个人中心
gpt4 book ai didi

java - 如何在 Java 中为 Serpent 生成 PBEKey?

转载 作者:塔克拉玛干 更新时间:2023-11-02 20:15:59 25 4
gpt4 key购买 nike

我正在努力支持 AES、Serpent 和 TwoFish 的 PBE。目前,我能够像这样使用 BC 在 Java 中生成 AES PBEKey:

SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHSHA256AND256BITAES-CBC-BC", provider);
PBEKeySpec pbeKeySpec = new PBEKeySpec("Password12".toCharArray());
SecretKey key = factory.generateSecret(pbeKeySpec);

但我不知道如何为 Serpent 生成 PBEKey,所以我假设它不可能开箱即用。我将如何着手实现这个?有什么地方可以让我注册自己的 SecretKeyFactory 来处理 Serpent key 吗?

巧合的是,我注意到使用 AES PBEKey(如上生成的)对 Serpent/TwoFish 进行加密/解密“有效”,但我不知道会产生什么影响。我可以使用 AES PBEKey 吗?

最佳答案

在与 PaŭloEbermann(上图)讨论后,我提出了以下解决方案。它为 AES256 生成一个 PBE key ,然后简单地将所需字节数从生成的 key 复制到一个新的 SecretKeySpec() 中,这允许我指定所需的算法和 key 长度。目前我正在对密码加盐并在每次加密调用时创建一个随机 IV。我的假设是 IV 是不必要的,因为每个加密消息都应用了随机盐,但我不是 100% 确定所以我还是添加了 IV。我希望有人可以确认或否认这个假设,因为如果不需要 IV,那么它会无缘无故地膨胀 encrypt() 输出的大小。理想情况下,我将能够生成一个没有算法关系的可变长度的 PBEKey(根据 PKCS5 ),但看起来我必须遵守所选提供商提供的可用 PBE 方案中定义的 key 大小。因此,此实现必须使用 BouncyCaSTLe,因为我无法从标准 JCE 提供程序中找到至少提供 256 位 key 的 PBE 方案。

/**
 * parts of this code were copied from the StandardPBEByteEncryptor class from the Jasypt (www.jasypt.org) project
 */
public class PBESample {
    private final String KEY_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
    private final String MODE_PADDING = "/CBC/PKCS5Padding";
    private final int DEFAULT_SALT_SIZE_BYTES = 16;
    
    private final SecureRandom rand;
    
    private final String passwd = "(Password){12}<.....>!";

    public PBESample() throws Exception {
        rand = SecureRandom.getInstance("SHA1PRNG");
    }
    
    private byte[] generateSalt(int size) {
        byte[] salt = new byte[size];
        rand.nextBytes(salt);
        
        return salt;
    }
    
    private SecretKey generateKey(String algorithm, int keySize, byte[] salt) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException{
        SecretKeyFactory factory = SecretKeyFactory.getInstance(KEY_ALGORITHM);
        PBEKeySpec pbeKeySpec = new PBEKeySpec(passwd.toCharArray(), salt, 100000);
        SecretKey tmpKey = factory.generateSecret(pbeKeySpec);
        byte[] keyBytes = new byte[keySize / 8];
        System.arraycopy(tmpKey.getEncoded(), 0, keyBytes, 0, keyBytes.length);
        
        return new SecretKeySpec(keyBytes, algorithm);
    }
    
    private byte[] generateIV(Cipher cipher) {
        byte[] iv = new byte[cipher.getBlockSize()];
        rand.nextBytes(iv);
        
        return iv;
    }

    private byte[] appendArrays(byte[] firstArray, byte[] secondArray) {
        final byte[] result = new byte[firstArray.length + secondArray.length];
        
        System.arraycopy(firstArray, 0, result, 0, firstArray.length);
        System.arraycopy(secondArray, 0, result, firstArray.length, secondArray.length);
        
            return result;
    }

    
    public byte[] encrypt(String algorithm, int keySize, final byte[] message) throws Exception {
        Cipher cipher = Cipher.getInstance(algorithm + MODE_PADDING);

        // The salt size for the chosen algorithm is set to be equal 
        // to the algorithm's block size (if it is a block algorithm).
        int saltSizeBytes = DEFAULT_SALT_SIZE_BYTES;
        int algorithmBlockSize = cipher.getBlockSize();
        if (algorithmBlockSize > 0) {
            saltSizeBytes = algorithmBlockSize;
        }

        // Create salt
        final byte[] salt = generateSalt(saltSizeBytes);

        SecretKey key = generateKey(algorithm, keySize, salt);

        // create a new IV for each encryption
        final IvParameterSpec ivParamSpec = new IvParameterSpec(generateIV(cipher));

        // Perform encryption using the Cipher
        cipher.init(Cipher.ENCRYPT_MODE, key, ivParamSpec);
        byte[] encryptedMessage = cipher.doFinal(message);

        // append the IV and salt
        encryptedMessage = appendArrays(ivParamSpec.getIV(), encryptedMessage);
        encryptedMessage = appendArrays(salt, encryptedMessage);

        return encryptedMessage;
    }
    
    public byte[] decrypt(String algorithm, int keySize, final byte[] encryptedMessage) throws Exception {
        Cipher cipher = Cipher.getInstance(algorithm + MODE_PADDING);
        
        // determine the salt size for the first layer of encryption
        int saltSizeBytes = DEFAULT_SALT_SIZE_BYTES;
        int algorithmBlockSize = cipher.getBlockSize();
        if (algorithmBlockSize > 0) {
            saltSizeBytes = algorithmBlockSize;
        }
        
        byte[] decryptedMessage = new byte[encryptedMessage.length];
        System.arraycopy(encryptedMessage, 0, decryptedMessage, 0, encryptedMessage.length);

        // extract the salt and IV from the incoming message
        byte[] salt = null;
        byte[] iv = null;
        byte[] encryptedMessageKernel = null;
        final int saltStart = 0;
        final int saltSize = (saltSizeBytes < decryptedMessage.length ? saltSizeBytes : decryptedMessage.length);
        final int ivStart = (saltSizeBytes < decryptedMessage.length ? saltSizeBytes : decryptedMessage.length);
        final int ivSize = cipher.getBlockSize();
        final int encMesKernelStart = (saltSizeBytes + ivSize < decryptedMessage.length ? saltSizeBytes + ivSize : decryptedMessage.length);
        final int encMesKernelSize = (saltSizeBytes + ivSize < decryptedMessage.length ? (decryptedMessage.length - saltSizeBytes - ivSize) : 0);

        salt = new byte[saltSize];
        iv = new byte[ivSize];
        encryptedMessageKernel = new byte[encMesKernelSize];

        System.arraycopy(decryptedMessage, saltStart, salt, 0, saltSize);
        System.arraycopy(decryptedMessage, ivStart, iv, 0, ivSize);
        System.arraycopy(decryptedMessage, encMesKernelStart, encryptedMessageKernel, 0, encMesKernelSize);
        
        SecretKey key = generateKey(algorithm, keySize, salt);
        
        IvParameterSpec ivParamSpec = new IvParameterSpec(iv);

        // Perform decryption using the Cipher
        cipher.init(Cipher.DECRYPT_MODE, key, ivParamSpec);
        decryptedMessage = cipher.doFinal(encryptedMessageKernel);

        // Return the results
        return decryptedMessage;
    }

    public static void main(String[] args) throws Exception {
        // allow the use of the BC JCE
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
        
        final String message = "Secret Message";
        PBESample engine = new PBESample();
        
        byte[] encryptedMessage = engine.encrypt("AES", 128, message.getBytes());
        byte[] decryptedMessage = engine.decrypt("AES", 128, encryptedMessage);
        if (message.equals(new String(decryptedMessage))) {
            System.out.println("AES OK");
        }
        
        encryptedMessage = engine.encrypt("Serpent", 256, message.getBytes());
        decryptedMessage = engine.decrypt("Serpent", 256, encryptedMessage);
        if (message.equals(new String(decryptedMessage))) {
            System.out.println("Serpent OK");
        }
        
        encryptedMessage = engine.encrypt("TwoFish", 256, message.getBytes());
        decryptedMessage = engine.decrypt("TwoFish", 256, encryptedMessage);
        if (message.equals(new String(decryptedMessage))) {
            System.out.println("TwoFish OK");
        }
    }
}

关于java - 如何在 Java 中为 Serpent 生成 PBEKey?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6953431/

25 4 0
文章推荐: iphone - 在 iOS 上设计 3 行对话框的方法 - 多语言可用
文章推荐: android - 按下主页按钮后从系统覆盖窗口启动 Activity
文章推荐: java - 绘制到 java.awt.graphics 对象中的有效方法
文章推荐: java - Java中的视频/音频聊天
塔克拉玛干
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com