英文:
Java - AES CBC Algorithum different way to generating SecretKeySpec
问题
以下是翻译好的部分:
我正在尝试实现 AES CBC 256 算法。在线学习并检查了一些代码示例后,我意识到有两种不同的方法来获取 SecretKeySpec,而两种方法得到的加密消息是不同的。
private static SecretKeySpec getSecretKeySpec(String secretKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
String salt = "a";
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), 65536, 256);
SecretKey tmp = factory.generateSecret(spec);
return new SecretKeySpec(tmp.getEncoded(), "AES");
}
// private static SecretKeySpec getSecretKeySpec(String secretKey) throws NoSuchAlgorithmException {
//
// MessageDigest digest = MessageDigest.getInstance("SHA-256");
// digest.update(secretKey.getBytes(StandardCharsets.UTF_8));
// byte[] keyBytes = new byte[32];
// System.arraycopy(digest.digest(), 0, keyBytes, 0, keyBytes.length);
// return new SecretKeySpec(keyBytes, "AES");
// }
public static String encrypt(String strToEncrypt, String secret)
{
try
{
byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
IvParameterSpec ivspec = new IvParameterSpec(iv);
SecretKeySpec secretKeySpec = getSecretKeySpec(secret);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivspec);
return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8)));
}
catch (Exception e)
{
System.out.println("Error while encrypting: " + e.toString());
}
return null;
}
请问是否有人能告诉我哪一种是正确的 AES CBC 256 位加密实现?
英文:
I am trying to implement AES CBC 256 algorithm. And after studying online and checking few code samples I realise that there are two different ways to retrive SecretKeySpec and both results in different encrypted message.
private static SecretKeySpec getSecretKeySpec(String secretKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
String salt = "a";
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec spec = new PBEKeySpec(secretKey.toCharArray(), salt.getBytes(), 65536, 256);
SecretKey tmp = factory.generateSecret(spec);
return new SecretKeySpec(tmp.getEncoded(), "AES");
}
// private static SecretKeySpec getSecretKeySpec(String secretKey) throws NoSuchAlgorithmException {
//
// MessageDigest digest = MessageDigest.getInstance("SHA-256");
// digest.update(secretKey.getBytes(StandardCharsets.UTF_8));
// byte[] keyBytes = new byte[32];
// System.arraycopy(digest.digest(), 0, keyBytes, 0, keyBytes.length);
// return new SecretKeySpec(keyBytes, "AES");
// }
public static String encrypt(String strToEncrypt, String secret)
{
try
{
byte[] iv = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
IvParameterSpec ivspec = new IvParameterSpec(iv);
SecretKeySpec secretKeySpec = getSecretKeySpec(secret);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivspec);
return Base64.getEncoder().encodeToString(cipher.doFinal(strToEncrypt.getBytes(StandardCharsets.UTF_8)));
}
catch (Exception e)
{
System.out.println("Error while encrypting: " + e.toString());
}
return null;
}
Would some please let me know which one is the correct implemention of AES CBC 256 bit encryption?
答案1
得分: 1
AES和CBC并未指定关于密钥派生的任何内容。任何128位、192位和256位的密钥都是有效的。使用实际的密钥派生函数,如PBKDF2WithHmacSHA256,比单次SHA-256更可取,可以减缓暴力攻击,但无论如何,它们都会生成有效的密钥。
英文:
AES & CBC don't specify anything about how you derive the key. Any 128, 192 and 256 bit key are valid. Using an actual key derivation function like PBKDF2WithHmacSHA256 is preferable than a single pass to SHA-256 to slow down brute force attack, but otherwise, they both generate valid key.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论