Android:加密字符串、通过 HTTPS 发送和解密字符串问题
我必须加密一个字符串才能通过 HTTPS 发送到服务器。然后,在服务器端,我必须解密字符串并使用它。
我在两侧都使用了这段代码:
public class SimpleCrypto {
public static String encrypt(String seed, String cleartext) throws Exception {
byte[] rawKey = getRawKey(seed.getBytes());
byte[] result = encrypt(rawKey, cleartext.getBytes());
return toHex(result);
}
public static String decrypt(String seed, String encrypted) throws Exception {
byte[] rawKey = getRawKey(seed.getBytes());
byte[] enc = toByte(encrypted);
byte[] result = decrypt(rawKey, enc);
return new String(result);
}
private static byte[] getRawKey(byte[] seed) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.setSeed(seed);
kgen.init(128, sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
return raw;
}
private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(clear);
return encrypted;
}
private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(encrypted);
return decrypted;
}
public static String toHex(String txt) {
return toHex(txt.getBytes());
}
public static String fromHex(String hex) {
return new String(toByte(hex));
}
public static byte[] toByte(String hexString) {
int len = hexString.length()/2;
byte[] result = new byte[len];
for (int i = 0; i < len; i++)
result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue();
return result;
}
public static String toHex(byte[] buf) {
if (buf == null)
return "";
StringBuffer result = new StringBuffer(2*buf.length);
for (int i = 0; i < buf.length; i++) {
appendHex(result, buf[i]);
}
return result.toString();
}
private final static String HEX = "0123456789ABCDEF";
private static void appendHex(StringBuffer sb, byte b) {
sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f));
}
}
在android上,使用“123456789”作为种子,rawKey给我:
[99, 51, -103, -58, 81, -52, 90, -103, -114, 70, - 128, -25, -105, -124, -128, -67]
但在服务器端,使用相同的种子,给我:
[-52, 103, 4, 60, 123, -49, -11, -18, -91, 86, 107, -39, -79, -13, -57, 79]
我不明白为什么。 Android 上的 javax.crypto.KeyGenerator 有什么不同吗?我做错了什么?
拜托,我需要一些帮助。
非常感谢你
对不起我的英语不好
----------------------------更新----------- ------------------------------------------
这是我的新代码:
public class DesEncrypter {
public static final int SALT_LENGTH = 20;
public static final int PBE_ITERATION_COUNT = 1024;
private static final String RANDOM_ALGORITHM = "SHA1PRNG";
private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
public byte[] encrypt(String password, String cleartext) {
byte[] encryptedText = null;
try {
byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHSHAAND256BITAES-CBC-BC");
SecretKey tmp = factory.generateSecret(pbeKeySpec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
byte[] key = secret.getEncoded();
Cipher encryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);
byte[] iv = generateIv();
IvParameterSpec ivspec = new IvParameterSpec(iv);
encryptionCipher.init(Cipher.ENCRYPT_MODE, secret, ivspec);
encryptedText = encryptionCipher.doFinal(cleartext.getBytes());
} catch (Exception e) {
e.printStackTrace();
}
return encryptedText;
}
public String decrypt(String password, byte[] encryptedText) {
String cleartext = "";
try {
byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHSHAAND256BITAES-CBC-BC");
SecretKey tmp = factory.generateSecret(pbeKeySpec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
byte[] key = secret.getEncoded();
Cipher decryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);
byte[] iv = generateIv();
IvParameterSpec ivspec = new IvParameterSpec(iv);
decryptionCipher.init(Cipher.DECRYPT_MODE, secret, ivspec);
byte[] decryptedText = decryptionCipher.doFinal(encryptedText);
cleartext = new String(decryptedText);
} catch (Exception e) {
e.printStackTrace();
}
return cleartext;
}
private byte[] generateIv() throws NoSuchAlgorithmException {
SecureRandom random = SecureRandom.getInstance(RANDOM_ALGORITHM);
byte[] iv = new byte[16];
random.nextBytes(iv);
return iv;
}
}
----------------------------在 Android 上运行的最终代码!------------------------ -----------------
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class DesEncrypter {
public static final int SALT_LENGTH = 20;
public static final int PBE_ITERATION_COUNT = 200; //1024;
private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
//algoritmo / modo / relleno
private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
byte[] iv = "1234567890asdfgh".getBytes();
byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();
public byte[] encrypt(String password, String cleartext) {
byte[] encryptedText = null;
try {
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
//Factoria para crear la SecretKey, debemos indicar el Algoritmo
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGORITHM);
SecretKey tmp = factory.generateSecret(pbeKeySpec);
//Creamos una llave;
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
//Obtenemos la llave, solo informativo
byte[] key = secret.getEncoded();
//La clase Cipher, se usa para cifrar mediante algoritmos de clave simétrica
Cipher encryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);
//byte[] iv = generateIv();
IvParameterSpec ivspec = new IvParameterSpec(iv);
//Accion, SecretKey, parameter specification for an initialization vector
encryptionCipher.init(Cipher.ENCRYPT_MODE, secret, ivspec);
//Realizamos el cifrado
encryptedText = encryptionCipher.doFinal(cleartext.getBytes());
} catch (Exception e) {
e.printStackTrace();
}
return encryptedText;
}
public String decrypt(String password, byte[] encryptedText) {
String cleartext = "";
try {
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
//Factoria para crear la SecretKey, debemos indicar el Algoritmo
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGORITHM);
SecretKey tmp = factory.generateSecret(pbeKeySpec);
//Creamos una llave;
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
//Obtenemos la llave, solo informativo
byte[] key = secret.getEncoded();
//La clase Cipher, se usa para cifrar mediante algoritmos de clave simétrica
Cipher decryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);
//byte[] iv = generateIv();
IvParameterSpec ivspec = new IvParameterSpec(iv);
//Accion, SecretKey, parameter specification for an initialization vector
decryptionCipher.init(Cipher.DECRYPT_MODE, secret, ivspec);
//Realizamos el descifrado
byte[] decryptedText = decryptionCipher.doFinal(encryptedText);
cleartext = new String(decryptedText);
} catch (Exception e) {
e.printStackTrace();
}
return cleartext;
}
}
I have to Encrypt a String to send via HTTPS to a server. Then, on server side, I have to Decrypt the string and used it.
I used this code in both sides:
public class SimpleCrypto {
public static String encrypt(String seed, String cleartext) throws Exception {
byte[] rawKey = getRawKey(seed.getBytes());
byte[] result = encrypt(rawKey, cleartext.getBytes());
return toHex(result);
}
public static String decrypt(String seed, String encrypted) throws Exception {
byte[] rawKey = getRawKey(seed.getBytes());
byte[] enc = toByte(encrypted);
byte[] result = decrypt(rawKey, enc);
return new String(result);
}
private static byte[] getRawKey(byte[] seed) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.setSeed(seed);
kgen.init(128, sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
return raw;
}
private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(clear);
return encrypted;
}
private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(encrypted);
return decrypted;
}
public static String toHex(String txt) {
return toHex(txt.getBytes());
}
public static String fromHex(String hex) {
return new String(toByte(hex));
}
public static byte[] toByte(String hexString) {
int len = hexString.length()/2;
byte[] result = new byte[len];
for (int i = 0; i < len; i++)
result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue();
return result;
}
public static String toHex(byte[] buf) {
if (buf == null)
return "";
StringBuffer result = new StringBuffer(2*buf.length);
for (int i = 0; i < buf.length; i++) {
appendHex(result, buf[i]);
}
return result.toString();
}
private final static String HEX = "0123456789ABCDEF";
private static void appendHex(StringBuffer sb, byte b) {
sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f));
}
}
On android, using "123456789" as a seed the rawKey give me:
[99, 51, -103, -58, 81, -52, 90, -103, -114, 70, -128, -25, -105, -124, -128, -67]
But on Server side, using the same seed, give me:
[-52, 103, 4, 60, 123, -49, -11, -18, -91, 86, 107, -39, -79, -13, -57, 79]
I can't understand why. Is diferent the javax.crypto.KeyGenerator on Android?, I'm making something bad?
Please, I need some help.
Thank you very much
Sorry for my poor english
-----------------------------UPDATE--------------------------------------------------------
This is my new code:
public class DesEncrypter {
public static final int SALT_LENGTH = 20;
public static final int PBE_ITERATION_COUNT = 1024;
private static final String RANDOM_ALGORITHM = "SHA1PRNG";
private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
public byte[] encrypt(String password, String cleartext) {
byte[] encryptedText = null;
try {
byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHSHAAND256BITAES-CBC-BC");
SecretKey tmp = factory.generateSecret(pbeKeySpec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
byte[] key = secret.getEncoded();
Cipher encryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);
byte[] iv = generateIv();
IvParameterSpec ivspec = new IvParameterSpec(iv);
encryptionCipher.init(Cipher.ENCRYPT_MODE, secret, ivspec);
encryptedText = encryptionCipher.doFinal(cleartext.getBytes());
} catch (Exception e) {
e.printStackTrace();
}
return encryptedText;
}
public String decrypt(String password, byte[] encryptedText) {
String cleartext = "";
try {
byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHSHAAND256BITAES-CBC-BC");
SecretKey tmp = factory.generateSecret(pbeKeySpec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
byte[] key = secret.getEncoded();
Cipher decryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);
byte[] iv = generateIv();
IvParameterSpec ivspec = new IvParameterSpec(iv);
decryptionCipher.init(Cipher.DECRYPT_MODE, secret, ivspec);
byte[] decryptedText = decryptionCipher.doFinal(encryptedText);
cleartext = new String(decryptedText);
} catch (Exception e) {
e.printStackTrace();
}
return cleartext;
}
private byte[] generateIv() throws NoSuchAlgorithmException {
SecureRandom random = SecureRandom.getInstance(RANDOM_ALGORITHM);
byte[] iv = new byte[16];
random.nextBytes(iv);
return iv;
}
}
----------------------------FINALL CODE WORKING ON ANDROID!--------------------------------
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class DesEncrypter {
public static final int SALT_LENGTH = 20;
public static final int PBE_ITERATION_COUNT = 200; //1024;
private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
//algoritmo / modo / relleno
private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";
byte[] iv = "1234567890asdfgh".getBytes();
byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();
public byte[] encrypt(String password, String cleartext) {
byte[] encryptedText = null;
try {
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
//Factoria para crear la SecretKey, debemos indicar el Algoritmo
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGORITHM);
SecretKey tmp = factory.generateSecret(pbeKeySpec);
//Creamos una llave;
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
//Obtenemos la llave, solo informativo
byte[] key = secret.getEncoded();
//La clase Cipher, se usa para cifrar mediante algoritmos de clave simétrica
Cipher encryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);
//byte[] iv = generateIv();
IvParameterSpec ivspec = new IvParameterSpec(iv);
//Accion, SecretKey, parameter specification for an initialization vector
encryptionCipher.init(Cipher.ENCRYPT_MODE, secret, ivspec);
//Realizamos el cifrado
encryptedText = encryptionCipher.doFinal(cleartext.getBytes());
} catch (Exception e) {
e.printStackTrace();
}
return encryptedText;
}
public String decrypt(String password, byte[] encryptedText) {
String cleartext = "";
try {
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);
//Factoria para crear la SecretKey, debemos indicar el Algoritmo
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGORITHM);
SecretKey tmp = factory.generateSecret(pbeKeySpec);
//Creamos una llave;
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
//Obtenemos la llave, solo informativo
byte[] key = secret.getEncoded();
//La clase Cipher, se usa para cifrar mediante algoritmos de clave simétrica
Cipher decryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);
//byte[] iv = generateIv();
IvParameterSpec ivspec = new IvParameterSpec(iv);
//Accion, SecretKey, parameter specification for an initialization vector
decryptionCipher.init(Cipher.DECRYPT_MODE, secret, ivspec);
//Realizamos el descifrado
byte[] decryptedText = decryptionCipher.doFinal(encryptedText);
cleartext = new String(decryptedText);
} catch (Exception e) {
e.printStackTrace();
}
return cleartext;
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您首先使用 SSL 为什么要加密? HTTPS (SSL) 将对传输中的数据进行加密,并在服务器上自动解密。此外,您的自定义加密方案很可能不如 SSL 安全。
您的错误在于如何派生密钥:
setSeed()不会替换随机数生成器的状态,它只会增强它。这意味着即使您将相同的字节传递给setSeed(),generateKey()也很可能会生成不同的密钥。使用 PBE (基于密码的加密)类派生密码中的密钥。或者确保您的服务器和客户端以其他方式使用相同的密钥。下面是从密码生成密钥的示例(适用于 Android)。您需要找到 Android 和您的服务器都支持的 PBE 算法。如果您在服务器应用程序中使用 JCE Bouncy Castle 提供程序,它应该支持与 Android 相同的算法(Android 使用 Bouncy Castle 作为其 JCE 实现的一部分)。
Why are you encrypting if you are using SSL in the first place? HTTPS (SSL) will encrypt your data in transit, and it will be automatically decrypted on the server. Additionally, your custom encryption scheme is very likely to be less secure than SSL.
Your error is in how you derive your key:
setSeed()does not replace the state of the random number generator, it only augment it. What this means is that even if you pass the same bytes tosetSeed(),generateKey()will most likely generate a different key. Use the PBE (password-based encryption) classes to derive a key from a password. Or make sure your server and client are using the same key in some other way.Here a sample of generating a key from a password (for Android). You need to find a PBE algorithm that is supported both on Android and on your server. If you use the JCE Bouncy Castle provider in your server app, it should support the same algorithms as Android (Android uses Bouncy Castle for part of its JCE implementation).