公钥/私钥对AES会话密钥进行加密
[英]Public/private key to encrypt AES session key
问题描述
I've been working on an encryption/decryption program. 
我一直在研究加密/解密程序。 I am using AES. 我正在使用AES。 What I am struggling with is, removing the string password and create a AES session key. 我正在努力的是删除string password并创建AES会话密钥。 This AES session key is what I actually want to use to encrypt and decrypt the data with. 我实际上要使用此AES会话密钥来加密和解密数据。 Then use the private or public key to encrypt this AES session key and stored locally (for example purposes). 然后,使用私钥或公钥加密此AES会话密钥并存储在本地(例如,目的)。
Below is the coding which is currently fully working to encrypt and decrypt data with a plain text string: 以下是当前可以完全使用纯文本字符串加密和解密数据的编码:
Coding so far: 到目前为止的编码:
// password to encrypt the file
String password = "p@sswordDataNoW";
// salt is used for encoding
byte[] salt = new byte[8];
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(salt);
FileOutputStream saltOutFile = new FileOutputStream("salt.enc");
saltOutFile.write(salt);
saltOutFile.close();
SecretKeyFactory factory = SecretKeyFactory
.getInstance("PBKDF2WithHmacSHA1");
KeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, 65536,
128);
SecretKey secretKey = factory.generateSecret(keySpec);
SecretKey secret = new SecretKeySpec(secretKey.getEncoded(), "AES");
//padding AES encryption
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = cipher.getParameters();
// iv adds randomness to the text and just makes the mechanism more
// secure
// used while initializing the cipher
// file to store the iv
FileOutputStream ivOutFile = new FileOutputStream("iv.enc");
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
ivOutFile.write(iv);
ivOutFile.close();
//file encryption
byte[] input = new byte[64];
int bytesRead;
while ((bytesRead = inFile.read(input)) != -1) {
byte[] output = cipher.update(input, 0, bytesRead);
if (output != null)
outFile.write(output);
}
byte[] output = cipher.doFinal();
if (output != null)
outFile.write(output);
inFile.close();
outFile.flush();
outFile.close();
Please could someone help me out, in terms of changing the string password to a session key that is generated. 在将string password更改为生成的会话密钥方面,请有人帮帮我。 Then encrypt this session key with either the public or private key and stored on the local system. 然后,使用公用密钥或专用密钥加密此会话密钥,并将其存储在本地系统上。
I have tried many different ways and every time it has no worked out. 我尝试了许多不同的方法,但每次都没有解决。
1 个解决方案
解决方案1
3 已采纳 2016-08-21 13:16:16
An AES key consists of either 16, 24 or 32 bytes and is supposed to look like random noise. AES密钥由16、24或32个字节组成,看起来像随机噪声。 The user is never going to see it. 用户永远不会看到它。 So, you can generate it securely: 因此,您可以安全地生成它:
SecureRandom r = new SecureRandom();
byte[] aesKey = new byte[16];
r.nextBytes(aesKey);
Here I generated a 16 byte key. 在这里,我生成了一个16字节的密钥。 You should use 24 or 32 byte for higher security, but only if you installed the Unlimited Strength policy files for your JRE/JDK. 您应该使用24或32字节来提高安全性,但前提是您为JRE / JDK安装了Unlimited Strength策略文件。
Now, the remaining encryption is easy: 现在,剩下的加密很容易了:
SecretKey secret = new SecretKeySpec(aesKey, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret);
// everything else as before
Separately from that you can encrypt aesKey with your public key . aesKey ,您可以使用公共密钥 对 aesKey进行加密 。 If you "encrypt" with a private key, you're not protecting the AES key from spying on. 如果使用私钥“加密”,则不会保护AES密钥不被监视。 "Encrypting with a private key" is called signing and that data is not confidential. “使用私钥加密”称为签名,并且该数据不是机密信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.