简体繁体 English

Java JCA-AES加密，检测消息是否被篡改

[英]Java JCA - AES encryption, detecting if message was tampered with

原文 2016-05-01 20:13:50 6 1 java/ encryption/ cryptography/ jca

I am trying to figure out how to write a simple Java Class to encrypt and decrypt plain text files, using AES but it has to be able to tell if someone else has someone edited a file and encrypted it outside of that class through a use of a signature. 我试图弄清楚如何使用AES编写一个简单的Java类来加密和解密纯文本文件，但是它必须能够判断是否有人编辑了某个文件并通过使用该类对该文件进行了加密。一个签名。 If the signature doesn't match then the file gets deleted. 如果签名不匹配，则文件将被删除。

I had a look at Message Digest and though about storing a checksum in another file, but I would like some advice. 我看了一下Message Digest，虽然关于将校验和存储在另一个文件中，但是我想要一些建议。 Is there any way that we can easily implement that. 有什么方法可以轻松实现这一目标。 The Java Class will need a function to be able to go through a folder and see if files have been tampered with. Java类将需要一个能够浏览文件夹并查看文件是否已被篡改的函数。

1 个解决方案

What you want is authenticated encryption (aka AEAD) . 您想要的是经过身份验证的加密（又名AEAD）。 A very common way to achieve this is to use AES in Galois Counter Mode (GCM). 实现此目的的一种非常常见的方法是在Galois计数器模式（GCM）中使用AES。 Please keep in mind that this mode provides great security and efficiency when used correctly, but when used even slightly incorrectly all those benefits can quickly go out the window. 请记住，正确使用此模式可提供出色的安全性和效率，但是即使使用不当，所有这些好处也会很快消失。 For example, if you reuse an IV for different plaintexts you lose almost all your security assurances. 例如，如果将IV重复用于不同的明文，则几乎失去所有安全保证。 If the terms I am using are foreign to you and the data you are trying to protect is very sensitive, I highly recommend that you hire someone knowledgeable in the field to do this for you. 如果我使用的术语对您而言是陌生的，并且您要保护的数据非常敏感，我强烈建议您雇用该领域的专业人士为您执行此操作。 If you still wish to do this yourself you will need to first figure out the following: 如果您仍然希望自己执行此操作，则需要先弄清楚以下几点：

How will you generate your AES key(s)? 您将如何生成您的AES密钥？ The source of entropy for this is important and needs to be appropriate for the sensitivity of the data you wish to protect. 熵的来源很重要，并且需要适合您要保护的数据的敏感性。
How will you store your key(s)? 您将如何存储密钥？ Will they sit in a software-based keystore on the local machine or will they sit in some kind of tamper resistant hardware (eg, an HSM)? 他们会坐在本地计算机上基于软件的密钥库中还是会坐在某种防篡改硬件（例如HSM）中？ If they will be only protected by software, how will you protect the passphrase(s)? 如果它们仅受软件保护，您将如何保护密码短语？
How will you store the ciphertext, IV, auth tag, and associated data? 您将如何存储密文，IV，auth标签和相关数据？ Will you use a predefined format (eg, CMS) or a custom homegrown one? 您将使用预定义的格式（例如CMS）还是自定义的自定义格式？
In addition to files being modified, do you need to test if files were deleted and/or duplicated from the directory? 除了修改文件之外，您是否需要测试是否从目录中删除和/或复制了文件？
What length authentication tag would you like? 您想要多长的身份验证标签？

I am not sure how big your files are so I don't know if you want to read the entire file into memory and then perform encryption or use an Input/Output Stream approach. 我不确定您的文件有多大，所以我不知道您是否要将整个文件读入内存，然后执行加密或使用输入/输出流方法。 If you let me know more details I can point you to some better resources. 如果您让我知道更多详细信息，我可以为您提供一些更好的资源。