2

我已经使用标准 Java 工具和针对特定 AES 算法的 BouncyCastle 提供程序使用某些特定于任务的参数实现了 AES 加密。

这是代码:

private byte[] aesEncryptedInfo(String info) throws UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidParameterSpecException, InvalidAlgorithmParameterException, NoSuchProviderException {
    Security.addProvider(new BouncyCastleProvider());
    SecretKey secret = new SecretKeySpec(CUSTOMLONGSECRETKEY.substring(0, 32).getBytes(), "AES");
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
    cipher.init(Cipher.ENCRYPT_MODE, secret, new IvParameterSpec(VECTOR_SECRET_KEY.getBytes()));
    return cipher.doFinal(info.getBytes("UTF-8"));
}

在某些环境中,此代码需要特殊的策略文件。请参阅相关问题:InvalidKeyException Illegal key size

我的目标是使用第三方库重新实现它,理想情况下我会使用已经用作提供者的充气城堡。该库不应限制标准 java 策略文件。换句话说,不应该有任何限制。

请在您的回答中建议如何使用 BouncyCastle 或其他可以不受限制地工作的第三方库重新实现它。理想情况下,我会看到代码:-)

非常感谢您的阅读!

延迟后,我现在很高兴发布解决方案。希望有人可以从中受益,因为 Bouncy Castle 文档中没有很多示例 :-)

private byte[] aesEncryptedInfo(String info)
// Creating AES/CBC/PKCS7Padding cipher with specified Secret Key and Initial Vector
PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), new PKCS7Padding());
cipher.init(true, new ParametersWithIV(new KeyParameter(CUSTOMLONGSECRETKEY.getBytes()), VECTOR_SECRET_KEY.getBytes()));

byte[] inputData = info.getBytes("UTF-8");
int outBlockSize = cipher.getOutputSize(inputData.length);
byte[] outputData = new byte[outBlockSize];

int outLength = cipher.processBytes(inputData, 0, inputData.length, outputData, 0);
outLength += cipher.doFinal(outputData, outLength);
if (outLength != outBlockSize) {
    return Arrays.copyOf(outputData, outLength);
}
else {
    return outputData;
}

}

顺便说一句,我发现 Java API 和 Bouncy Castle API 之间有两个区别: 1. Bouncy Castle 使用对象组合来创建所需的密码。而 Java API 使用字符串来识别所需的密码。2. BC 加密代码略大,而 Java API 代码更紧凑。

该解决方案完全替代了原始 Java API 实现——证明是我制作的自定义单元测试。

4

3 回答 3

3

Use the Bouncycastle lightweight crypto API directly, rather than through Java JCE interface. Bouncycastle includes its own crypto API accessible through various classes in org.bouncycastle.* packages. It also implements the JCE provider interface to make some of its crypto implementations available through standard JCE classes like Cipher, KeyGenerator, etc.

The cryptography policy restrictions are enforced by the JCE classes, not by bouncycastle. Therefore if you do not use these classes you'll will not encounter any restrictions. On the downside you will sacrifice some portability. To get started, take a look at the javadocs for the AESEngine class, and the rest of the javadocs for the bouncycastle.

于 2010-10-11T12:14:02.157 回答
1

为什么不能只添加必要的策略文件?

那将是最容易做的事情。如果您居住在美国并将您的软件出口到其他(可能是“不允许的”)国家,那么(理论上)无论哪种方式(包括策略文件/自己进行加密)都会遇到麻烦。

If you live outside the US, why even bother about it, just include the policy files, no one cares.

于 2010-10-06T09:05:03.780 回答
0

No option for buying a toolkit? RSA BSAFE

于 2010-10-06T10:47:24.780 回答