是的,您可以使用相同的密钥;甚至需要使用相同的密钥。但是,您不应该使用相同的密钥/IV 组合,因为这不安全。因此,IV 通常会以密文为前缀。
请注意,以下实现向您展示了如何在没有 的情况下生成随机 IV SecureRandom
,但这有点虚伪,因为Cipher
该类只会在内部使用默认值来创建 IV。对于 CBC,攻击者可能知道 IV,但攻击者应该无法将其与随机数据区分开来。
在这个例子中,关键数据简单地存储在一个“常量”中。将密钥存储在源代码中可能无法提供足够的安全性。相反,它通常使用公钥、密码、存储在 USB 密钥中、存储在智能卡或 HSM 等中进行加密。然而,密钥管理是一个广泛的主题,因此我不会为这个答案进一步讨论它。
但是,在 Java 中,您应该使用SecretKey
/SecretKeySpec
从已知数据和IvParameterSpec
已知 IV(或 Nonce)创建密钥。
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class AESWithStaticKeyAndRandomIV {
private static byte[] KEY = new byte[] { (byte) 0x14, (byte) 0x0b,
(byte) 0x41, (byte) 0xb2, (byte) 0x2a, (byte) 0x29, (byte) 0xbe,
(byte) 0xb4, (byte) 0x06, (byte) 0x1b, (byte) 0xda, (byte) 0x66,
(byte) 0xb6, (byte) 0x74, (byte) 0x7e, (byte) 0x14 };
public static byte[] encrypt(byte[] plaintext) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKey key = new SecretKeySpec(KEY, "AES");
cipher.init(Cipher.ENCRYPT_MODE, key);
AlgorithmParameters params = cipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
byte[] ciphertext = new byte[iv.length
+ cipher.getOutputSize(plaintext.length)];
System.arraycopy(iv, 0, ciphertext, 0, iv.length);
cipher.doFinal(plaintext, 0, plaintext.length, ciphertext,
iv.length);
return ciphertext;
} catch (InvalidKeyException | NoSuchAlgorithmException
| NoSuchPaddingException | InvalidParameterSpecException
| ShortBufferException | IllegalBlockSizeException
| BadPaddingException e) {
throw new IllegalStateException(
"CBC encryption with standard algorithm should never fail",
e);
}
}
public static byte[] decrypt(byte[] ciphertext) throws IllegalBlockSizeException,
BadPaddingException {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec key = new SecretKeySpec(KEY, "AES");
if (ciphertext.length < cipher.getBlockSize()) {
throw new IllegalArgumentException(
"Ciphertext too small to contain IV");
}
IvParameterSpec ivSpec = new IvParameterSpec(ciphertext, 0,
cipher.getBlockSize());
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
byte[] plaintext = new byte[cipher.getOutputSize(ciphertext.length
- cipher.getBlockSize())];
cipher.doFinal(ciphertext, cipher.getBlockSize(), ciphertext.length
- cipher.getBlockSize(), plaintext, 0);
return plaintext;
} catch (InvalidKeyException | NoSuchAlgorithmException
| NoSuchPaddingException | ShortBufferException
| InvalidAlgorithmParameterException e) {
throw new IllegalStateException(
"CBC decryption with standard algorithm should be available",
e);
}
}
public static void main(String[] args) throws Exception {
byte[] plaintext = decrypt(encrypt("owlstead".getBytes(StandardCharsets.UTF_8)));
System.out.println(new String(plaintext, StandardCharsets.UTF_8));
}
}
使用密钥存储(您现在必须使用 JCEKS):
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStore.ProtectionParameter;
import java.security.KeyStore.SecretKeyEntry;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.ShortBufferException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public class AESWithStaticKeyAndRandomIV {
private static final String KEY_ALIAS = "secret";
private static byte[] KEY = new byte[] { (byte) 0x14, (byte) 0x0b,
(byte) 0x41, (byte) 0xb2, (byte) 0x2a, (byte) 0x29, (byte) 0xbe,
(byte) 0xb4, (byte) 0x06, (byte) 0x1b, (byte) 0xda, (byte) 0x66,
(byte) 0xb6, (byte) 0x74, (byte) 0x7e, (byte) 0x14 };
private static ProtectionParameter PASSWORD = new KeyStore.PasswordProtection(
new char[] {'p', 'a', 's', 's', 'w', 'o', 'r', 'd'});
private final KeyStore store;
private AESWithStaticKeyAndRandomIV(KeyStore store) {
this.store = store;
}
public byte[] encrypt(byte[] plaintext) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKey key;
try {
key = ((SecretKeyEntry) store.getEntry(KEY_ALIAS, PASSWORD))
.getSecretKey();
} catch (UnrecoverableEntryException | KeyStoreException e) {
throw new IllegalStateException("What key?", e);
}
cipher.init(Cipher.ENCRYPT_MODE, key);
AlgorithmParameters params = cipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
byte[] ciphertext = new byte[iv.length
+ cipher.getOutputSize(plaintext.length)];
System.arraycopy(iv, 0, ciphertext, 0, iv.length);
cipher.doFinal(plaintext, 0, plaintext.length, ciphertext,
iv.length);
return ciphertext;
} catch (InvalidKeyException | NoSuchAlgorithmException
| NoSuchPaddingException | InvalidParameterSpecException
| ShortBufferException | IllegalBlockSizeException
| BadPaddingException e) {
throw new IllegalStateException(
"CBC encryption with standard algorithm should never fail",
e);
}
}
public byte[] decrypt(byte[] ciphertext) throws IllegalBlockSizeException,
BadPaddingException {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKey key;
try {
key = ((SecretKeyEntry) store.getEntry(KEY_ALIAS, PASSWORD))
.getSecretKey();
} catch (UnrecoverableEntryException | KeyStoreException e) {
throw new IllegalStateException("What key?", e);
}
if (ciphertext.length < cipher.getBlockSize()) {
throw new IllegalArgumentException(
"Ciphertext too small to contain IV");
}
IvParameterSpec ivSpec = new IvParameterSpec(ciphertext, 0,
cipher.getBlockSize());
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
byte[] plaintext = new byte[cipher.getOutputSize(ciphertext.length
- cipher.getBlockSize())];
cipher.doFinal(ciphertext, cipher.getBlockSize(), ciphertext.length
- cipher.getBlockSize(), plaintext, 0);
return plaintext;
} catch (InvalidKeyException | NoSuchAlgorithmException
| NoSuchPaddingException | ShortBufferException
| InvalidAlgorithmParameterException e) {
throw new IllegalStateException(
"CBC decryption with standard algorithm should be available",
e);
}
}
public static KeyStore createStoreWithSecretKey() {
try {
KeyStore keyStore = KeyStore.getInstance("JCEKS");
keyStore.load(null);
SecretKey key = new SecretKeySpec(KEY, "AES");
keyStore.setEntry(KEY_ALIAS, new KeyStore.SecretKeyEntry(key), PASSWORD);
return keyStore;
} catch (KeyStoreException | NoSuchAlgorithmException
| CertificateException | IOException e) {
throw new IllegalStateException("Unable to create key store", e);
}
}
public static void main(String[] args) throws Exception {
AESWithStaticKeyAndRandomIV crypt = new AESWithStaticKeyAndRandomIV(
createStoreWithSecretKey());
byte[] plaintext = crypt.decrypt(crypt.encrypt("owlstead"
.getBytes(StandardCharsets.UTF_8)));
System.out.println(new String(plaintext, StandardCharsets.UTF_8));
}
}