[英]Why can't java decrypt CryptoJS encrypted data?
我有在 Java 中解密的功能
public String decrypt() throws Exception {
SecretKey secretKey = getSecretKey("o9szYIOq1rRMiouNhNvaq96lqUvCekxR");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(base64Decode("ASDASDADS")));
}
public SecretKey getSecretKey(String secretKey) throws Exception {
byte[] decodeSecretKey = base64Decode(secretKey);
return new SecretKeySpec(decodeSecretKey, 0, decodeSecretKey.length, "AES");
}
我尝试使用 CryptoJS 对数据进行加密
function aesEncrypt(data, secretKey) {
var encrypted = CryptoJS.AES.encrypt(data, secretKey, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
var ciphertext = encrypted.ciphertext.toString();
var wordArray = CryptoJS.enc.Utf8.parse(ciphertext);
var base64 = CryptoJS.enc.Base64.stringify(wordArray);
return base64
}
//call the function
aesEncrypt('Test' , 'o9szYIOq1rRMiouNhNvaq96lqUvCekxR');
当我向 JAVA API 发送请求时,我得到
鉴于未正确填充最终块。 如果在解密过程中使用了错误的密钥,则会出现此类问题
我什至尝试过伪造库。 它也不起作用。
function aesEncrypt(data, secretKey) {
var cipher = forge.cipher.createCipher('AES-ECB', secretKey)
cipher.start()
cipher.update(forge.util.createBuffer(data))
cipher.finish()
return forge.util.encode64(cipher.output.data)
}
我看到两者之间的区别来自伪造,当我输出数据时,即console.log(cipher.output.data) 。 我得到
微焦@ ^ $¿EÅKÖé1ÙN¢cÖúpxÇÅÂëv¥qè9Ï/¨§È5æý»¸,A¿“y§¯:SSN [®
?ÓjÃùØQèó÷à¯~6jØ¿óðn5»§Ñ ,A.ÛCeða©ëZÁR¸:jy¹ScÃ6d?#ÚÔí\\N¤s~ã¯ÃÉ5d0U:©ªÕ"ã¾xx ?§F?ØïÅFÛb?ÒÓJ§j ¸²ä2½]Õç£ÿ#È&?C! M¡ è ÁÖÈ ¾¦aÒc~: °j>yc6ÞÖú]OAÅÖ!x ìJu2ðΡ¦*õô±¤kÆ ÂTùû=|2^XAy5?¹Êè?díXÝg ë?q" %üSyÿO¾bzjc²·ákÑî¼¾¡ÓV?*Çr¢?rÎlò
?ÓjÃùØQèó÷à¯~6jØ¿óðn5»§Ñ ,A.ÛCeða©ëZÁR¸:jy¹ScÃ6d?#ÚÔí\\N¤s~ã¯ÃÉ5d0U:©ªÕ"ã¾xx ?§F?ØïÅFÛb?ÒÓJ§j ¸²ä2½]Õç£ÿ#È&?C! M¡ è ÁÖÈ ¾¦aÒc~: °j>yc6ÞÖú]OAÅÖ!x ìJu2ðΡ¦*õô±¤kÆ ÂTùû=|2^XAy5?¹Êè?díXÝg ë?q" %üSyÿO¾bzjc²·ákÑî¼¾¡ÓV?*Çr¢?rÎlò
z°»yN?ûöCpã
但是从 CryptoJS 我得到console.log(ciphertext)
如何使用两者之一? 为什么上述输出之间存在差异?
请在下面找到使用 Javascript 在 ECB 模式下使用静态密钥加密和解密字符串的代码对。 Java 代码从 Javascript 获取密文(= 加密函数的输出)并解密 Base64 编码的密文。
安全警告:这两个代码都是不安全的,因为它们使用 ECB 模式和静态加密密钥。
Javascript 输出(请参阅此链接的实时示例: https : //playcode.io/682378 )
plaintext: Test
ciphertext: oNP8t53ZTi1WUptGCDh5NQ==
decryptedtext: Test
Java输出:
ciphertextFromJavascript: oNP8t53ZTi1WUptGCDh5NQ==
decrypted: Test
Javascript代码:
// *** Security warning **
// DO NOT USE THIS CODE IN PRODUCTION AS IT IS UNSECURE
// it uses ECB mode and static key
var plaintext = 'Test';
console.log('plaintext: ', plaintext);
/**
* Encryption
* @param word
* @returns {*}
*/
function encrypt(word){
const keyBase64 = "o9szYIOq1rRMiouNhNvaq96lqUvCekxR";
var key = CryptoJS.enc.Base64.parse(keyBase64);
var srcs = CryptoJS.enc.Utf8.parse(word);
var encrypted = CryptoJS.AES.encrypt(srcs, key, {mode:CryptoJS.mode.ECB,padding: CryptoJS.pad.Pkcs7});
return encrypted.toString();
}
/**
* Decrypt
* @param word
* @returns {*}
*/
function decrypt(word){
const keyBase64 = "o9szYIOq1rRMiouNhNvaq96lqUvCekxR";
var key = CryptoJS.enc.Base64.parse(keyBase64);
var decrypt = CryptoJS.AES.decrypt(word, key, {mode:CryptoJS.mode.ECB,padding: CryptoJS.pad.Pkcs7});
return CryptoJS.enc.Utf8.stringify(decrypt).toString();
}
var ciphertext = encrypt(plaintext);
console.log('ciphertext: ', ciphertext);
var decryptedtext = decrypt(ciphertext);
console.log('decryptedtext: ', decryptedtext);
爪哇代码:
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
public class Main {
public static void main(String[] args) throws Exception {
System.out.println("Why can't java decrypt CryptoJS encrypted data ?");
String ciphertextFromJavascript = "oNP8t53ZTi1WUptGCDh5NQ==";
System.out.println("ciphertextFromJavascript: " + ciphertextFromJavascript);
System.out.println("decrypted: " + decrypt(ciphertextFromJavascript));
}
public static String decrypt(String ciphertext) throws Exception {
SecretKey secretKey = getSecretKey("o9szYIOq1rRMiouNhNvaq96lqUvCekxR");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(Base64.getDecoder().decode(ciphertext)));
//return new String(cipher.doFinal(base64Decode("ASDASDADS")));
}
public static SecretKey getSecretKey(String secretKey) throws Exception {
byte[] decodeSecretKey = Base64.getDecoder().decode(secretKey);
//byte[] decodeSecretKey = base64Decode(secretKey);
return new SecretKeySpec(decodeSecretKey, 0, decodeSecretKey.length, "AES");
}
}
JavaScript
encryptMethod(word){
const keyBase64 = "o9szYIOq1rRMiouNhNvaq96lqUvCekxR";
var key = CryptoJS.enc.Base64.parse(keyBase64);
var srcs = CryptoJS.enc.Utf8.parse(word);
var encrypted = CryptoJS.AES.encrypt(srcs, key, {mode:CryptoJS.mode.ECB,padding: CryptoJS.pad.Pkcs7});
return encrypted.toString();}
爪哇
public String decriptMethod(String text) throws Exception {
String ciphertextFromJavascript = text;
return decrypt(ciphertextFromJavascript);
}
public static String decrypt(String ciphertext) throws Exception {
SecretKey secretKey = getKey("o9szYIOq1rRMiouNhNvaq96lqUvCekxR");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
return new String(cipher.doFinal(Base64.getDecoder().decode(ciphertext)));
//return new String(cipher.doFinal(base64Decode("ASDASDADS")));
}
public static SecretKey getKey(String secretKey) throws Exception {
byte[] decodeSecretKey = Base64.getDecoder().decode(secretKey);
return new SecretKeySpec(decodeSecretKey, 0, decodeSecretKey.length, "AES");
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.