Java/JCE:解密用 RSA 加密的“长”消息
[英]Java/JCE: Decrypting "long" message encrypted with RSA
问题描述
I've got a message contained in an byte[], encrypted with "RSA/ECB/PKCS1Padding".
我有一个包含在 byte[] 中的消息,用“RSA/ECB/PKCS1Padding”加密。 To decrypt it I create a Cipher c and initiate it with为了解密它,我创建了一个 Cipher c 并用
c = Cipher.getInstance("RSA/ECB/PKCS1Padding");
Untill now I have only decrypted small messages, using the doFinal() method, returning an byte[] with the decrypted bytes.到目前为止,我只使用doFinal()方法解密了小消息,返回一个带有解密字节的字节 []。
c.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptetBytes = c.doFinal(encryptedBytes);
But in this case the data is bigger (approx 500 Bytes), and the doFinal() -method throws an exception (javax.crypto.IllegalBlockSizeException: Data must not be longer than 128 bytes).但在这种情况下,数据更大(大约 500 字节),并且doFinal()方法抛出异常(javax.crypto.IllegalBlockSizeException:数据不得超过 128 字节)。 I guess I need to use the update() - method, but I can't figure out how to get it to work properly.我想我需要使用update() - 方法,但我不知道如何让它正常工作。 How is this done?这是怎么做的?
3 个解决方案
解决方案1
4 已采纳 2012-04-20 20:30:28
I think using RSA encryption for anything but key transport is abuse.我认为将 RSA 加密用于除密钥传输之外的任何事情都是滥用。
Generate a new key for a symmetric cipher and encrypt your bulk data with that.为对称密码生成一个新密钥并用它加密您的批量数据。 Then encrypt the key with RSA.然后用 RSA 加密密钥。 Send the symmetrically-encrypted cipher-text along with the asymmetrically-encrypted content encryption key to your recipient.将对称加密的密文与非对称加密的内容加密密钥一起发送给您的收件人。
解决方案2
2 2012-01-19 06:53:32
With RSA you can only encrypt/decrypt block with size up to your key length minus padding length.使用 RSA,您只能加密/解密大小不超过您的密钥长度减去填充长度的块。 If you have data longer than your key maybe it is just merged in one array so you should split it into chunks with size of your key (128 bytes suggests 1024 key with no padding, I'm not sure if it's possible).如果您的数据比您的密钥长,那么它可能只是合并到一个数组中,因此您应该将其拆分为具有密钥大小的块(128 字节建议 1024 密钥没有填充,我不确定是否可能)。 Using update() is not the case here.在这里使用 update() 不是这种情况。
Simply, you have to know how this array was created.简单地说,您必须知道这个数组是如何创建的。
Generally speaking, RSA shouldn't be used to encrypt large amount of data as it's quite time consuming.一般来说,RSA 不应该用于加密大量数据,因为它非常耗时。 Should be used to encrypt key to symmetric cipher, like AES.应该用于加密对称密码的密钥,如 AES。
Take a look here: https://www.owasp.org/index.php/Digital_Signature_Implementation_in_Java看看这里: https : //www.owasp.org/index.php/Digital_Signature_Implementation_in_Java
解决方案3
1 2012-06-20 15:58:20
Like Erickson said,就像埃里克森说的,
The steps you should take encrypt are:您应该采取的加密步骤是:
- Generate RSA key pair (or retrieve public key from a key store)生成 RSA 密钥对(或从密钥库中检索公钥)
- Generate Symmetric key (AES)生成对称密钥 (AES)
- Encrypt data with AES key使用 AES 密钥加密数据
- Encrypt AES key with public RSA key使用公共 RSA 密钥加密 AES 密钥
- Store (or send to person with private key) the encrypted AES key, and the AES Encrypted Data存储(或使用私钥发送给个人)加密的 AES 密钥和 AES 加密数据
To decrypt:解密:
- Get private key associated with that key pair used to encrypt获取与用于加密的密钥对关联的私钥
- Decrypt AES key with private key使用私钥解密 AES 密钥
- Decrypt data with AES key使用 AES 密钥解密数据
- Use data使用数据
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.