基于密码的加密——最后一个块在解密时不完整

Password based encryption-last block incomplete in decryption

我在使用 PBEWithSHA256And256BitAES-CBC-BC 算法时遇到基于密码 encryption/decryption 的问题。当我到达 cipher.doFinal 时,我得到:javax.crypto.IllegalBlockSizeException:最后一个块在解密中不完整。

public static String encrypt(String salt, String password, byte[] object) throws GeneralSecurityException {
    PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt.getBytes(), 1000);
    PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray());

        SecretKeyFactory keyFac = SecretKeyFactory.getInstance("PBEWithSHA256And256BitAES-CBC-BC");
        SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

        Cipher encryptionCipher = Cipher.getInstance("PBEWithSHA256And256BitAES-CBC-BC");
        encryptionCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

        byte[] encryptedObject = encryptionCipher.doFinal(object);

    return new String(encryptedObject);
}

public static String decrypt(String encryptedObject, String password, String salt) throws GeneralSecurityException{
    PBEParameterSpec parameterSpec = new PBEParameterSpec(salt.getBytes(), 1000);
    PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());

        SecretKeyFactory keyFactory
                = SecretKeyFactory.getInstance("PBEWithSHA256And256BitAES-CBC-BC");
        SecretKey passwordKey = keyFactory.generateSecret(keySpec);

        Cipher cipher = Cipher.getInstance("PBEWithSHA256And256BitAES-CBC-BC");
        cipher.init(Cipher.DECRYPT_MODE, passwordKey, parameterSpec);

        byte[] decryptedObject = cipher.doFinal(encryptedObject.getBytes());

    return new String(decryptedObject);
}

和主要的:

Security.addProvider(new BouncyCastleProvider());
String text = "plaintext";
String salt = "salt";
String password = "password";
String encrypted = encrypt(salt, password, text.getBytes());
String decrypted = decrypt(encrypted, password, salt);
System.out.println(decrypted);

我错过了什么吗?当其他人得到这个异常时,他们没有使用相同的盐来加密和解密,或者他们没有从 Base64 解码加密文本。 None 这些帮助解决了我的问题。

加密和解密的输出应该是 byte[] 而不是 String。

PBEWithSHA256And256BitAES-CBC-BC 应该只用于密钥生成过程,而不是用于 encryption/decryption 过程本身。

您应该只继续(例如):

Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");