Bouncy Castle 基于密码的加密,采用 CBC 模式下的 AES
我最近遇到了一段在 CBC 模式下使用 BouncyCastle 的 PBE 和 AES 的代码(“PBEWithSHA1And256BitAES-CBC-BC”)。
public static final String ALGORITHM = "PBEWithSHA1And256BitAES-CBC-BC";
public static byte[] encrypt(final byte[] key, final byte[] salt, final byte[] plainText) throws CryptoException {
try {
// Create the encryption key
final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM, "BC");
final PBEKeySpec keySpec = new PBEKeySpec(new String(key).toCharArray());
final SecretKey secretKey = keyFactory.generateSecret(keySpec);
// Encrypt the plain text
final PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, ITERATIONS);
final Cipher cipher = Cipher.getInstance(ALGORITHM, "BC");
cipher.init(Cipher.ENCRYPT_MODE, secretKey, cipherSpec);
final byte[] encryptedBytes = cipher.doFinal(plainText);
return encryptedBytes;
} catch (final Throwable t) {
throw new CryptoException(t.toString());
}
}
正如您所看到的,此代码没有指定正确的 IV 来执行 AES CBC 加密。
我不知道如何指定密码的盐、迭代次数以及要使用的 IV。
我应该怎么做?
谢谢。
I've recently came across a piece of code that uses BouncyCastle's PBE with AES in CBC mode ("PBEWithSHA1And256BitAES-CBC-BC").
public static final String ALGORITHM = "PBEWithSHA1And256BitAES-CBC-BC";
public static byte[] encrypt(final byte[] key, final byte[] salt, final byte[] plainText) throws CryptoException {
try {
// Create the encryption key
final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM, "BC");
final PBEKeySpec keySpec = new PBEKeySpec(new String(key).toCharArray());
final SecretKey secretKey = keyFactory.generateSecret(keySpec);
// Encrypt the plain text
final PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, ITERATIONS);
final Cipher cipher = Cipher.getInstance(ALGORITHM, "BC");
cipher.init(Cipher.ENCRYPT_MODE, secretKey, cipherSpec);
final byte[] encryptedBytes = cipher.doFinal(plainText);
return encryptedBytes;
} catch (final Throwable t) {
throw new CryptoException(t.toString());
}
}
As you can see, this code doesn't specify a proper IV to execute the AES CBC encryption.
I don't know how to specify the salt, number of iterations and the IV to be used to the cipher.
How should I do that?
Thank you.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
您可以使用jasypt(java简单加密)PBEWithSHA1And256BitAES-CBC-BC,
示例代码如下所示:
You can use jasypt (java simple encryption) PBEWithSHA1And256BitAES-CBC-BC
the sample code is shown as below:
我认为如果你想使用 IV,你将需要生成一个随机密钥并在你现在加密纯文本的地方对其进行加密。然后,您可以使用它来加密数据,并使用 IvParameterSpec 指定 IV。当然,您确实需要将加密的密钥和 IV 存储在已加密的数据旁边。不过,仅当您使用同一密钥加密多个明文时才需要这样做。
I think that if you want to use an IV, you will need to generate a random key and encrypt it at the spot where you now encrypt the plain text. You can then use that to encrypt the data, using IvParameterSpec to specify the IV. Of course, you do need to store the encrypted key and the IV next to the data that you have encrypted. This is only required if you encrypt more than one plaintext with the same key though.
使用 Jasypt 和 BouncyCastle 1.51 (SpongyCastle),我可以使用以下内容
,这样就很容易了,
您也可以设置
SaltGenerator。Using Jasypt and BouncyCastle 1.51 (SpongyCastle), I could have used of the following
And this way it was quite easy
You can set
SaltGeneratortoo.