Password too short using AES/CFB/NoPadding, AES/OFB/NoPadding or AES/ CBC/NoPadding
Question
Can someone help me reinforce or improve the following code to make the resulting passwords "longer".
I am humbly looking for the best way to use AES/CFB/NoPadding , or with AES/CBC/NoPadding , or with AES/OFB/NoPadding . We have tested with AES/GCM/NOPADDING . Which works with Java 8, but not with Java 7. And we need something that works in Java 7
For example, using ' safe ' as <key_to_encrypt>, and ' Bk206V4ytQ1zZAukPE6/2c5KUcxGYpBf ' as <encryption_key>, the pwd is: FX5O5A== which is quite bite "small"
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.xml.security.utils.Base64;
public class StringEncrypt {
private final static String ALG = "AES";
private final static String CI = "AES/CFB/NoPadding";
public static String encrypt(String cleartext, String key) throws Exception {
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(key.getBytes());
IvParameterSpec iv = new IvParameterSpec(md.digest());
Cipher cipher = Cipher.getInstance(CI);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes(), ALG);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
byte[] encrypted = cipher.doFinal(cleartext.getBytes());
return new String(Base64.encode(encrypted));
}
public static String decrypt(String encrypted, String key) throws Exception {
MessageDigest md = MessageDigest.getInstance("MD5");
md.update(key.getBytes());
IvParameterSpec iv = new IvParameterSpec(md.digest());
Cipher cipher = Cipher.getInstance(CI);
SecretKeySpec skeySpec = new SecretKeySpec(key.getBytes(), ALG);
byte[] enc = Base64.decode(encrypted);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] decrypted = cipher.doFinal(enc);
return new String(decrypted);
}
public static void main(String[] args) throws Exception {
if (args.length == 2) {
String pwd = StringEncrypt.encrypt(args[0], args[1]);
System.out.println("Key encryption: " + pwd);
pwd = StringEncrypt.decrypt(pwd, args[1]);
if (args[0].equals(pwd)) {
System.out.println("[OK] Correct decryption!");
} else {
System.out.println("[KO] Wrong decryption!");
}
} else {
System.out.println("The parameters are required: <key_to_encrypt> <encryption_key>");
}
}
}
Stated differently, could someone give me an example of good encryption / decryption that works in Java 7?
1 answers
solution1
0 2021-11-16 11:03:30
If you want to increase the length, you need to increase the byte count of the encrypted / decrypted parameter. You could hack this by changing the charset although I don't think is best practice:
byte[] encrypted = cipher.doFinal(cleartext.getBytes(StandardCharsets.UTF_16));
return new String(decrypted, StandardCharsets.UTF_16);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.