Bouncy Qal'aning Parolni asoslangan shifrlash AES bilan CBC rejimida

Men yaqinda CBS rejimida AES bilan BouncyCastle PBE-ni ishlatadigan kodning bir qismini ko'rdim ("PBEWithSHA1And256BitAES-CBC-BC").

public static final String ALGORITHM = "PBEWithSHA1And256BitAES-CBC-BC";

public static byte[] encrypt(final byte[] key, final byte[] salt, final byte[] plainText) throws CryptoException {
    try {
       //Create the encryption key
        final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM, "BC");
        final PBEKeySpec keySpec = new PBEKeySpec(new String(key).toCharArray());
        final SecretKey secretKey = keyFactory.generateSecret(keySpec);

       //Encrypt the plain text
        final PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, ITERATIONS);
        final Cipher cipher = Cipher.getInstance(ALGORITHM, "BC");
        cipher.init(Cipher.ENCRYPT_MODE, secretKey, cipherSpec);
        final byte[] encryptedBytes = cipher.doFinal(plainText);

        return encryptedBytes;

    } catch (final Throwable t) {
        throw new CryptoException(t.toString());
    }
}

Ko'rib turganingizdek, ushbu kodda AES CBC shifrlashni bajarish uchun tegishli IV belgilanmaydi.

Shriftni tuzlash, uni ishlatish uchun va IV ni qanday aniqlashni bilmayman.

Buni qanday qilishim kerak?

Rahmat.

2
Siz nima demoqchisiz, tuz va raqamlar sonini qanday belgilashni bilmayapsizmi? Buni allaqachon qilmaganmisiz?
qo'shib qo'ydi muallif Maarten Bodewes, manba
Mening javobim yetarli emasmi? Yoki siz anglamadingmi? Sizning savollaringiz bo'yicha hech bo'lmaganda kuzatib borganingizdan xursandman, garchi 13 kun ham bir oz vaqt ...
qo'shib qo'ydi muallif Maarten Bodewes, manba
Tuz va foydalanuvchining ko'rsatgan paroldan kuchli shifrlash kalitini yaratish uchun ishlatiladigan iteratsiyalar sonini qanday belgilashni bilaman. Ushbu shifrlash kaliti olinganidan so'ng, ma'lumotlarni CBC rejimida AES yordamida shifrlash uchun ishlatiladi. Tartib CBC bo'lgani uchun, qanday qilib IV ni aniqlay olmasligimizni aniqlab beramiz.
qo'shib qo'ydi muallif jsanchez, manba

3 javoblar

Siz jasypt (java oddiy shifrlash) dan foydalanishingiz mumkin PBEWithSHA1And256BitAES-CBC-BC

namuna kodi quyida ko'rsatilgan:

StandardPBEStringEncryptor myFirstEncryptor = new StandardPBEStringEncryptor();                                                                                                      
myFirstEncryptor.setProvider(new BouncyCastleProvider());                                                                                                    

myFirstEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC");                                                                                         




FixedStringSaltGenerator generator = new FixedStringSaltGenerator();                                                                                         
generator.setSalt("justAnotherSaltforGX");
//myFirstEncryptor.setSaltGenerator(new ZeroSaltGenerator());                                                                                                    

myFirstEncryptor.setSaltGenerator(generator);                                                                                                                    

myFirstEncryptor.setKeyObtentionIterations(1);                                                                                                               
String myPassword="creditCard";                                                                                                                              
myFirstEncryptor.setPassword(myPassword);                                                                                                                    


String myText="Redeem Gacha ";                                                                                                         
String myFirstEncryptedText = myFirstEncryptor.encrypt(myText);                                                                                              

System.out.println("myFirstEncryptedText AES encrypt=="+myFirstEncryptedText);                                                                               

System.out.println("myFirstEncryptedText AES decrypt =="+myFirstEncryptor.decrypt(myFirstEncryptedText));
3
qo'shib qo'ydi

Agar siz IV ni ishlatmoqchi bo'lsangiz, tasodifiy kalitni yaratishingiz kerak va uni matnni shifrlangan joyga shifrlashingiz kerak. Keyinchalik, IVni aniqlash uchun IvParameterSpec dan foydalanib, ma'lumotlarni shifrlash uchun foydalanishingiz mumkin. Albatta, siz shifrlangan ma'lumotlarning yonida shifrlangan kalitni va IV ni saqlashingiz kerak. Buning uchun faqat bir xil kalit bilan bir nechta to'g'ri matnni shifrlash kerak.

1
qo'shib qo'ydi

Jasypt va BouncyCastle 1.51 (SpongyCastle) dan foydalanib, men ulardan foydalanishim mumkin edi

Algorithm: PBEWITHSHAAND128BITAES-CBC-BC
Algorithm: PBEWITHSHAAND192BITAES-CBC-BC
Algorithm: PBEWITHSHAAND256BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND128BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND192BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND256BITAES-CBC-BC
Algorithm: PBEWITHMD5AND128BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND192BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND256BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND128BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND192BITAES-CBC-OPENSSL
Algorithm: PBEWITHMD5AND256BITAES-CBC-OPENSSL
Algorithm: PBEWITHSHAAND128BITAES-CBC-BC
Algorithm: PBEWITHSHAAND192BITAES-CBC-BC
Algorithm: PBEWITHSHAAND256BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND128BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND192BITAES-CBC-BC
Algorithm: PBEWITHSHA256AND256BITAES-CBC-BC

Shunday qilib, bu juda oson edi

    StandardPBEByteEncryptor strongBinaryEncryptor = new StandardPBEByteEncryptor();
    strongBinaryEncryptor.setAlgorithm("PBEWITHSHAAND192BITAES-CBC-BC");
    strongBinaryEncryptor.setKeyObtentionIterations(1000);
    strongBinaryEncryptor.setProviderName(BouncyCastleProvider.PROVIDER_NAME);
    strongBinaryEncryptor.setPassword(password);

    byte[] encryptedBytes = strongBinaryEncryptor.encrypt(password);

Siz ham SaltGenerator ni o'rnatishingiz mumkin.

0
qo'shib qo'ydi