AES加密算法和填充方案

发布于 2025-02-08 05:41:33 字数 1123 浏览 1 评论 0原文

您好，目前，我必须进行AES encription并将其发送到外部SW，但我在Sonarqube上遇到了麻烦。

这是我当前代码的相关部分：

String encriptedPad = afegir0Multiple8(Hex.encodeHexString(encriptar.getBytes()));
    String cadenaAmb0 = afegir0Multiple8(encriptar);  //Creem un cadena amb la longitut que necessitem
    byte[] cadenaRes = cadenaAmb0.getBytes();  //Cadena resultant per encriptar
    //Clau
    byte[] hexclaub = DatatypeConverter.parseHexBinary(claveCifradoRedsa);
    SecretKeySpec key = new SecretKeySpec(ArrayUtils.addAll(hexclaub,ArrayUtils.subarray(hexclaub,0,8)), "AES");

    //Vector Init
    String v = vectorInicial;
    IvParameterSpec ivectorSpecv = new IvParameterSpec(v.getBytes("UTF-8"));
    
    //Encriptem
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
    cipher.init(Cipher.ENCRYPT_MODE, key, ivectorSpecv);
    byte[] encrypted = cipher.doFinal(cadenaRes);

有点意大利面，因为它是为旧代码（三倍）的回收结合而来的。但是我们可以得到它的要旨，即我们正在使用AES/CBC/PKCS5PADDING的AES配置，

这是我发送此代码时我们的Sonarqube正在获得此输出：

向我解释一些有关甲骨文填充攻击的信息，如果Sonar推荐的实例有某种影响？我因加密PD而迷失了很失落

SW已接受更改配置

：

原文

Hello currently i have to do an AES encription and send it to an external SW but i am having trouble with the sonarqube.

this is the relevant part of my current code:

String encriptedPad = afegir0Multiple8(Hex.encodeHexString(encriptar.getBytes()));
    String cadenaAmb0 = afegir0Multiple8(encriptar);  //Creem un cadena amb la longitut que necessitem
    byte[] cadenaRes = cadenaAmb0.getBytes();  //Cadena resultant per encriptar
    //Clau
    byte[] hexclaub = DatatypeConverter.parseHexBinary(claveCifradoRedsa);
    SecretKeySpec key = new SecretKeySpec(ArrayUtils.addAll(hexclaub,ArrayUtils.subarray(hexclaub,0,8)), "AES");

    //Vector Init
    String v = vectorInicial;
    IvParameterSpec ivectorSpecv = new IvParameterSpec(v.getBytes("UTF-8"));
    
    //Encriptem
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
    cipher.init(Cipher.ENCRYPT_MODE, key, ivectorSpecv);
    byte[] encrypted = cipher.doFinal(cadenaRes);

Is a little spaguetti cause it´s recyclated for an old code (TripleDES) sorry for that.
But we can get the gist of it that`s that we are using an AES configuration with AES/CBC/PKCS5PADDING

the thing is that our sonarqube is getting this output when i send this code:

Could someone explain me a little about oracle padding attacks and if there is some impact using the instance recommended by sonar? I am quite lost with encryption

pd: The SW has accepted to change the configuration but i would like to understand why i have to use one specific configuration above others

thanks

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

难得心□动 2025-02-15 05:41:33

好吧，由于@topaco在下面的评论中，问题已经解决了。我将在这里更新我的代码，以便回答这个问题。

我当前的代码看起来像这样：

@Override
public Map execute(Map in) throws Exception {
    log.info("********** CIFRADO AES ACTION ****************");
    Map params = (Map) in.get("request_params");
    Map resultado = new HashMap();
    resultado.put("clave", encriptarAES((String) in.get("encriptar"),(String) in.get("claveCifrado"),(String) in.get("vectorInicial")));
    return resultado;
}

private String encriptarAES(String encriptar, String claveCifradoRedsa, String vectorInicial) throws Exception {
    SecretKey key = new SecretKeySpec(claveCifradoRedsa.getBytes(), "AES");
    key =  new SecretKeySpec(key.getEncoded(), "AES");
    //Encriptem
    GCMParameterSpec ivParameterSpec = new GCMParameterSpec(128, vectorInicial.getBytes());

    Cipher cipher = Cipher.getInstance(instance);
    cipher.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec);
    byte[] encrypted = cipher.doFinal(encriptar.getBytes());      
    String codificado64 = Base64.getUrlEncoder().encodeToString(encrypted);
    log.info(encriptar);
    log.info(codificado64);
    log.info("************************ FIN CIFRADO AES ACTION ***********************");
    return codificado64;
}

我认为这是AES加密的一个非常干净的示例，希望它对某人有用

Well the question is already solved thanks to @Topaco in the comments below. I will update my code here in order to make this question answered.

My current Code looks like this:

@Override
public Map execute(Map in) throws Exception {
    log.info("********** CIFRADO AES ACTION ****************");
    Map params = (Map) in.get("request_params");
    Map resultado = new HashMap();
    resultado.put("clave", encriptarAES((String) in.get("encriptar"),(String) in.get("claveCifrado"),(String) in.get("vectorInicial")));
    return resultado;
}

private String encriptarAES(String encriptar, String claveCifradoRedsa, String vectorInicial) throws Exception {
    SecretKey key = new SecretKeySpec(claveCifradoRedsa.getBytes(), "AES");
    key =  new SecretKeySpec(key.getEncoded(), "AES");
    //Encriptem
    GCMParameterSpec ivParameterSpec = new GCMParameterSpec(128, vectorInicial.getBytes());

    Cipher cipher = Cipher.getInstance(instance);
    cipher.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec);
    byte[] encrypted = cipher.doFinal(encriptar.getBytes());      
    String codificado64 = Base64.getUrlEncoder().encodeToString(encrypted);
    log.info(encriptar);
    log.info(codificado64);
    log.info("************************ FIN CIFRADO AES ACTION ***********************");
    return codificado64;
}

I think it a pretty clean example of AES encryption, hope it´s useful to someone

回复收藏 0 原文

~没有更多了~