2

我在Java中有以下代码:

public static void deriveKeyAndIV(String password)
            throws Exception
    {
        SecureRandom random = new SecureRandom();
        if (salt == null)
        {
            salt = new byte[HASH_BYTE_SIZE / 8]; // use salt size at least as long as hash
            random.nextBytes(salt);
        }
        if (ivBytes == null)
        {
            ivBytes = new byte[HASH_BYTE_SIZE / 8];
            random.nextBytes(ivBytes);
        }

        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, PBKDF2_ITERATIONS, HASH_BYTE_SIZE);
        SecretKeyFactory skf = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
        keyBytes = skf.generateSecret(spec).getEncoded();
    }
public static byte[] encrypt(byte[] message) 
            throws Exception
    {
        // wrap key data in Key/IV specs to pass to cipher
        SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
        //IvParameterSpec ivSpec = new IvParameterSpec(ivBytes);
        // create the cipher with the algorithm you choose
        // see javadoc for Cipher class for more info, e.g.
        Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5Padding");

        GCMParameterSpec gps = new GCMParameterSpec(128, ivBytes);

        cipher.init(Cipher.ENCRYPT_MODE, key, gps);
        byte[] encrypted = new byte[cipher.getOutputSize(message.length)];
        int enc_len = cipher.update(message, 0, message.length, encrypted, 0);
        enc_len += cipher.doFinal(encrypted, enc_len);
        return encrypted;
    }
public static byte[] decrypt(byte[] cipher_text) 
            throws Exception
    {
        // wrap key data in Key/IV specs to pass to cipher
        SecretKeySpec key = new SecretKeySpec(keyBytes, "AES");
        // create the cipher with the algorithm you choose
        // see javadoc for Cipher class for more info, e.g.
        Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5Padding");

        GCMParameterSpec gps = new GCMParameterSpec(128, ivBytes);

        cipher.init(Cipher.DECRYPT_MODE, key, gps);
        byte[] decrypted = new byte[cipher.getOutputSize(cipher_text.length)];
        int dec_len = cipher.update(cipher_text, 0, cipher_text.length, decrypted, 0);
        dec_len += cipher.doFinal(decrypted, dec_len);
        return decrypted;
    }
public static void main(String[] args) {
        String pass = "hello";
        try {
            deriveKeyAndIV(pass);
            byte[] tmp = encrypt("world!".getBytes());
            System.out.println(new String(Base64.getEncoder().encode(tmp)));
            System.out.println(new String(tmp));
            System.out.println("encrypted:\t" + bytesToHex(tmp));
            System.out.println("key:\t" + bytesToHex(keyBytes));
            System.out.println("iv:\t" + bytesToHex(ivBytes));
            tmp = decrypt(tmp);

            System.out.println("decrypted:\t" + bytesToHex(tmp));
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

样本输出:

5xwfm037nXfGS06V5OKgW/oo6WDuow==
��M��w�KN���[�(�`�
encrypted:  E71C1F9B4DFB9D77C64B4E95E4E2A05BFA28E960EEA3
key:    6D525D38BFF7F70AD25205E97368C197
iv: 060374643557ED8E2F6A215F1B6DBD0E
decrypted:  776F726C6421

我将 Base64 输出复制到一个文件(测试输入)中,并尝试使用以下命令对其进行解密:

openssl enc -d -base64 -id-aes128-GCM -K 6D525D38BFF7F70AD25205E97368C197  -in ~/Desktop/test-in -out ~/Desktop/test-out -iv 060374643557ED8E2F6A215F1B6DBD0E

我收到一条bad decrypt错误消息(退出代码:1)。尝试不同的模式(id-aes192-GCM 和 id-aes256-GCM)结果相同。

我做错了什么?

4

2 回答 2

1

我将 Base64 输出复制到一个文件(测试输入)中,并尝试使用以下命令对其进行解密...

经过身份验证的加密模式不适用于命令行工具。从openssl enc手册页

enc 程序不支持 CCM 和 GCM 等经过身份验证的加密模式。该实用程序不存储或检索身份验证标签。

我知道文档最近更新(大约 2014 年 5 月或 2014 年 6 月)上面的声明。触发它的邮件列表消息是v1.0.1g command line gcm error

我不知道新版本的工具(如openssl enc1.0.2 或 1.1.0)是否提供了有意义的错误消息,或者您是否只是得到bad decrypt

我做错了什么?

没有什么。

于 2014-12-21T21:06:48.230 回答
1

这可能是一个错误,请参阅: http: //openssl.6102.n7.nabble.com/1-1-0-dev-AES-GCM-on-command-line-quot-bad-decrypt-quot-but-似乎工作-td49979.html,即使这并不完全有效:

KEY=6D525D38BFF7F70AD25205E97368C197
IV=060374643557ED8E2F6A215F1B6DBD0E
echo "world!" | openssl enc -id-aes128-GCM -K $KEY -iv $IV | openssl enc -d -id-aes128-GCM -K $KEY -iv $IV
world!
bad decrypt
于 2014-12-19T14:04:20.117 回答