1

目前我正在开发一个项目,他们使用 AES 加密和 RFC2898 派生字节。这是我提供的解密方法。现在我需要在java中实现它。

private string Decrypt(string cipherText)
    {
        string EncryptionKey = "MAKV2SPBNI657328B";
        cipherText = cipherText.Replace(" ", "+");
        byte[] cipherBytes = Convert.FromBase64String(cipherText);
        using (Aes encryptor = Aes.Create())
        {
            Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] {
                0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 
                });
            encryptor.Key = pdb.GetBytes(32);
            encryptor.IV = pdb.GetBytes(16);
            using (MemoryStream ms = new MemoryStream())
            {
                using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
                {
                    cs.Write(cipherBytes, 0, cipherBytes.Length);
                    cs.Close();
                }
                cipherText = Encoding.Unicode.GetString(ms.ToArray());
            }
        }
        return cipherText;
    }

这就是我到目前为止所做的:

   String EncryptionKey = "MAKV2SPBNI657328B";
   String userName="5L9p7pXPxc1N7ey6tpJOla8n10dfCNaSJFs%2bp5U0srs0GdH3OcMWs%2fDxMW69BQb7"; 
   byte[] salt =  new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76};
   try {
        userName = java.net.URLDecoder.decode(userName, StandardCharsets.UTF_8.name());
        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
        PBEKeySpec pbeKeySpec = new PBEKeySpec(EncryptionKey.toCharArray(), salt, 1000);
        Key secretKey = factory.generateSecret(pbeKeySpec);
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, secretKey);
        byte[] result = cipher.doFinal(userName.getBytes("UTF-8"));
        System.out.println(result.toString());
   } catch (Exception e) {
        System.out.println(e.getMessage());
   }

但我收到如下错误:

未找到密钥长度 java.security.spec.InvalidKeySpecException:未找到密钥长度

4

1 回答 1

1

Java代码有一些问题:必须指定要生成的位数,除了必须导出IV的密钥外,还必须申请IV进行解密,密文必须经过Base64解码并且必须使用Utf-16LE解码明文时。详细地:

  • 实例化时PBEKeySpec,必须在第 4 个参数中指定要生成的位数。由于密钥(256 位)和 IV(128 位)都是在 C# 代码中派生的,因此必须应用 384(= 256 + 128):

    SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
    PBEKeySpec pbeKeySpec = new PBEKeySpec(encryptionKey.toCharArray(), salt, 1000, 384);   
    
  • 前 256 位是密钥,接下来的 128 位是 IV:

    byte[] derivedData = factory.generateSecret(pbeKeySpec).getEncoded();
    byte[] key = new byte[32];
    byte[] iv = new byte[16];
    System.arraycopy(derivedData, 0, key, 0, key.length);
    System.arraycopy(derivedData, key.length, iv, 0, iv.length);
    
  • IV 必须Cipher#init使用IvParameterSpec实例在 -call 的第三个参数中传递:

    SecretKeySpec secretKeySpec = new SecretKeySpec(key, "AES");
    IvParameterSpec ivSpec = new IvParameterSpec(iv);
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
    cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivSpec);
    
  • 密文必须经过 Base64 解码才能解密:

    byte[] result = cipher.doFinal(Base64.getDecoder().decode(userName));
    
  • 从解密的字节数组中,必须使用 Utf-16LE 编码(对应Encoding.Unicode于 C#)创建一个字符串:

    System.out.println(new String(result, StandardCharsets.UTF_16LE)); // Output: Mohammad Al Mamun
    

请注意,对于CBC模式,出于安全原因,密钥/IV 组合仅使用一次非常重要。对于此处的 C#(或 Java)代码,这意味着对于相同的密码,每次加密必须使用不同的盐,请参见此处

于 2020-02-25T11:09:12.143 回答