[英]In decryption using Java Cipher with “AES/CBC/PKCS5Padding”, must IV be specified? and only SecretKeyFactory can be used?
I read some examples about using Java Cipher to encrypt and decrypt data.我阅读了一些关于使用 Java Cipher 加密和解密数据的示例。 For example:
例如:
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
SecureRandom secureRandom = new SecureRandom();
keyGenerator.init(256, secureRandom);
SecretKey secretKey = keyGenerator.generateKey();
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, secretKey);
I have 2 questions about the decryption process.我有两个关于解密过程的问题。
Cipher.init(Cipher.ENCRYPT_MODE, Key)
.Cipher.init(Cipher.ENCRYPT_MODE, Key)
将其隐含。 A random IV will be automatically applied to it.Cipher.init(int opmode, Key key, AlgorithmParameters params)
should be used and the IV should be get from the encryption, stored and passed here?Cipher.init(int opmode, Key key, AlgorithmParameters params)
而 IV 应该从加密中获取,存储并传递到这里? Beside the '''KeyGenerator''', I also saw the example to generate key with '''SecretKeyFactory''':除了'''KeyGenerator''',我还看到了使用'''SecretKeyFactory'''生成密钥的示例:
String key = ...
SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");
SecretKeySpec keySpec = factory.generateSecret(new DESKeySpec(key));
I suppose I can use it for AES if I change last line to如果我将最后一行更改为,我想我可以将它用于 AES
SecretKeySpec keySpec = factory.generateSecret(new SecretKeySpec(key,"AES"));
SecretKeyFactory
to generate a key and when to use KeyGenerator
.SecretKeyFactory
生成密钥以及何时使用KeyGenerator
感到困惑。 It seems the latter is generate a random key, the former is generated from a given key material.Does it mean only the
Cipher.init(int opmode, Key key, AlgorithmParameters params)
should be used and the IV should be get from the encryption, stored and passed here?这是否意味着应该只使用
Cipher.init(int opmode, Key key, AlgorithmParameters params)
而 IV 应该从加密中获取,存储并传递到这里?
Yes, exactly that, unless you are able to communicate it in other ways.是的,就是这样,除非您能够以其他方式进行交流。 Generally though the IV is randomized during encryption, then prefixed to the ciphertext.
通常,尽管 IV 在加密期间是随机的,然后作为密文的前缀。 For AES-CBC it is always the same size as the block size: 16 bytes.
对于 AES-CBC,它的大小始终与块大小相同:16 字节。
So does it mean in decryption mode, only
SecretKeyFactory
can be used?那么是不是意味着在解密模式下,只能
SecretKeyFactory
呢?
Yes, although for AES there is a neat little shortcut;是的,尽管 AES 有一个简洁的捷径; you can simply do:
你可以简单地做:
SecretKey aesKey = new SecretKeySpec(keyBytes, "AES");
and be done with it.并完成它。 This is because
SecretKeySpec
implements SecretKey
.这是因为
SecretKeySpec
实现SecretKey
。 For 3DES keys that's not a good idea because it would mean that the parity bits of DES are not set correctly.对于 3DES 密钥,这不是一个好主意,因为这意味着 DES 的奇偶校验位设置不正确。 However, modern keys such as AES keys and HMAC keys solely consist of random data, so for those it is fine.
然而,诸如 AES 密钥和 HMAC 密钥之类的现代密钥仅由随机数据组成,因此对它们来说没问题。 There is one caveat: it will be a problem if you try and generate a key in a hardware device that way: it must be kept in software.
有一个警告:如果您尝试以这种方式在硬件设备中生成密钥,这将是一个问题:它必须保存在软件中。
Note that I won't delve too much in key management and how keys need to be created.请注意,我不会深入研究密钥管理以及如何创建密钥。 I've answered that question here , although that answer is certainly far from complete.
我已经在这里回答了这个问题,尽管这个答案肯定还远未完成。 Heck you could use dice and share the numbers over the phone for all I care:)
哎呀,您可以使用骰子并通过电话分享我所关心的数字:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.