AES在socket上搞砸了序列化/反序列化。无效的流标头。JAVA
我正在做一个项目,需要加密java对象并通过socket发送它们。当对象未加密时,序列化和反序列化可以完美地工作,但当我对它们进行加密时,我得到了:
Error: invalid stream header: 5F15DD25
java.io.StreamCorruptedException: invalid stream header: 5F15DD25
at java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:802)
at java.io.ObjectInputStream.<init>(ObjectInputStream.java:299)
at Utils.deserializeEnv(Utils.java:236)
at Utils.decryptEnv(Utils.java:221)
at GroupThread.run(GroupThread.java:59)
Exception in thread "Thread-2" java.lang.NullPointerException
at GroupThread.run(GroupThread.java:63)
在我的反序列化方法中的ObjectInputStream。我将在下面加粗
我的插座是这样的:
ObjectOutputStream output = new ObjectOutputStream(socket.getOutputStream());
ObjectInputStream input = new ObjectInputStream(socket.getInputStream());
并序列化和反序列化如下对象:
static byte[] serializeEnv(Envelope message) {
try {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(baos);
oos.writeObject(message);
return baos.toByteArray();
} catch (IOException e) {
System.err.println("Error: " + e.getMessage());
e.printStackTrace(System.err);
}
return null;
}
static Envelope deserializeEnv(byte[] bytes) {
System.out.println("\nRECEVIVED LENGTH: " + bytes.length + ". SEND BYTES YO: " + bytes[0] + ", " + bytes[1] + ", " + bytes[2] + ", " + bytes[3] + ", " + bytes[4]);
ObjectInputStream ois = null;
try {
仅当字节已加密/解密时,此处出现错误
ois = new ObjectInputStream(new ByteArrayInputStream(bytes)); // Error
Envelope message = (Envelope) ois.readObject();
return message;
} catch (IOException | ClassNotFoundException e) {
System.err.println("Error: " + e.getMessage());
e.printStackTrace(System.err);
}
return null;
}
以下是我如何加密和解密:
static byte[] encryptEnv(Envelope message, SecretKey secretKey) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] serializedEnv = serializeEnv(message);
return cipher.doFinal(serializedEnv);
} catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException | InvalidKeyException e) {
System.err.println("Error: " + e.getMessage());
e.printStackTrace(System.err);
} catch (IllegalBlockSizeException | BadPaddingException e) {
System.err.println("Error: " + e.getMessage());
e.printStackTrace(System.err);
}
return null;
}
static Envelope decryptEnv(int length, byte[] bytes, SecretKey secretKey, IvParameterSpec ivSpec) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding", "BC");
cipher.init(Cipher.DECRYPT_MODE, secretKey, ivSpec);
byte[] decrypted = cipher.doFinal(bytes);
return deserializeEnv(decrypted);
} catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
System.err.println("Error: " + e.getMessage());
e.printStackTrace(System.err);
} catch (InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
System.err.println("Error: " + e.getMessage());
e.printStackTrace(System.err);
}
return null;
}
要通过socket发送加密的字节数组,我只需将其添加到包装类Envelope中,然后发送:output.writeObject(myEnvelope)并检索它myEnvelope = (Envelope) input.readObject()
有人能看到加密是如何把一切搞砸的吗
# 1 楼答案
anttix是对的,我不知怎么忘了在加密密码中包含初始化向量。叹气
cipher.init(Cipher.ENCRYPT_MODE, secretKey);>cipher.init(Cipher.ENCRYPT_MODE, secretKey, ivSpec);