Jasypt:加密成功但更强算法的解密失败
Jasypt: Encryption successful but decryption fails for stronger algorithms
我正在使用 Jasypt 的 CLI 来测试加密和解密。所有算法的加密都成功,但更强的算法解密失败。下面是PBEWithMD5AndDES的加解密:
加密:
prakash@prakash:~$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=secret algorithm=PBEWITHMD5ANDDES input=encryptThis
----ENVIRONMENT-----------------
Runtime: Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9-Ubuntu-3ubuntu118.04.3
----ARGUMENTS-------------------
input: encryptThis
password: secret
algorithm: PBEWITHMD5ANDDES
----OUTPUT----------------------
pZRJ9Egt+OcjBX28cSJUYDbvqiKIUVxR
解密:
prakash@prakash:~$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI password=secret algorithm=PBEWITHMD5ANDDES input=pZRJ9Egt+OcjBX28cSJUYDbvqiKIUVxR
----ENVIRONMENT-----------------
Runtime: Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9-Ubuntu-3ubuntu118.04.3
----ARGUMENTS-------------------
input: pZRJ9Egt+OcjBX28cSJUYDbvqiKIUVxR
password: secret
algorithm: PBEWITHMD5ANDDES
----OUTPUT----------------------
encryptThis
现在,如果我将算法更改为 PBEWITHHMACSHA1ANDAES_128,结果如下:
加密:
prakash@prakash:~$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=secret algorithm=PBEWITHHMACSHA1ANDAES_128 input=encryptThis
----ENVIRONMENT-----------------
Runtime: Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9-Ubuntu-3ubuntu118.04.3
----ARGUMENTS-------------------
input: encryptThis
password: secret
algorithm: PBEWITHHMACSHA1ANDAES_128
----OUTPUT----------------------
tAIe6mUS6uBCG/OkHJWT2LWRagHOMBxwK/v9L7SGZIA=
解密:
prakash@prakash:~$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI password=secret algorithm=PBEWITHHMACSHA1ANDAES_128 input=tAIe6mUS6uBCG/OkHJWT2LWRagHOMBxwK/v9L7SGZIA=
----ENVIRONMENT-----------------
Runtime: Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9-Ubuntu-3ubuntu118.04.3
----ARGUMENTS-------------------
input: tAIe6mUS6uBCG/OkHJWT2LWRagHOMBxwK/v9L7SGZIA=
password: secret
algorithm: PBEWITHHMACSHA1ANDAES_128
----ERROR-----------------------
Operation not possible (Bad input or parameters)
我使用的 jasypt 版本是 2.0.0 我已经在 java- 8 和 java-11。在两台机器中,我都启用了 JCE 的无限强度策略。
解密成功的算法列表为:
PBEWITHMD5ANDDES,
PBEWITHMD5ANDTRIPLEDES,
PBEWITHSH1ANDDESEDE,
PBEWITHSHA1ANDRC2_128,
PBEWITHSHA1ANDRC2_40,
PBEWITHSHA1ANDRC4_128,
PBEWITHSHA1ANDRC4_40。
解密失败的算法是:
PBEWITHHMACSHA1ANDAES_128
PBEWITHHMACSHA1ANDAES_256
PBEWITHHMACSHA224ANDAES_128
PBEWITHHMACSHA224ANDAES_256
PBEWITHHMACSHA256ANDAES_128
PBEWITHHMACSHA256ANDAES_256
PBEWITHHMACSHA384ANDAES_128
PBEWITHHMACSHA384ANDAES_256
PBEWITHHMACSHA512ANDAES_128
PBEWITHHMACSHA512ANDAES_256.
我已经被这个问题卡住了三天了。有人请帮帮我!
编辑:
根据 Maarten 的建议,我继续从 JasyptPBEStringDecryptionCLI 复制代码并制作自己的 class 希望通过代码重现错误并获取堆栈跟踪。
这是我写的代码:
package com.example.HelloWorldApiUbuntu;
import java.util.Properties;
import org.jasypt.intf.service.JasyptStatelessService;
public class TestingJasyptStringDecryptionCLI {
public static void main(final String[] args) throws Exception{
final JasyptStatelessService service = new JasyptStatelessService();
String input = "P/25Hp3CKdFj7pz85eJyHETugwX5ZxWEF7PpzJ/fBGI=";
final String result =
service.decrypt(
input,
"secret",
null,
null,
"PBEWITHHMACSHA512ANDAES_128",
null,
null,
"1000",
null,
null,
"org.jasypt.salt.RandomSaltGenerator",
null,
null,
"SunJCE",
null,
null,
/*argumentValues.getProperty(ArgumentNaming.ARG_PROVIDER_CLASS_NAME)*/null,
null,
null,
/*argumentValues.getProperty(ArgumentNaming.ARG_STRING_OUTPUT_TYPE)*/null,
null,
null);
System.out.println(result);
}
}
此 class 产生与 JasyptPBEStringDecryptionCLI 相同的行为,并且适用于上面列出的相同算法,但在更强的算法上失败。
这是小错误堆栈跟踪:
Exception in thread "main" org.jasypt.exceptions.EncryptionOperationNotPossibleException
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
at org.jasypt.intf.service.JasyptStatelessService.decrypt(JasyptStatelessService.java:595)
at com.example.HelloWorldApiUbuntu.TestingJasyptStringDecryptionCLI.main(TestingJasyptStringDecryptionCLI.java:12)
我知道问题出在 jasypt 而不是我的 java 因为我 运行 this code to test encryption-decryption 在我的本地使用更强的算法并且它完美运行。
编辑 2:我也尝试了 https://github.com/melloware/jasypt 给出的解决方案,结果相同。
这是 jasypt 中的错误。它也用这个 patch. See 修复了。我用这个补丁和版本 1.9.4 CLI 解决了我的类似问题。
它与带有附加参数 ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
的 Jasypt 1.9.3 一起使用
加密:
java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.3/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=secret algorithm=PBEWITHHMACSHA1ANDAES_128 input=encryptThis ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
解密:
java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.3/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI password=secret algorithm=PBEWITHHMACSHA1ANDAES_128 input=j5oaiHBv5RB8MOxQekM/b/AMWxgOCmgB91X/ObBpyA0lr57z7ecrcVGZN0LtcFan ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
我正在使用 Jasypt 的 CLI 来测试加密和解密。所有算法的加密都成功,但更强的算法解密失败。下面是PBEWithMD5AndDES的加解密:
加密:
prakash@prakash:~$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=secret algorithm=PBEWITHMD5ANDDES input=encryptThis
----ENVIRONMENT-----------------
Runtime: Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9-Ubuntu-3ubuntu118.04.3
----ARGUMENTS-------------------
input: encryptThis
password: secret
algorithm: PBEWITHMD5ANDDES
----OUTPUT----------------------
pZRJ9Egt+OcjBX28cSJUYDbvqiKIUVxR
解密:
prakash@prakash:~$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI password=secret algorithm=PBEWITHMD5ANDDES input=pZRJ9Egt+OcjBX28cSJUYDbvqiKIUVxR
----ENVIRONMENT-----------------
Runtime: Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9-Ubuntu-3ubuntu118.04.3
----ARGUMENTS-------------------
input: pZRJ9Egt+OcjBX28cSJUYDbvqiKIUVxR
password: secret
algorithm: PBEWITHMD5ANDDES
----OUTPUT----------------------
encryptThis
现在,如果我将算法更改为 PBEWITHHMACSHA1ANDAES_128,结果如下:
加密:
prakash@prakash:~$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=secret algorithm=PBEWITHHMACSHA1ANDAES_128 input=encryptThis
----ENVIRONMENT-----------------
Runtime: Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9-Ubuntu-3ubuntu118.04.3
----ARGUMENTS-------------------
input: encryptThis
password: secret
algorithm: PBEWITHHMACSHA1ANDAES_128
----OUTPUT----------------------
tAIe6mUS6uBCG/OkHJWT2LWRagHOMBxwK/v9L7SGZIA=
解密:
prakash@prakash:~$ java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.2/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI password=secret algorithm=PBEWITHHMACSHA1ANDAES_128 input=tAIe6mUS6uBCG/OkHJWT2LWRagHOMBxwK/v9L7SGZIA=
----ENVIRONMENT-----------------
Runtime: Oracle Corporation OpenJDK 64-Bit Server VM 11.0.2+9-Ubuntu-3ubuntu118.04.3
----ARGUMENTS-------------------
input: tAIe6mUS6uBCG/OkHJWT2LWRagHOMBxwK/v9L7SGZIA=
password: secret
algorithm: PBEWITHHMACSHA1ANDAES_128
----ERROR-----------------------
Operation not possible (Bad input or parameters)
我使用的 jasypt 版本是 2.0.0 我已经在 java- 8 和 java-11。在两台机器中,我都启用了 JCE 的无限强度策略。
解密成功的算法列表为:
PBEWITHMD5ANDDES,
PBEWITHMD5ANDTRIPLEDES,
PBEWITHSH1ANDDESEDE,
PBEWITHSHA1ANDRC2_128,
PBEWITHSHA1ANDRC2_40,
PBEWITHSHA1ANDRC4_128,
PBEWITHSHA1ANDRC4_40。
解密失败的算法是:
PBEWITHHMACSHA1ANDAES_128
PBEWITHHMACSHA1ANDAES_256
PBEWITHHMACSHA224ANDAES_128
PBEWITHHMACSHA224ANDAES_256
PBEWITHHMACSHA256ANDAES_128
PBEWITHHMACSHA256ANDAES_256
PBEWITHHMACSHA384ANDAES_128
PBEWITHHMACSHA384ANDAES_256
PBEWITHHMACSHA512ANDAES_128
PBEWITHHMACSHA512ANDAES_256.
我已经被这个问题卡住了三天了。有人请帮帮我!
编辑: 根据 Maarten 的建议,我继续从 JasyptPBEStringDecryptionCLI 复制代码并制作自己的 class 希望通过代码重现错误并获取堆栈跟踪。 这是我写的代码:
package com.example.HelloWorldApiUbuntu;
import java.util.Properties;
import org.jasypt.intf.service.JasyptStatelessService;
public class TestingJasyptStringDecryptionCLI {
public static void main(final String[] args) throws Exception{
final JasyptStatelessService service = new JasyptStatelessService();
String input = "P/25Hp3CKdFj7pz85eJyHETugwX5ZxWEF7PpzJ/fBGI=";
final String result =
service.decrypt(
input,
"secret",
null,
null,
"PBEWITHHMACSHA512ANDAES_128",
null,
null,
"1000",
null,
null,
"org.jasypt.salt.RandomSaltGenerator",
null,
null,
"SunJCE",
null,
null,
/*argumentValues.getProperty(ArgumentNaming.ARG_PROVIDER_CLASS_NAME)*/null,
null,
null,
/*argumentValues.getProperty(ArgumentNaming.ARG_STRING_OUTPUT_TYPE)*/null,
null,
null);
System.out.println(result);
}
}
此 class 产生与 JasyptPBEStringDecryptionCLI 相同的行为,并且适用于上面列出的相同算法,但在更强的算法上失败。 这是小错误堆栈跟踪:
Exception in thread "main" org.jasypt.exceptions.EncryptionOperationNotPossibleException
at org.jasypt.encryption.pbe.StandardPBEByteEncryptor.decrypt(StandardPBEByteEncryptor.java:1055)
at org.jasypt.encryption.pbe.StandardPBEStringEncryptor.decrypt(StandardPBEStringEncryptor.java:725)
at org.jasypt.intf.service.JasyptStatelessService.decrypt(JasyptStatelessService.java:595)
at com.example.HelloWorldApiUbuntu.TestingJasyptStringDecryptionCLI.main(TestingJasyptStringDecryptionCLI.java:12)
我知道问题出在 jasypt 而不是我的 java 因为我 运行 this code to test encryption-decryption 在我的本地使用更强的算法并且它完美运行。
编辑 2:我也尝试了 https://github.com/melloware/jasypt 给出的解决方案,结果相同。
这是 jasypt 中的错误。它也用这个 patch. See
它与带有附加参数 ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
的 Jasypt 1.9.3 一起使用加密:
java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.3/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI password=secret algorithm=PBEWITHHMACSHA1ANDAES_128 input=encryptThis ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator
解密:
java -cp ~/.m2/repository/org/jasypt/jasypt/1.9.3/jasypt-1.9.2.jar org.jasypt.intf.cli.JasyptPBEStringDecryptionCLI password=secret algorithm=PBEWITHHMACSHA1ANDAES_128 input=j5oaiHBv5RB8MOxQekM/b/AMWxgOCmgB91X/ObBpyA0lr57z7ecrcVGZN0LtcFan ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator