奇怪的 DES 行为 - 使用不同的密钥解密成功
Strange DES behavior - decryption is successful using different keys
偶尔会遇到一件有趣而奇怪的事情:同一个密文块可以用不同的密钥解密!
任何人都可以告诉我出了什么问题吗?非常感谢。
请不要试图让我切换到三重DES/AES等,我只想知道问题出在哪里-调用Java SDK的方式,或者[=中的错误23=]SDK?
下面是 Windows 7 的输出,Linux 框中的结果相同:
D:\>java -version
java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)
D:\>java DESTest -e 12345678 abcde977
encrypted as [17fd146fa6fdbb5db667efe657dfcb60]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde977
decryted as [12345678]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde976
decryted as [12345678]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde967
decryted as [12345678]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde867
decryted as [12345678]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcdf867
Exception in thread "main" java.lang.RuntimeException: javax.crypto.BadPaddingEx
ception: Given final block not properly padded
at DESTest.des(DESTest.java:46)
at DESTest.dec(DESTest.java:31)
at DESTest.main(DESTest.java:19)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padd
ed
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DESCipher.java:314)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
at DESTest.des(DESTest.java:44)
... 2 more
D:\>java DESTest -e 12345678 abcde976
encrypted as [17fd146fa6fdbb5db667efe657dfcb60]
D:\>java DESTest -e 12345678 abcde967
encrypted as [17fd146fa6fdbb5db667efe657dfcb60]
D:\>
源代码:
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
public class DESTest {
public static void main(String[] args) {
if (args.length < 3) {
System.out.println("usage: java " + DESTest.class.getCanonicalName() + " -e|-d text key");
return;
}
String mode = args[0].trim();
String text = args[1].trim();
String key = args[2].trim();
try {
String s = "-d".equalsIgnoreCase(mode) ? dec(text, key) : enc(text, key);
System.out.println("\n" + ("-d".equalsIgnoreCase(mode) ? "decryted as [" : "encrypted as [") + s + "]");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}
private static String enc(String plainText, String key) throws UnsupportedEncodingException {
return new String(encHex(des(plainText.getBytes("UTF-8"), key, Cipher.ENCRYPT_MODE)));
}
private static String dec(String encrypted, String key) throws UnsupportedEncodingException {
return new String(des(decHex(encrypted), key, Cipher.DECRYPT_MODE), "UTF-8");
}
private static byte[] des(byte[] bytes, String key, int cipherMode) {
final String encoding = "UTF-8";
try {
DESKeySpec desKey = new DESKeySpec(key.getBytes(encoding));
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey securekey = keyFactory.generateSecret(desKey);
// SecretKey securekey = new SecretKeySpec(key.getBytes(encoding), "DES");//same result as the 3 lines above
Cipher cipher = Cipher.getInstance("DES");
SecureRandom random = new SecureRandom();
cipher.init(cipherMode, securekey, random);
return cipher.doFinal(bytes);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private static final char[] HEX_CHARS = "0123456789abcdef".toCharArray();
private static String encHex(byte[] bytes) {
final char[] chars = new char[bytes.length * 2];
for (int i = 0, j = 0; i < bytes.length; i++) {
chars[j++] = HEX_CHARS[(0xF0 & bytes[i]) >>> 4];
chars[j++] = HEX_CHARS[0x0F & bytes[i]];
}
return new String(chars);
}
private static byte[] decHex(String hex) {
final int len = hex.length();
final byte[] bytes = new byte[len / 2];
for (int i = 0, j = 0; j < len; i++) {
int f = Character.digit(hex.charAt(j), 16) << 4;
j++;
f = f | Character.digit(hex.charAt(j), 16);
j++;
bytes[i] = (byte) (f & 0xFF);
}
return bytes;
}
}
DES操作(加密和解密)忽略了密钥每个字节的lsbit。也就是说,如果您翻转密钥中的任何 lsbits,操作将保持不变。这就是您尝试的键中发生的情况:space 的 ASCII 代码是 0x20,而 !是0x21;它们仅在 lsbit 上有所不同。因此,如果密钥的一个字节包含 space 的 ASCII 代码,您可以将其替换为 !,它仍然能够解密。同样,*的ASCII码是0x2a,+的ASCII码是0x2b;也只有 lsbit 不同。
在最初的 DES 标准中,lsbit 应该用作奇偶校验位(每个字节始终具有奇校验)。它应该是对手动输入的密钥的弱错误检查。如今,没有人进行奇偶校验,因此 lsbit 被忽略了。
摘自Poncho's insightful Answer on Cryptography Stackexchange。
DES有一个56位的密钥,每个密钥字节的lsbit最初用于奇偶校验,现在被忽略。
答案是:不要使用DES! DES 不安全,已被 AES(高级加密标准)取代 AES 专门设计用于替代 DES。
另外,不要使用字符串作为密钥,最好的做法是使用PBKDF2(基于密码的密钥派生函数)等函数从字符串中派生出加密密钥。
偶尔会遇到一件有趣而奇怪的事情:同一个密文块可以用不同的密钥解密!
任何人都可以告诉我出了什么问题吗?非常感谢。
请不要试图让我切换到三重DES/AES等,我只想知道问题出在哪里-调用Java SDK的方式,或者[=中的错误23=]SDK?
下面是 Windows 7 的输出,Linux 框中的结果相同:
D:\>java -version
java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
Java HotSpot(TM) 64-Bit Server VM (build 23.21-b01, mixed mode)
D:\>java DESTest -e 12345678 abcde977
encrypted as [17fd146fa6fdbb5db667efe657dfcb60]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde977
decryted as [12345678]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde976
decryted as [12345678]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde967
decryted as [12345678]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcde867
decryted as [12345678]
D:\>java DESTest -d 17fd146fa6fdbb5db667efe657dfcb60 abcdf867
Exception in thread "main" java.lang.RuntimeException: javax.crypto.BadPaddingEx
ception: Given final block not properly padded
at DESTest.des(DESTest.java:46)
at DESTest.dec(DESTest.java:31)
at DESTest.main(DESTest.java:19)
Caused by: javax.crypto.BadPaddingException: Given final block not properly padd
ed
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:811)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:676)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DESCipher.java:314)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
at DESTest.des(DESTest.java:44)
... 2 more
D:\>java DESTest -e 12345678 abcde976
encrypted as [17fd146fa6fdbb5db667efe657dfcb60]
D:\>java DESTest -e 12345678 abcde967
encrypted as [17fd146fa6fdbb5db667efe657dfcb60]
D:\>
源代码:
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
public class DESTest {
public static void main(String[] args) {
if (args.length < 3) {
System.out.println("usage: java " + DESTest.class.getCanonicalName() + " -e|-d text key");
return;
}
String mode = args[0].trim();
String text = args[1].trim();
String key = args[2].trim();
try {
String s = "-d".equalsIgnoreCase(mode) ? dec(text, key) : enc(text, key);
System.out.println("\n" + ("-d".equalsIgnoreCase(mode) ? "decryted as [" : "encrypted as [") + s + "]");
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}
private static String enc(String plainText, String key) throws UnsupportedEncodingException {
return new String(encHex(des(plainText.getBytes("UTF-8"), key, Cipher.ENCRYPT_MODE)));
}
private static String dec(String encrypted, String key) throws UnsupportedEncodingException {
return new String(des(decHex(encrypted), key, Cipher.DECRYPT_MODE), "UTF-8");
}
private static byte[] des(byte[] bytes, String key, int cipherMode) {
final String encoding = "UTF-8";
try {
DESKeySpec desKey = new DESKeySpec(key.getBytes(encoding));
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey securekey = keyFactory.generateSecret(desKey);
// SecretKey securekey = new SecretKeySpec(key.getBytes(encoding), "DES");//same result as the 3 lines above
Cipher cipher = Cipher.getInstance("DES");
SecureRandom random = new SecureRandom();
cipher.init(cipherMode, securekey, random);
return cipher.doFinal(bytes);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private static final char[] HEX_CHARS = "0123456789abcdef".toCharArray();
private static String encHex(byte[] bytes) {
final char[] chars = new char[bytes.length * 2];
for (int i = 0, j = 0; i < bytes.length; i++) {
chars[j++] = HEX_CHARS[(0xF0 & bytes[i]) >>> 4];
chars[j++] = HEX_CHARS[0x0F & bytes[i]];
}
return new String(chars);
}
private static byte[] decHex(String hex) {
final int len = hex.length();
final byte[] bytes = new byte[len / 2];
for (int i = 0, j = 0; j < len; i++) {
int f = Character.digit(hex.charAt(j), 16) << 4;
j++;
f = f | Character.digit(hex.charAt(j), 16);
j++;
bytes[i] = (byte) (f & 0xFF);
}
return bytes;
}
}
DES操作(加密和解密)忽略了密钥每个字节的lsbit。也就是说,如果您翻转密钥中的任何 lsbits,操作将保持不变。这就是您尝试的键中发生的情况:space 的 ASCII 代码是 0x20,而 !是0x21;它们仅在 lsbit 上有所不同。因此,如果密钥的一个字节包含 space 的 ASCII 代码,您可以将其替换为 !,它仍然能够解密。同样,*的ASCII码是0x2a,+的ASCII码是0x2b;也只有 lsbit 不同。
在最初的 DES 标准中,lsbit 应该用作奇偶校验位(每个字节始终具有奇校验)。它应该是对手动输入的密钥的弱错误检查。如今,没有人进行奇偶校验,因此 lsbit 被忽略了。
摘自Poncho's insightful Answer on Cryptography Stackexchange。
DES有一个56位的密钥,每个密钥字节的lsbit最初用于奇偶校验,现在被忽略。
答案是:不要使用DES! DES 不安全,已被 AES(高级加密标准)取代 AES 专门设计用于替代 DES。
另外,不要使用字符串作为密钥,最好的做法是使用PBKDF2(基于密码的密钥派生函数)等函数从字符串中派生出加密密钥。