解密返回空字符串
[英]Decryption returns empty string
问题描述
I am trying to encrypt a message from android then decrypt it in web. 
我试图加密来自android的消息然后在web中解密它。
Firstly, I generate a key using Javascript and store it in my database 首先,我使用Javascript生成一个密钥并将其存储在我的数据库中
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for( var i=0; i <10; i++ )
text += possible.charAt(Math.floor(Math.random() * possible.length));
secondaryDatabase.ref().update({
[displayName]:text
})
Secondly, I encrypt the message in Java by retrieving the message in the input field and the key from the database. 其次,我通过检索输入字段中的消息和数据库中的密钥来加密Java中的消息。
message.setText(message);
String key = String.valueOf(dataSnapshot);
encryptedI = AESCrypt.encrypt(key,message);
For simplicity purpose, lets just take it that message is "hello world " and the key is password 为简单起见,我们只需将其称为“hello world”,密钥为password
String message = "hello world";
String key = "password";
encryptedI = AESCrypt.encrypt(key,message);
Thirdly, i stored the encrypted message in the database. 第三,我将加密的消息存储在数据库中。
mRef.child(uid).child("encryptedmessage").setValue(encryptedI);
Lastly, I decrypted the message using the key both retrieved from database with Cryto-js on javascript but it returns a empty string 最后,我使用在javascript上使用Cryto-js从数据库检索的密钥解密了该消息,但它返回一个空字符串
var decrypted = CryptoJS.AES.decrypt(message,key);
var decryptedvalue=decrypted.toString(CryptoJS.enc.Utf8)
I have checked that the key and encrypted message used is the same, I even decrypted in Java to make sure that the encryption is done correctly. 我已经检查过使用的密钥和加密消息是否相同,我甚至用Java解密以确保加密正确完成。 I used https://github.com/scottyab/AESCrypt-Android for encryption in Android while cryto-js for decryption in javascript 我在Android中使用https://github.com/scottyab/AESCrypt-Android进行加密,而在javascript中使用cryto-js进行解密
The question is why does it returns a empty string and how can i solve it. 问题是为什么它返回一个空字符串,我该如何解决它。
1 个解决方案
解决方案1
3 2017-06-26 15:51:42
You cannot just get two different libraries together and hope they will be compatible. 您不能只将两个不同的库放在一起,并希望它们兼容。 Although AES in itself has been standardized, it has only has been standardized as a block cipher with three possible key sizes: AES-128, AES-192 and AES-256. 尽管AES本身已经标准化,但它仅被标准化为具有三种可能密钥大小的分组密码:AES-128,AES-192和AES-256。 To actually encrypt something you need a mode of operation and possibly padding. 要实际加密某些东西,您需要一种操作模式和可能的填充。 If you want to use a password instead of a key you need to derive a key from the password, for instance using PBKDF2. 如果要使用密码而不是密钥,则需要从密码中派生密钥,例如使用PBKDF2。
As the two libraries you've mentioned are both weak and badly specified I strongly urge you to find two compatible password based encryption libraries for Java and JavaScript. 由于您提到的两个库都很弱且指定不当,我强烈建议您为Java和JavaScript找到两个兼容的基于密码的加密库。
It should be possible to perform PBKDF2 using both Crypto-JS and Android. 应该可以使用Crypto-JS和Android执行PBKDF2。 I would not use a standalone crypto library though, just use the functionality already available through Android. 我不会使用独立的加密库,只需使用Android已有的功能。 Don't forget to implement a high iteration count and make sure that the passwords used are up to par. 不要忘记实现高迭代次数,并确保使用的密码达到标准。 If you want any kind of security you want to use authenticated encryption or implement that yourself using HMAC-SHA256 or similar. 如果您想要任何类型的安全性,您希望使用经过身份验证的加密,或者使用HMAC-SHA256或类似方法自行实施。
As I don't know your use cases or threat model (and I'm not planning to) just see this as general hints in the right direction, not as solid security advice. 因为我不知道您的用例或威胁模型(我不打算)只是将其视为正确方向的一般提示,而不是可靠的安全建议。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.