堆栈内存溢出
  简体   繁体   English

Python 和 Java 之间的 RSA 加密填充问题

[英]RSA Encryption Padding issues between Python and Java

 原文  2015-04-16 07:37:02       java/ android/ python/ cryptography/ padding

问题描述

I am trying to RSA encrypt some data in python using a public key that was generated by a client in android.我正在尝试使用由 android 中的客户端生成的公钥对 python 中的一些数据进行 RSA 加密。 The encryption goes successfully (atleast there are no exceptions).加密成功(至少没有例外)。 However, when trying to decrypt the data using the private key in android it throws a bad padding exception.但是,当尝试使用 android 中的私钥解密数据时,它会引发错误的填充异常。

Relevant Code :相关代码:

Generating RSA Key Pair in Android.在 Android 中生成 RSA 密钥对。 A cutdown version of Bouncy castle is included in android: android 中包含一个充气城堡的简化版本:

import javax.crypto.KeyGenerator;

KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
return kpg.generateKeyPair();

Encryption in Python : Python 中的加密:

from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
import base64
from Crypto.Hash import SHA256

# key contains the public key string without any line breaks. 
def encrypt(keyString, plainText) 
    key = key.replace('-----BEGIN PUBLIC KEY-----', '')
    key = key.replace('-----END PUBLIC KEY-----', '');
    pubkey = RSA.importKey(base64.b64decode(key))
    cipher = PKCS1_OAEP.new(pubkey, hashAlgo=SHA256)
    encrypted = cipher.encrypt(plaintext)
    return base64.b64encode(encrypted)

print encrypt('-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7fJDt9my7WTnPahyw9JvIwm/q3F9jF9R2qNv01Os5NhBUgWOha67DlalOhQmQYBosnXfTWm6JQF2upnBInFGUOZx+10UVnuUbTpUT004lBfNbHx23rrf66b48Q25OoDnbWM3xWD8+9GPvoLO3ftJSbcjb+euzVJOkJYNo33dnG0yZ4LWHLBMog7OgbnjjobiM+O/0wzmiW8VE7gCrg7ZyGpxHXo9ACJytKjC4Hg976Ryg1wyrD2dmgiV212CcBGdzj7F6xn1Uyk7DTeAOgQJHLDFr+2sHgcXJXyslrjvCp3Om2CbzDY9W8XaU2A/84Q1Ejt8ljtJZBOJCuH+ARqZRwIDAQAB-----END PUBLIC KEY-----', 'this is a test string')

Decryption in Android. Android中的解密。 A cutdown version of Bouncy castle is included in android : android 中包含一个充气城堡的简化版本:

Relevant Imports :相关进口:

import javax.crypto.Cipher;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PSource;
import java.security.spec.MGF1ParameterSpec;
import java.util.*;
import android.util.Base64;

Decryption :解密:

private static String RSA_CONFIGURATION = "RSA/ECB/OAEPWithSHA-256AndMGF1Padding";
private static String RSA_PROVIDER = "BC";

public static decrypt(Key key, String encryptedString){
    Cipher c = Cipher.getInstance(RSA_CONFIGURATION, RSA_PROVIDER);
    c.init(Cipher.DECRYPT_MODE, key, new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1,
                    PSource.PSpecified.DEFAULT));
    byte[] decodedBytes = c.doFinal(Base64.decode(base64cypherText.getBytes("UTF-8"), Base64.DEFAULT));
    clearText = new String(decodedBytes, "UTF-8");
}

Exception :例外 :

javax.crypto.BadPaddingException: data hash wrong
    at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineDoFinal(CipherSpi.java:478)
    at javax.crypto.Cipher.doFinal(Cipher.java:1204)
    at org.ambientdynamix.security.CryptoUtils.decryptRsa(CryptoUtils.java:204)

Test Keys :测试键:

-----BEGIN PRIVATE KEY-----MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDt8kO32bLtZOc9qHLD0m8jCb+rcX2MX1Hao2/TU6zk2EFSBY6FrrsOVqU6FCZBgGiydd9NabolAXa6mcEicUZQ5nH7XRRWe5RtOlRPTTiUF81sfHbeut/rpvjxDbk6gOdtYzfFYPz70Y++gs7d+0lJtyNv567NUk6Qlg2jfd2cbTJngtYcsEyiDs6BueOOhuIz47/TDOaJbxUTuAKuDtnIanEdej0AInK0qMLgeD3vpHKDXDKsPZ2aCJXbXYJwEZ3OPsXrGfVTKTsNN4A6BAkcsMWv7aweBxclfKyWuO8Knc6bYJvMNj1bxdpTYD/zhDUSO3yWO0lkE4kK4f4BGplHAgMBAAECggEBAOJGCeOhoCdkVwopT8msKYeWU7DDYfLFCl/yH/tEjRuqEqPfKOMzgCpodwM9+gs8A1QCB3HkYuGh/LgCUslgEtAH9MhmgVqkdkdQurAW7QDXib/qtFemOh4sUHta45Qg1PMO8RA/5RPK+vjeB77Moar5/zcBiRczeAbCywF4Re/jiimNS2ukINH9o0LlGVHnbj470se/efuXskE7M5kiV8/vnJVvisY5dglwzQHZYyphCeVlnYDQmaTkBrN6j3Gseik0rah3h8DA9Yr7IOZcNXIIPjaYP/cfuIr45tNUXK3K4RC1dV1LUha9fvieZKNoUNTTo06+BWX5+raVEVr3fPECgYEA+JFeZ+3ITPeE57c8ywlz/KdQLW69sHV0iySDrB6zaunaJB5e4Cug5KVYRLCEVMvjUftY+VY5lhA57Cb/jkgXqUYeWZQLndEgXe54kvNtKUgNbY50akxrJvN14vI2J9mXiu7TbvDrVvl/1uxMnHX0VRPnjmCUFYEboAdN496l170CgYEA9Q+YRY/9TKClPLrk9DY8W/NohvdKQBBGW/113Fiq4VunV8M5bhuonjlZY2s7xEDkwZFWzcDsGrT46peASlF7HDJtq0YFR4LrQRXWakiIJzR67GpNHycCbT032dFalIKUngMhoqdzWucRohMJKsQajMZnWeU8QQoZ1Ck20yD3M1MCgYBK/6GafhZXkr9ZIuKG6H1EmD8K1kUJvwbBDO1lu4WrFpApIbjCrqdHFdSCNThYVYRrMglwgeGyM4cmh8XH6lypSGzT3mV64qR/cvqSbDxdnk3e5oKdqB0UjZTeOvK4J2EgHFtTOAHqJjG6aWXcN4LXQMA3J1DHBEOPj2SjAoTLiQKBgQDPZiBgFwmv1XGi4SWuDUyuIWXAe/9qEpwJdIxQLPaJ/ZC19PJg3qWpKy4ctv+BC87Oh5uoTPNFcw4LNKcNvsHrTj6EqqEDMai6j6nEj5gzXfX+qcSVbeVe4GWpQcZgU9dFl67aws8dCtxgh63FdOxnYe7MJPcGsG7FoQ/WRVsRIwKBgQCsHPiywaFb9UiFtMLG23+3LBmcBTz/9YwVfk6p3t34agDq31DdHTj01wZMfXoexkWRAZpKEwcTh/yI75j9K/MjOHgKRb9WYNpyndQy0smgW8DP6LPuRe7yH7Ys0XVTZM4HupGd9xf9AfmKXpd+kS1s/YN8gJDhFySAVsUVCYsKaw==-----END PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7fJDt9my7WTnPahyw9JvIwm/q3F9jF9R2qNv01Os5NhBUgWOha67DlalOhQmQYBosnXfTWm6JQF2upnBInFGUOZx+10UVnuUbTpUT004lBfNbHx23rrf66b48Q25OoDnbWM3xWD8+9GPvoLO3ftJSbcjb+euzVJOkJYNo33dnG0yZ4LWHLBMog7OgbnjjobiM+O/0wzmiW8VE7gCrg7ZyGpxHXo9ACJytKjC4Hg976Ryg1wyrD2dmgiV212CcBGdzj7F6xn1Uyk7DTeAOgQJHLDFr+2sHgcXJXyslrjvCp3Om2CbzDY9W8XaU2A/84Q1Ejt8ljtJZBOJCuH+ARqZRwIDAQAB-----END PUBLIC KEY-----

2 个解决方案

解决方案1
 4 已采纳  2015-04-16 08:10:01

OAEP padding has two parameters: OAEP 填充有两个参数:

  • message digest algorithm消息摘要算法
  • mask generation function掩码生成功能

I see in Java you use SHA-256 and MGF1 with SHA-1 hash.我在 Java 中看到你使用 SHA-256 和 MGF1 和 SHA-1 哈希。 They must be not matching to parameters used by Python.它们必须与 Python 使用的参数不匹配。

Difference between Python and Java is that Python code uses the same digest for message digesting and mask digesting. Python 和 Java 的区别在于 Python 代码使用相同的摘要进行消息摘要和掩码摘要。 While Java (Sun provider and BouncyCastle provider) use SHA-1 for mask digesting by default.而 Java(Sun 提供者和 BouncyCastle 提供者)默认使用 SHA-1 进行掩码消化。 So one need to specify all parameters explicitly:所以需要明确指定所有参数:

byte[] cipherTextBytes = DatatypeConverter.parseBase64Binary(cipherText);
byte[] privateKeyBytes = DatatypeConverter.parseBase64Binary(privateKeyStr);

KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(privateKeyBytes);
PrivateKey privateKey = kf.generatePrivate(ks);

Cipher c = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
c.init(Cipher.DECRYPT_MODE, privateKey, new OAEPParameterSpec("SHA-256",
        "MGF1", MGF1ParameterSpec.SHA256, PSource.PSpecified.DEFAULT));
byte[] plainTextBytes = c.doFinal(cipherTextBytes);
String plainText = new String(plainTextBytes);

System.out.println(plainText);

解决方案2
 0  2021-06-07 07:45:51

Another way to deal with this problem:处理这个问题的另一种方法:

By default mgfunc is consistent with hashAlgo默认情况下, mgfunchashAlgo一致

so,we can change the mgfunc like that:所以,我们可以像这样更改mgfunc

cipher = PKCS1_OAEP.new(pubkey, hashAlgo=SHA256,mgfunc=lambda x,y:MGF1(x,y,SHA1))

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PKCS1-padding / RSA加密ios objc和java之间的区别 - Difference between PKCS1-padding/RSA encryption ios objc and java Java类中的RSA加密问题 - Issues in RSA encryption in Java class Java中的RSA加密:跨平台问题? - RSA Encryption in Java: Cross Platform Issues? RSA加密:Java和Android之间的区别 - RSA Encryption: Difference between Java and Android Java 和 JavaScript 之间使用 OAEP 的 RSA 加密 - RSA Encryption with OAEP between Java and JavaScript Android 和 Java 环境之间的 RSA 加密差异 - RSA Encryption disparity between Android and Java environments 在C#中使用RSA加密和在Java中使用解密时出现填充错误 - Padding error when using RSA Encryption in C# and Decryption in Java 使用RSA / ECB / PKCS1Padding进行.Net加密和Java解密 - .Net encryption and java decryption with RSA/ECB/PKCS1Padding java 和 python 中的 RSA 加密给出不同的加密结果 - RSA Encryption in java and python gives different encryption result java RSA多重加密 - java RSA Multiple Encryption
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM