使用 DES 和密码加密
我正在使用此处找到的代码来使用 DES 进行加密。我正在将此值发送给第三方服务,但似乎不起作用。
代码中的问题给定代码,盐和迭代用作参数来创建使用参数规范初始化密码:
// Prepare the parameter to the ciphers
AlgorithmParameterSpec paramSpec = new PBEParameterSpec( salt, iterationCount );
// Create the ciphers
ecipher.init(Cipher.ENCRYPT_MODE, key , paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key , paramSpec);
如果我更改迭代计数,我会得到不同的结果。
我如何知道电线另一端正在使用什么?我从这个第三方服务中唯一知道的是,使用的算法是 DES,当然还有秘密密码。
我缺少什么?
I'm using the code I've found here to encrypt using DES. I'm sending this value to 3rd party servce, but doesn't seem to work.
Question in code given code, salt and iteration are used as parameters to create initialize the cipher with the parameter spec:
// Prepare the parameter to the ciphers
AlgorithmParameterSpec paramSpec = new PBEParameterSpec( salt, iterationCount );
// Create the ciphers
ecipher.init(Cipher.ENCRYPT_MODE, key , paramSpec);
dcipher.init(Cipher.DECRYPT_MODE, key , paramSpec);
If I change the iteration count, I have different results.
How can I know what is being used in the other side of the wire? The only thing I know from this third party service, is, the algorithm to use is DES and of course the secret password.
What am I missing?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
“DES”本身只是一次迭代。它的后继者“三重 DES”
对每个数据块加密三次执行算法的三次迭代。如果您希望仅使用“DES”执行加密,则一次迭代应该是正确的。一般来说,为任何东西编写自己的加密函数被认为是不好的做法除了玩具实现之外。编写安全、正确的密码学库有时可能很棘手。考虑使用 Java 加密体系结构, Java 平台 SE 6 的一部分。
"DES" itself is just a single iteration. Its successor, "Triple DES"
encrypts each data block three timesperforms three iterations of the algorithm. If you are expected to perform encryption using just "DES", one iteration should be correct.In general, it is considered bad practice to write your own cryptographic functions for anything other than toy implementations. Writing secure, correct libraries for cryptography can sometimes be tricky. Consider using the Java Cryptography Architecture, part of the Java Platform SE 6.
您的问题是您知道加密算法(DES)但不知道密钥生成算法。从密码导出密钥有很多可能性。示例中的 PBEParameterSpec 使用 PKCS#5 算法从密码中派生密钥。对于这个目的来说,这是一个非常好的算法,但人们经常尝试自己开发一个简单的算法 - 例如,仅对密码进行哈希处理或一些甚至更糟糕的方法。
检测使用了什么方法并不容易。如果您有一个使用该第三方服务的工作应用程序,您可以尝试对其进行逆向工程以了解其工作原理。
Your problem is that you know the encryption algorithm (DES) but not the key generation algorithm. For deriving a key from a password there are a lot of possibilities. The PBEParameterSpec from your example uses the PKCS#5 algorithm for deriving the key from the password. This is a very good algorithm for that purpose but often people try to develop a simple algorithm themselves - e.g. just hashing the password or some even worse methods.
Detecting what method is used is not easy. If you have a working app using that 3rd party service yon can try to reverse engineer it to see how it works.