede2_ofb64_encrypt? How would I find out, other than by asking strangers on the Internet? ;)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
为了回答您的最后一个问题,您可以通过阅读有关特定算法本身的文档来找到答案。 Sun 文档通常假设您已经熟悉该主题。在这种情况下,您会知道: 三重 DES 是三个独立密钥的 DES ECB 实例依次应用;最常见的方法是 DES ede,这意味着第一个和第三个 DES 实例在加密方向运行,但第二个 DES 实例在解密方向运行; ede3 3 表示每个 DES 实例都是独立加密的,ede2 表示第一个和第三个实例使用相同的密钥; OFB64表示64位输出反馈模式。
您应该使用 getInstance("DESede/OFB64/NoPadding") 获得相同的结果,并将 key1 设为 DESede 密钥的第一个 8 字节,将 key2 设为第二个字节,将 key1 设为第三个字节。
In answer to your last question, you'd find out by reading the documentation on the specific algorithms themselves. The Sun docs do generally assume you already are familiar with the subject matter. In this case, you would know that: triple DES is the application of three independently keyed DES ECB instances in sequence; that the most common way to this is something called DES ede, which means the 1st and 3rd DES instances are run in the encrypt direction but the 2nd DES instance is run in the decrypt direction; that ede3 three means that each DES instance is keyed independently and ede2 means that the 1st and 3rd instances use the same key; that OFB64 means 64-bit output feedback mode.
You should get the the same result with getInstance("DESede/OFB64/NoPadding"), and by making the key1 the 1st 8 bytes of the DESede key, key2 the 2nd, and key1 the 3rd.