[英]Java String Encryption with AES: Accepts only certain keys
this one is very strange: 这个很奇怪:
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class CryptoUtils {
private static final String AES = "AES";
// private static byte[] keyValue = new byte[] // OK
// { 'T', 'h', 'e', 'B', 'e', 's', 't', 'S', 'e', 'c', 'r', 'e', 't', 'K', 'e', 'y' };
private static byte[] keyValue = new byte[] // FAILS !!! WTF!
{ 'T', 'h', 'e', 'B', 'e', 's', 't', 'S', 'e', 'c', 'r', 'e', 't', 'K', 'e', 'z' };
public static String encrypt(String Data) throws Exception {
Key key = new SecretKeySpec(keyValue, AES);
Cipher c = Cipher.getInstance(AES);
c.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = c.doFinal(Data.getBytes());
return new BASE64Encoder().encode(encVal);
}
public static String decrypt(String encryptedData) throws Exception {
Key key = new SecretKeySpec(keyValue, AES);
Cipher c = Cipher.getInstance(AES);
c.init(Cipher.DECRYPT_MODE, key);
byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedData);
byte[] decValue = c.doFinal(decordedValue);
return new String(decValue);
}
public static void main(String[] args) throws Exception {
System.out.println(CryptoUtils.encrypt("<PASSWORD>"));
System.out.println(CryptoUtils.decrypt("Z4i3ywGXil2QCfM6R8S5qw=="));
}
}
I run this file with the key 'TheBestSecretKey' and everthing's fine. 我使用键'TheBestSecretKey'运行此文件,并且正常。
I run this file with the key 'TheBestSecretKez' and it breaks! 我使用键'TheBestSecretKez'运行此文件,它会中断!
In the latter case it gives me an 在后一种情况下,它给了我一个
Exception in thread "main" javax.crypto.BadPaddingException: Given final block not properly padded
inside the decrypt method. 在解密方法内。
I don't get it. 我不明白。 Why does it work in one case and not in the other?
为什么它适用于一个案例而不是另一个案例?
Thanks, Bernhard 谢谢,伯恩哈德
It won't fix your problem, but you should never specify a cipher algorithm without a mode and padding included. 它不会解决您的问题,但是如果没有包含模式和填充,则不应指定密码算法。 The reason being is that it is less secure by default, and there is no guarantee within the specification that indicates the transformation (algorithm/mode/padding) used to encrypt will by default be the same as what is used to decrypt.
原因在于它默认情况下不太安全,并且在规范中无法保证指示用于加密的转换(算法/模式/填充)将默认与用于解密的转换相同。 With security it is always better to be explicit.
有了安全性,最好是明确的。 So this:
所以这:
Cipher c = Cipher.getInstance(AES);
Should become this: 应该成为这样的:
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
Anywhere you see it. 你看到的任何地方。
The problem as Artjom B. pointed out is that your decrypt hard codes the cipher text in the main method, which will be a different value with a different key. Artjom B.指出的问题是你的解密硬编码主方法中的密文,它与不同的密钥是不同的值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.