無法將其從vb.net移植到Java AES加密

Question

這是用.net編碼並用Java解碼的內容的完整工作示例，反之亦然

    Private Function Decrypt(cipherText As String) As String
dim _encryptionkey as string = "kmjfds(#1231SDSA()#rt32geswfkjFJDSKFJDSFd"
        Dim cipherBytes As Byte() = Convert.FromBase64String(cipherText)
        Using encryptor As Aes = Aes.Create()
            Dim pdb As New Rfc2898DeriveBytes(_EncryptionKey, New Byte() {&H49, &H76, &H61, &H6E, &H20, &H4D, &H65, &H64, &H76, &H65, &H64, &H65, _
             &H76})
            encryptor.Key = pdb.GetBytes(32)
            encryptor.IV = pdb.GetBytes(16)
            Using ms As New MemoryStream()
                Using cs As New CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write)
                    cs.Write(cipherBytes, 0, cipherBytes.Length)
                    cs.Close()
                End Using
                cipherText = Encoding.Unicode.GetString(ms.ToArray())
            End Using
        End Using
        Return cipherText
    End Function

這是等效的Java。 感謝大家的幫助！ 確保將JCE策略也安裝在Java的安全性文件夾中。

String myData = "kgxCSfBSw5BRxmjgc4qYhwN12dxG0dyf=";
        byte[] salt = new byte[] {0x49, 0x76, 0x61, 0x6E, 0x20, 0x4D, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76};
        String pw  = "kmjfds(#1231SDSA()#rt32geswfkjFJDSKFJDSFd";

        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        PBEKeySpec pbeKeySpec = new PBEKeySpec(pw.toCharArray(), salt, 1000, 384);
        Key secretKey = factory.generateSecret(pbeKeySpec);
        byte[] key = new byte[32];
        byte[] iv = new byte[16];
        System.arraycopy(secretKey.getEncoded(), 0, key, 0, 32);
        System.arraycopy(secretKey.getEncoded(), 32, iv, 0, 16);


        SecretKeySpec secretSpec = new SecretKeySpec(key, "AES");
        AlgorithmParameterSpec ivSpec = new IvParameterSpec(iv);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        Cipher cipher1 = Cipher.getInstance("AES/CBC/PKCS5Padding");

        try {
            cipher.init(Cipher.DECRYPT_MODE,secretSpec,ivSpec);
            cipher1.init(Cipher.ENCRYPT_MODE,secretSpec,ivSpec);
        } catch (InvalidKeyException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (InvalidAlgorithmParameterException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }

        //byte[] decordedValue;
        //decordedValue = new BASE64Decoder().decodeBuffer(myData);
        //decordedValue = myData.getBytes("ISO-8859-1");
          //byte[] decValue = cipher.doFinal(myData.getBytes());
        //Base64.getMimeEncoder().encodeToString(cipher.doFinal(myData.getBytes()));
            //String decryptedValue = new String(decValue);
        byte[] decodedValue  = new Base64().decode(myData.getBytes());



          String clearText = "ljfva09876FK";


          //String encodedValue  = new Base64().encodeAsString(clearText.getBytes("UTF-16"));



          byte[] cipherBytes = cipher1.doFinal(clearText.getBytes("UTF-16LE"));
          //String cipherText = new String(cipherBytes, "UTF8");
          String encoded = Base64.encodeBase64String(cipherBytes);
          System.out.println(encoded);


            byte[] decValue =    cipher.doFinal(decodedValue);

            System.out.println(new String(decValue, StandardCharsets.UTF_16LE));

Answer 1

您的迭代計數應為1000（而不是1），這是RFC中建議的最小值，也是Rfc2898DeriveBytes的（未指定）默認值。

對於本文檔中的方法，建議至少進行1000次迭代

這樣就可以轉化為：

PBEKeySpec pbeKeySpec = new PBEKeySpec(pw.toCharArray(), salt, 1000, 384);

在Java代碼中。 請注意，強烈建議增加迭代次數，尤其是在允許使用較弱密碼的情況下。 40K-100K大約是現在的最低要求。

---

錯誤命名的Unicode實際上在.NET中意味着UTF-16，因此您應該使用：

new String(decValue, StandardCharsets.UTF_16LE)

在Java代碼的最后一個println語句中。

Answer 2

這是感謝馬爾滕·博德威斯的答案

String myData = "kgxCSfBSw5BRxmjgc4qYhwN12dxG0=";
    byte[] salt = new byte[] {0x49, 0x76, 0x61, 0x6E, 0x20, 0x4D, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76};
    String pw  = "kmjfds(#1231SDSA()#rt32geswfkjFJDSKFJDSFd";

    SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
    PBEKeySpec pbeKeySpec = new PBEKeySpec(pw.toCharArray(), salt, 1000, 384);
    Key secretKey = factory.generateSecret(pbeKeySpec);
    byte[] key = new byte[32];
    byte[] iv = new byte[16];
    System.arraycopy(secretKey.getEncoded(), 0, key, 0, 32);
    System.arraycopy(secretKey.getEncoded(), 32, iv, 0, 16);


    SecretKeySpec secretSpec = new SecretKeySpec(key, "AES");
    AlgorithmParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    try {
        cipher.init(Cipher.DECRYPT_MODE,secretSpec,ivSpec);
    } catch (InvalidKeyException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (InvalidAlgorithmParameterException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

    //byte[] decordedValue;
    //decordedValue = new BASE64Decoder().decodeBuffer(myData);
    //decordedValue = myData.getBytes("ISO-8859-1");
      //byte[] decValue = cipher.doFinal(myData.getBytes());
    //Base64.getMimeEncoder().encodeToString(cipher.doFinal(myData.getBytes()));
        //String decryptedValue = new String(decValue);
    byte[] decodedValue  = new Base64().decode(myData.getBytes());


    byte[] decValue =    cipher.doFinal(decodedValue);

        System.out.println(new String(decValue, StandardCharsets.UTF_16LE));