Java CBC 解密有效，但 CTR 失败

Question

我为我正在上的加密类(class)设置了一个程序。我将用我的代码和另一部分来说明我的变量差异。我的目标是解密我们作业的文本。我不希望有人为我解密此内容，但希望获得一些帮助来了解我的代码中导致此问题的原因。当我解密 CBC 时，我得到了正确的输出，没有任何问题，尽管它确实有一些额外的字符(这可能是填充问题？我不确定)

然后，当我使用 CTR 进行正确的更改时，它会返回一堆垃圾。任何帮助将不胜感激。谢谢，

CBC:

CBC key: 140b41b22a29beb4061bda66b6747e14
CBC Ciphertext 1: 
  4ca00ff4c898d61e1edbf1800618fb2828a226d160dad07883d04e008a7897ee2e4b7465d5290d0c0e6c6822236e1daafb94ffe0c5da05d9476be028ad7c1d81

点击率:

CTR key: 36f18357be4dbd77f050515c73fcf9f2
CTR Ciphertext 1: 
69dda8455c7dd4254bf353b773304eec0ec7702330098ce7f7520d1cbbb20fc388d1b0adb5054dbd7370849dbf0b88d393f252e764f1f5f7ad97ef79d59ce29f5f51eeca32eabedd9afa9329

CBC 变量

String algorithm = "AES";
String mode = "CBC";
String padding = "PKCS5Padding";
byte[] ciphertextBytes = StringToByte("4ca00ff4c898d61e1edbf1800618fb2828a226d160dad07883d04e008a7897ee2e4b7465d5290d0c0e6c6822236e1daafb94ffe0c5da05d9476be028ad7c1d81");
byte[] keyBytes = StringToByte("140b41b22a29beb4061bda66b6747e14");

点击率变量

String algorithm = "AES";
String mode = "CTR";
String padding = "NoPadding";
byte[] ciphertextBytes = StringToByte("770b80259ec33beb2561358a9f2dc617e46218c0a53cbeca695ae45faa8952aa0e311bde9d4e01726d3184c34451");
byte[] keyBytes = StringToByte("36f18357be4dbd77f050515c73fcf9f2");

解密主要内容

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.SecureRandom;
import static java.lang.Character.digit;

public class CryptoClass {

public static void main(String[] args) throws Exception {
    byte[] decryptByte = Decrypt();
    String hexString = ByteToHex(decryptByte);
    StringBuilder decryptedString = HexToString(hexString);
    System.out.println(decryptedString);
}

public static byte[] Decrypt() throws Exception {
    //
    String algorithm = "AES";
    String mode = "CTR";
    String padding = "NoPadding";
    byte[] ciphertextBytes = StringToByte("770b80259ec33beb2561358a9f2dc617e46218c0a53cbeca695ae45faa8952aa0e311bde9d4e01726d3184c34451");
    byte[] keyBytes = StringToByte("36f18357be4dbd77f050515c73fcf9f2");
    IvParameterSpec ivParamSpec = null;
    int ivSize = 16;
    byte[] iv = new byte[ivSize];

    SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
    secureRandom.nextBytes(iv);
    ivParamSpec = new IvParameterSpec(iv);
    SecretKey aesKey = new SecretKeySpec(keyBytes, "AES");

    Cipher cipher = Cipher.getInstance(algorithm + "/" + mode + "/" + padding, "JsafeJCE");
    cipher.init(Cipher.DECRYPT_MODE, aesKey, ivParamSpec);

    byte[] result = cipher.doFinal(ciphertextBytes);
    return result;
}

//convert ByteArray to Hex String
public static String ByteToHex(byte[] byteArray) {
    StringBuilder sb = new StringBuilder();
    for (byte b : byteArray)
    {
        sb.append(String.format("%02X", b));
    }
    return sb.toString();
}

//convert String to ByteArray
private static byte[] StringToByte(String input) {
    int length = input.length();
    byte[] output = new byte[length / 2];

    for (int i = 0; i < length; i += 2) {
        output[i / 2] = (byte) ((digit(input.charAt(i), 16) << 4) | digit(input.charAt(i+1), 16));
    }
    return output;
}
//changes a hex string into plain text
public static StringBuilder HexToString(String hex) throws Exception {
    StringBuilder output = new StringBuilder();
    for (int i = 0; i < hex.length(); i+=2) {
        String str = hex.substring(i, i+2);
        output.append((char)Integer.parseInt(str, 16));
    }
    return output;
  }
}

*编辑解决方案的方法 - 我不是使用随机 IV，而是从密文的前 16 位中提取 IV。作业中说是这样的，出于某种原因，我第一次看的时候就忽略了它。

 public static byte[] Decrypt() throws Exception {
    String algorithm = "AES";
    String mode = "CTR";
    String padding = "NoPadding";
    byte[] ciphertextBytes = StringToByte("0ec7702330098ce7f7520d1cbbb20fc388d1b0adb5054dbd7370849dbf0b88d393f252e764f1f5f7ad97ef79d59ce29f5f51eeca32eabedd9afa9329");
    byte[] keyBytes = StringToByte("36f18357be4dbd77f050515c73fcf9f2");


    //int ivSize = 16;
    //byte[] iv = new byte[ivSize];
    //SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
    //secureRandom.nextBytes(iv);
    byte[] ivParamSpecTMP = StringToByte("69dda8455c7dd4254bf353b773304eec");
    IvParameterSpec ivParameterSpec = new IvParameterSpec(ivParamSpecTMP);
    SecretKey aesKey = new SecretKeySpec(keyBytes, "AES");

    Cipher cipher = Cipher.getInstance(algorithm + "/" + mode + "/" + padding, "JsafeJCE");
    cipher.init(Cipher.DECRYPT_MODE, aesKey, ivParameterSpec);

    byte[] result = cipher.doFinal(ciphertextBytes);
    return result;

Answer 1

诀窍是您必须将 IV(以纯文本形式)发送给接收者。如果您在解密之前随机生成 IV，那么根据定义您将得到垃圾。随机 IV 只能在加密之前生成。

标准做法是发送者在密文中添加 IV 前缀。接收方使用前 16 个字节作为 IV，其余的作为实际密文。