java通过TCP流发送密钥编码的字符串BadPaddingException with Windows
我认为Windows操作系统(Windows 7)在使用writeUTF()和readUTF()方法通过TCP连接发送加密字符串时遇到了一个特定的问题
客户端和服务器首先使用私钥对建立连接。然后他们就用于进一步通信的共享密钥达成一致。当使用共享密钥加密并通过writeUTF()和readUTF()发送的字符串填充错误时,就会出现问题。第一种情况是使用writeUTF()方法从服务器向客户端发送加密确认
问题只会偶尔出现!有时程序运行顺利,直到完成,没有错误,但有时会引发BadpattingException,指出客户端和客户端的“给定的最终块未正确填充”:
byte[] byteDecriptedAck = decryptCipher.doFinal(encryptedAck.getBytes());
和服务器端:
byte[] byteDecriptedAck = decryptCipher.doFinal(encryptedPassword.getBytes());
在OSX操作系统上运行代码时,不会出现此问题。因此,我认为这与windows如何表示UTF字符串、写入UTF字符串或读取UTF字符串有关
我对试图解决这个问题感到不知所措。任何帮助都将不胜感激
谢谢
用于建立客户端连接的代码:
private void establishConnection() {
try {
int numBytesPubKey = in.readInt();
byte[] bytesPubKey = new byte[numBytesPubKey];
in.readFully(bytesPubKey, 0, numBytesPubKey);
//get public key from server
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(bytesPubKey);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);
//generate secret key for communicating
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128); //key size
SecretKey secretKey = keyGen.generateKey();
byte[] encodedSecretKey = secretKey.getEncoded();
//use public key to encode message containing secret key to send to server
encryptCipher = Cipher.getInstance("RSA");
encryptCipher.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] cipherData = encryptCipher.doFinal(encodedSecretKey);
//send secret key to server encoded by servers public key
out.writeInt(cipherData.length);
out.write(cipherData, 0, cipherData.length);
//read acknowledge from server
SecretKeySpec secretKeySpec = new SecretKeySpec(encodedSecretKey,"AES");
String encryptedAck = in.readUTF();
decryptCipher = Cipher.getInstance("AES");
decryptCipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
byte[] byteDecriptedAck = decryptCipher.doFinal(encryptedAck.getBytes());
if(!(new String(byteDecriptedAck).equals("ACK"))) {
System.err.println("Server acknowledgement corrupted. Terminate communications.");
System.exit(1);
}
//send password to server
encryptCipher = Cipher.getInstance("AES");
encryptCipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
byte[] cipheredPassword = encryptCipher.doFinal("password".getBytes());
out.writeUTF(new String(cipheredPassword));
} catch (Exception e) {
System.err.println(e.getMessage());
e.printStackTrace();
}
}
用于在服务器端建立连接的代码:
private void establishConnection() {
try {
//generate public/private key pair for communicating with initially
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
PrivateKey privKey = pair.getPrivate();
PublicKey pubKey = pair.getPublic();
//send public key to client
byte[] bytesPubKey = pubKey.getEncoded();
out.writeInt(bytesPubKey.length);
out.write(bytesPubKey, 0, bytesPubKey.length);
//read in secret key to use for further communications
int numBytesSecretKey = in.readInt();
byte[] bytesSecretKey = new byte[numBytesSecretKey];
in.readFully(bytesSecretKey, 0, numBytesSecretKey);
decryptCipher = Cipher.getInstance("RSA");
decryptCipher.init(Cipher.DECRYPT_MODE, privKey, decryptCipher.getParameters());
byte[] byteDecriptedSecretKey = decryptCipher.doFinal(bytesSecretKey);
SecretKeySpec secretKeySpec = new SecretKeySpec(byteDecriptedSecretKey,"AES");
//send back acknowledgment encoded with secret key: ACK
encryptCipher = Cipher.getInstance("AES");
encryptCipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
byte[] cipheredACK = encryptCipher.doFinal("ACK".getBytes());
out.writeUTF(new String(cipheredACK));
//read password from client
String encryptedPassword = in.readUTF();
decryptCipher = Cipher.getInstance("AES");
decryptCipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
byte[] byteDecriptedAck = decryptCipher.doFinal(encryptedPassword.getBytes());
if(!(new String(byteDecriptedAck).equals("password"))) {
System.err.println("Access Denied. Client password incorrect. Terminate communications.");
System.exit(1);
} else {
System.err.println("Access Granted.");
}
} catch (Exception e) {
e.printStackTrace();
}
}
# 1 楼答案
那是行不通的。UTF和字符串用于字符数据。这里有原始字节,不能解释为文本
将它们作为二进制数据发送:
之所以会看到OS X和Windows之间的差异,是因为在将字节强制转换为字符串时没有指定字符编码,所以它会成为特定于平台的。如果这是真正的字符数据,那么您应该将一个字符集传递给构造函数,使其与平台无关。但在你的例子中,它不是字符数据,所以只使用字节
还有,为什么不直接使用SSL呢