Java和C之间的加密差异#

嗨,我想弄清楚如何复制在C#中完成的文本加密,但在 Java中.代码的一部分仍然困扰着我,似乎无法在C#中找到答案:

PasswordDeriveBytes myPass = new PasswordDeriveBytes(String Password, byte[] Salt);
Trp.Key = myPass.GetBytes(24);
Trp.IV = myPass.GetBytes(8);

基本上什么相当于Java中的这段代码?
更新:使用提供的PasswordDeriveBytes代码(第二个代码段),我能够完美地复制C#代码.谢谢Maarten Bodewes.

BASE64Encoder base64 = new BASE64Encoder();
PasswordDeriveBytes i_Pass = new PasswordDeriveBytes(passWord, saltWordAsBytes);
byte[] keyBytes = i_Pass.getBytes(24);
byte[] ivBytes = i_Pass.getBytes(8);
Cipher c3des = Cipher.getInstance("DESede/CBC/PKCS5Padding");
SecretKeySpec myKey = new SecretKeySpec(keyBytes, "DESede");
IvParameterSpec ivspec = new IvParameterSpec(ivBytes);
c3des.init (Cipher.ENCRYPT_MODE, myKey, ivspec);
encrytpedTextAsByte  = c3des.doFinal(plainTextAsBytes);
encryptedText  = base64.encode(encrytpedTextAsByte);

但似乎无法让它跨平台工作.基本上解码代码设置(我不能在C#3.5中更改),我试图在java中编码,以便C#代码可以解码它.

任何帮助将不胜感激.

问题是PasswordDeriveBytes仅为前20个字节定义 – 在这种情况下,它是PBKDF1(不是2,正如您当前在Java代码中使用的那样).多次调用getBytes也可能会改变结果.一次或多次调用getBytes或超过20个字节的算法是Microsoft专有的,似乎没有在任何地方描述.在Mono中,它甚至被描述为非修复,因为它可能不安全.

我强烈建议使用实现PBKDF2的RFC2898DeriveBytes.请注意仅将其用于ASCII输入,否则它可能与Java实现不兼容.

唯一的另一种选择是找出Microsoft PasswordDeriveBytes到PBKDF1的专有扩展(它只定义最大为20字节的散列大小的输出).我在下面重新实现了Mono的版本.

重复请求Microsoft更新此函数的API描述并未产生任何结果.如果结果不同,您可能需要read this bug report.

这是Microsoft的专有扩展.基本上它首先计算PBKDF-1但不包括最后一次哈希迭代,调用此HX.对于前20个字节,它只执行另一个哈希,因此它符合PBKDF1.下一个哈希值是从1开始的计数器的ASCII表示(因此首先将其转换为“1”,然后转换为0x31),然后是HX的字节.

以下是Mono代码的简约,直接转换:

public class PasswordDeriveBytes {

    private final MessageDigest hash;
    private final byte[] initial;
    private final int iterations;

    private byte[] output;
    private int hashnumber = 0;
    private int position = 0;

    public PasswordDeriveBytes(String password, byte[] salt) {
        try {
            this.hash = MessageDigest.getInstance("SHA-1");
            this.initial = new byte[hash.getDigestLength()];
            this.hash.update(password.getBytes(UTF_8));
            this.hash.update(salt);
            this.hash.digest(this.initial, 0, this.initial.length);
            this.iterations = 100;
        } catch (NoSuchAlgorithmException | DigestException e) {
            throw new IllegalStateException(e);
        }
    }

    public byte[] getBytes(int cb) {
        if (cb < 1)
            throw new IndexOutOfBoundsException("cb");
        byte[] result = new byte[cb];
        int cpos = 0;
        // the initial hash (in reset) + at least one iteration
        int iter = Math.max(1, iterations - 1);
        // start with the PKCS5 key
        if (output == null) {
            // calculate the PKCS5 key
            output = initial;
            // generate new key material
            for (int i = 0; i < iter - 1; i++)
                output = hash.digest(output);
        }
        while (cpos < cb) {
            byte[] output2 = null;
            if (hashnumber == 0) {
                // last iteration on output
                output2 = hash.digest(output);
            } else if (hashnumber < 1000) {
                String n = String.valueOf(hashnumber);
                output2 = new byte[output.length + n.length()];
                for (int j = 0; j < n.length(); j++)
                    output2[j] = (byte) (n.charAt(j));
                System.arraycopy(output, 0, output2, n.length(), output.length);
                // don't update output
                output2 = hash.digest(output2);
            } else {
                throw new SecurityException();
            }
            int rem = output2.length - position;
            int l = Math.min(cb - cpos, rem);
            System.arraycopy(output2, position, result, cpos, l);
            cpos += l;
            position += l;
            while (position >= output2.length) {
                position -= output2.length;
                hashnumber++;
            }
        }
        return result;
    }
}

或者,更优化和可读,只留下输出缓冲区和位置在两次调用之间改变:

public class PasswordDeriveBytes {

    private final MessageDigest hash;

    private final byte[] firstToLastDigest;
    private final byte[] outputBuffer;

    private int position = 0;

    public PasswordDeriveBytes(String password, byte[] salt) {
        try {
            this.hash = MessageDigest.getInstance("SHA-1");

            this.hash.update(password.getBytes(UTF_8));
            this.hash.update(salt);
            this.firstToLastDigest = this.hash.digest();

            final int iterations = 100;
            for (int i = 1; i < iterations - 1; i++) {
                hash.update(firstToLastDigest);
                hash.digest(firstToLastDigest, 0, firstToLastDigest.length);
            }

            this.outputBuffer = hash.digest(firstToLastDigest);

        } catch (NoSuchAlgorithmException | DigestException e) {
            throw new IllegalStateException("SHA-1 digest should always be available", e);
        }
    }

    public byte[] getBytes(int requested) {
        if (requested < 1) {
            throw new IllegalArgumentException(
                    "You should at least request 1 byte");
        }

        byte[] result = new byte[requested];

        int generated = 0;

        try {
            while (generated < requested) {
                final int outputOffset = position % outputBuffer.length;
                if (outputOffset == 0 && position != 0) {
                    final String counter = String.valueOf(position / outputBuffer.length);
                    hash.update(counter.getBytes(US_ASCII));
                    hash.update(firstToLastDigest);
                    hash.digest(outputBuffer, 0, outputBuffer.length);
                }

                final int left = outputBuffer.length - outputOffset;
                final int required = requested - generated;
                final int copy = Math.min(left, required);

                System.arraycopy(outputBuffer, outputOffset, result, generated, copy);

                generated += copy;
                position += copy;
            }
        } catch (final DigestException e) {
            throw new IllegalStateException(e);
        }
        return result;
    }
}

实际上,安全性并不是那么糟糕,因为字节通过摘要相互分离.所以关键拉伸是比较好的.请注意,那里有Microsoft PasswordDeriveBytes实现,其中包含错误和重复的字节(请参阅上面的错误报告).这里不再复制.

用法:

private static final String PASSWORD = "46dkaKLKKJLjdkdk;akdjafj";

private static final byte[] SALT = { 0x26, 0x19, (byte) 0x81, 0x4E,
        (byte) 0xA0, 0x6D, (byte) 0x95, 0x34 };

public static void main(String[] args) throws Exception {
    final Cipher desEDE = Cipher.getInstance("DESede/CBC/PKCS5Padding");

    final PasswordDeriveBytes myPass = new PasswordDeriveBytes(PASSWORD, SALT);
    final SecretKeyFactory kf = SecretKeyFactory.getInstance("DESede");
    final byte[] key = myPass.getBytes(192 / Byte.SIZE);
    final SecretKey desEDEKey = kf.generateSecret(new DESedeKeySpec(key));

    final byte[] iv = myPass.getBytes(desEDE.getBlockSize());

    desEDE.init(Cipher.ENCRYPT_MODE, desEDEKey, new IvParameterSpec(iv));

    final byte[] ct = desEDE.doFinal("owlstead".getBytes(US_ASCII));
}

关于Java实现的附注:

>迭代计数太低,检查当前日期需要哪种迭代计数>密钥大小不正确,您应该创建3 * 64 = 192位而不是196位的密钥> 3DES变老,使用AES代替

相关文章
相关标签/搜索