将 .Net 解密转换为 Java
Converting .Net decryption to Java
目前我正在做一个项目,他们使用 AES 加密和 RFC2898 派生字节。这是我提供的解密方法。现在我需要在 java.
中实现它
private string Decrypt(string cipherText)
{
string EncryptionKey = "MAKV2SPBNI657328B";
cipherText = cipherText.Replace(" ", "+");
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] {
0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76
});
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}
这就是我到目前为止所做的:
String EncryptionKey = "MAKV2SPBNI657328B";
String userName="5L9p7pXPxc1N7ey6tpJOla8n10dfCNaSJFs%2bp5U0srs0GdH3OcMWs%2fDxMW69BQb7";
byte[] salt = new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76};
try {
userName = java.net.URLDecoder.decode(userName, StandardCharsets.UTF_8.name());
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec pbeKeySpec = new PBEKeySpec(EncryptionKey.toCharArray(), salt, 1000);
Key secretKey = factory.generateSecret(pbeKeySpec);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] result = cipher.doFinal(userName.getBytes("UTF-8"));
System.out.println(result.toString());
} catch (Exception e) {
System.out.println(e.getMessage());
}
但是我收到如下错误:
Key length not found
java.security.spec.InvalidKeySpecException: Key length not found
Java代码中存在一些问题:必须指定要生成的位数,除了必须导出IV的密钥外,还必须申请IV进行解密,密文必须是解码明文必须使用Base64解码和Utf-16LE。详细:
实例化PBEKeySpec时,必须在第4个参数中指定要生成的位数。由于密钥(256 位)和 IV(128 位)都是在 C# 代码中派生的,因此必须应用 384(= 256 + 128):
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec pbeKeySpec = new PBEKeySpec(encryptionKey.toCharArray(), salt, 1000, 384);
前256位是密钥,后面128位是IV:
byte[] derivedData = factory.generateSecret(pbeKeySpec).getEncoded();
byte[] key = new byte[32];
byte[] iv = new byte[16];
System.arraycopy(derivedData, 0, key, 0, key.length);
System.arraycopy(derivedData, key.length, iv, 0, iv.length);
IV 必须在 Cipher#init-call using an IvParameterSpec 实例的第三个参数中传递:
SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivSpec);
密文必须经过Base64解码才能解密:
byte[] result = cipher.doFinal(Base64.getDecoder().decode(userName));
必须使用 Utf-16LE 编码(对应于 C# 中的 Encoding.Unicode)从解密的字节数组创建一个字符串:
System.out.println(new String(result, StandardCharsets.UTF_16LE)); // Output: Mohammad Al Mamun
注意 CBC mode, it's important that a key/IV combination is only used once for security reasons. For the C# (or Java) code here, this means that for the same password, different salts must be used for each encryption, see here.
目前我正在做一个项目,他们使用 AES 加密和 RFC2898 派生字节。这是我提供的解密方法。现在我需要在 java.
中实现它private string Decrypt(string cipherText)
{
string EncryptionKey = "MAKV2SPBNI657328B";
cipherText = cipherText.Replace(" ", "+");
byte[] cipherBytes = Convert.FromBase64String(cipherText);
using (Aes encryptor = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] {
0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76
});
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
cipherText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return cipherText;
}
这就是我到目前为止所做的:
String EncryptionKey = "MAKV2SPBNI657328B";
String userName="5L9p7pXPxc1N7ey6tpJOla8n10dfCNaSJFs%2bp5U0srs0GdH3OcMWs%2fDxMW69BQb7";
byte[] salt = new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76};
try {
userName = java.net.URLDecoder.decode(userName, StandardCharsets.UTF_8.name());
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
PBEKeySpec pbeKeySpec = new PBEKeySpec(EncryptionKey.toCharArray(), salt, 1000);
Key secretKey = factory.generateSecret(pbeKeySpec);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] result = cipher.doFinal(userName.getBytes("UTF-8"));
System.out.println(result.toString());
} catch (Exception e) {
System.out.println(e.getMessage());
}
但是我收到如下错误:
Key length not found java.security.spec.InvalidKeySpecException: Key length not found
Java代码中存在一些问题:必须指定要生成的位数,除了必须导出IV的密钥外,还必须申请IV进行解密,密文必须是解码明文必须使用Base64解码和Utf-16LE。详细:
实例化
PBEKeySpec时,必须在第4个参数中指定要生成的位数。由于密钥(256 位)和 IV(128 位)都是在 C# 代码中派生的,因此必须应用 384(= 256 + 128):SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); PBEKeySpec pbeKeySpec = new PBEKeySpec(encryptionKey.toCharArray(), salt, 1000, 384);前256位是密钥,后面128位是IV:
byte[] derivedData = factory.generateSecret(pbeKeySpec).getEncoded(); byte[] key = new byte[32]; byte[] iv = new byte[16]; System.arraycopy(derivedData, 0, key, 0, key.length); System.arraycopy(derivedData, key.length, iv, 0, iv.length);IV 必须在
Cipher#init-call using anIvParameterSpec实例的第三个参数中传递:SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES"); IvParameterSpec ivSpec = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivSpec);密文必须经过Base64解码才能解密:
byte[] result = cipher.doFinal(Base64.getDecoder().decode(userName));必须使用 Utf-16LE 编码(对应于 C# 中的
Encoding.Unicode)从解密的字节数组创建一个字符串:System.out.println(new String(result, StandardCharsets.UTF_16LE)); // Output: Mohammad Al Mamun
注意 CBC mode, it's important that a key/IV combination is only used once for security reasons. For the C# (or Java) code here, this means that for the same password, different salts must be used for each encryption, see here.