我们想做一个基于 java 的解决方案,可以解密 Ansible vault 的秘密,这取决于这个非常聪明的博客
我们制作了一个 java 测试解决方案来检查 python 代码的工作,但第一步的结果不是预期的。我们想就这个问题寻求一些帮助。为什么我们得不到正确的结果?基于python的方法是否可能与基于java的方法不同?
@Test
public void testFirstStepOfImplementation() throws NoSuchAlgorithmException, In-validKeySpecException {
String salt = "33343835306666636239373663396363643766613363343837646633343933376633323964663030313461623564666130643664313438333363373037623365";
String hmac = "66346632303234363338306133646136393261363338616337613039363435313631343437323164386661326633313339396238396236346239333863663265";
String encryptedBytes = "653036663266373533343232393838343161396564333963643632653932303861356361316561303465373566373961393231343861623064313765643465376335666665326331323061373237336639356165393563613765663864366231";
String saltAscii = hexToAscii(salt);
System.out.println(saltAscii);
System.out.println(hexToAscii(hmac));
System.out.println(hexToAscii(encryptedBytes));
final Charset asciiCs = Charset.forName("UTF-8");
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
// Here is the problematic method call
PBEKeySpec spec = new PBEKeySpec(asciiCs.encode("password").toString().toCharArray(), hex-ToAscii(saltAscii).getBytes(), 10000, 80 * 8);
SecretKey tmp = factory.generateSecret(spec);
System.out.println(bytesToHex(tmp.getEncoded()));
// It must be:
// # KDF (80 bytes)
// fc4a21fb71bfaad6a0bbb078f0704721
// ccad80519fc349c3ff14268fced14203
// 9bfb1a43effdfb8f8d7119387fccec54
// 8859c7fccc26589a65a2ee856e05763f
// 394f9f4a44152b33234cba44c930921b
}
但是代码的结果是:
b4f0b2c365a1ab6d2abaa18f687078896a739ca97fe55dbd5c0e0ceea0d82d0391938442c5e1db2c5f6e2e944a9338f452cecb3892751ef27677f5cb29129943a558c357eaddb
而不是好的:
fc4a21fb71bfaad6a0bbb078f0704721ccad80519fc349c3ff14268fced142039bfb1a43effdfb8f8d7119387fccec548859c7fccc26589a65a2ee856e05763f394f3219f4a4441cbb352