3

提到这一点,我必须使用算法AGCM256-KW进行加密。我正在使用 Java Cryptography,但没有找到任何这样的算法。我发现最接近的是AES_256/GCM/NoPadding,但它没有 KW(密钥包装)。

这是我的测试代码

    public void testEncryption(String algo) {
    String shared_secret = "LyQnklSrxsk3Ch2+AHi9HoDW@//x1LwM123QP/ln";
    try {

        // Step 1 - Create SHA-256 digest of the shared key
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        byte[] digest = md.digest(shared_secret.getBytes("UTF-8"));

        // Step 2 - generate a 256 bit Content Encryption Key(CEK)
        KeyGenerator kg = KeyGenerator.getInstance("AES");
        kg.init(256);
        SecretKey cek = kg.generateKey();

        // Step 3 - encrypt the CEK using 256 bit digest generated in Step 1
        // and 96 bit random IV. Algorithm should be

        // random 96 bit Initialize Vector
        SecureRandom random = new SecureRandom();
        // byte iv[] = new byte[96];
        // random.nextBytes(iv);
        byte iv[] = random.generateSeed(96);
        System.out.println("IV: " + toBase64(iv) + " length: " + iv.length);
        IvParameterSpec ivspec = new IvParameterSpec(iv);
        GCMParameterSpec gspec = new GCMParameterSpec(96, iv);

        // encrypt
        Cipher cipher = Cipher.getInstance(algo);
        System.out.println(String.format("CEK Cipher alg:%S provider:%S", cipher.getAlgorithm(),
                cipher.getProvider().getName()));

        cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(digest, "AES"), gspec);
        byte[] result = cipher.doFinal(cek.getEncoded());

        System.out.println(String.format("Encrypted CEK :%S", toBase64(result)));

    } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (UnsupportedEncodingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (InvalidAlgorithmParameterException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (NoSuchPaddingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IllegalBlockSizeException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (BadPaddingException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
}

更新 1 我想我可以使用具有JWE API 的jose4j库。

4

3 回答 3

8

是的,Visa 令牌服务似乎正在使用 JWE(现为RFC 7516),因此您可以为此使用 jose4j。下面是一些示例代码,展示了使用 A256GCMKW 和 AGCM256 使用 JWE 对某些内容进行加密和解密:

    // shared secret hashed to key from your example
    String shared_secret = "LyQnklSrxsk3Ch2+AHi9HoDW@//x1LwM123QP/ln";
    MessageDigest md = MessageDigest.getInstance("SHA-256");
    byte[] digest = md.digest(shared_secret.getBytes("UTF-8"));

    JsonWebEncryption jwe = new JsonWebEncryption();

    // A256GCMKW for key wrap
    jwe.setAlgorithmHeaderValue(KeyManagementAlgorithmIdentifiers.A256GCMKW);

    // A256GCM for content encryption
    jwe.setEncryptionMethodHeaderParameter(ContentEncryptionAlgorithmIdentifiers.AES_256_GCM);

    // the key (from above)
    jwe.setKey(new SecretKeySpec(digest, "AES"));

    // whatever content you want to encrypt
    jwe.setPayload("some important content to be encrypted and integrity protected");

    // Produce the JWE compact serialization, which is where the actual encryption is done.
    // The JWE compact serialization consists of five base64url encoded parts
    // combined with a dot ('.') character in the general format of
    // <header>.<encrypted key>.<initialization vector>.<ciphertext>.<authentication tag>
    String serializedJwe = jwe.getCompactSerialization();


    // Do something with the JWE. Like send it to some other party over the clouds
    // and through the interwebs.
    System.out.println("JWE compact serialization: " + serializedJwe);

    // That other party, the receiver, can then use JsonWebEncryption to decrypt the message.
    JsonWebEncryption receiverJwe = new JsonWebEncryption();

    // Set the compact serialization on new Json Web Encryption object
    receiverJwe.setCompactSerialization(serializedJwe);

    // Symmetric encryption, like we are doing here, requires that both parties have the same key.
    // The key will have had to have been securely exchanged out-of-band somehow.
    receiverJwe.setKey(new SecretKeySpec(digest, "AES"));

    // Get the message that was encrypted in the JWE. This step performs the actual decryption steps.
    String plaintext = receiverJwe.getPlaintextString();

    // And do whatever you need to do with the clear text message.
    System.out.println("plaintext: " + plaintext);
于 2016-07-02T19:27:41.080 回答
1

假设您确实需要 GCM 模式下的 AES(我从未听说过 AGCM,但我想这是一个合乎逻辑的假设,它意味着 AES/GCM)。然后以下内容可用于(取消)包装密钥。请注意,我没有使用IvParameterSpec,至少对于 Oracle JCE 没有。

SecretKey sk = new SecretKeySpec(new byte[16], "AES");
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec gcmSpec = new GCMParameterSpec(128, new byte[12]);
cipher.init(Cipher.WRAP_MODE, sk, gcmSpec);
byte[] wrappedKey = cipher.wrap(sk);
System.out.println(Hex.toHexString(wrappedKey));

cipher.init(Cipher.UNWRAP_MODE, sk, gcmSpec);
SecretKey unwrap = (SecretKey) cipher.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
System.out.println(Hex.toHexString(unwrap.getEncoded()));

请注意,使用 SIV 模式可能更适合包装密钥,因为您不需要将 IV身份验证标签与包装密钥一起存储(示例中未显示存储 IV)。上面的代码依赖于一个唯一的 IV 来保证安全(也没有显示)。

显然,用自己包装密钥也不是一个好主意。对不起,我在这里有点懒;我刚刚展示了如何使用密码。

于 2016-06-30T22:32:39.767 回答
1

“KW”指的是 RFC 3394 中定义的“密钥包装”。该算法在 JCE 中的名称是“AESWrap”。所以,转换应该是“AESWrap/GCM/NoPadding”。正如 Maarten 指出的那样,从逻辑上讲,这个操作应该配置Cipherin WRAP_MODE

于 2016-06-30T22:46:09.417 回答