Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

尝试在Java中初始化Bouncy Castle密码时aes密钥长度不是128/192/256位

1 年,4 月 Questions & Answers

我正在尝试使用bouncycastle 1.58(org.bouncycastle:bcprov-jdk15on:1.58)从密码开始加密有效负载:

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.security.SecureRandom;
import java.security.Security;

public class Scratch {
    public static void main(String[] args) throws Exception {
        int keyLength = 128;

        Security.addProvider(new BouncyCastleProvider());

        String password = "password";

        SecureRandom randomGenerator = new SecureRandom();
        byte[] salt = randomGenerator.generateSeed(128 / 8);
        PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, 872791, keyLength);
        SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
        SecretKey passwordKey = secretKeyFactory.generateSecret(keySpec);
        System.out.println("passwordKey: " + passwordKey);
        System.out.println("passwordKey.getEncoded(): " + Arrays.toString(passwordKey.getEncoded()));
        System.out.println("passwordKey.getEncoded().length: " + passwordKey.getEncoded().length);
        System.out.println("passwordKey.getFormat():" + passwordKey.getFormat());
        System.out.println("passwordKey.getAlgorithm(): " + passwordKey.getAlgorithm());

        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
        PBEParameterSpec parSpec = new PBEParameterSpec(salt, 872791);
        cipher.init(Cipher.ENCRYPT_MODE, passwordKey, parSpec);
    }
}

这就是我得到的错误:

Exception in thread "main" org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$InvalidKeyOrParametersException: Key length not 128/192/256 bits.
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineInit(Unknown Source)
    at javax.crypto.Cipher.init(Cipher.java:1394)
    at javax.crypto.Cipher.init(Cipher.java:1327)
    at tech.dashman.dashman.Scratch.main(Scratch.java:30)
Caused by: java.lang.IllegalArgumentException: Key length not 128/192/256 bits.
    at org.bouncycastle.crypto.engines.AESEngine.generateWorkingKey(Unknown Source)
    at org.bouncycastle.crypto.engines.AESEngine.init(Unknown Source)
    at org.bouncycastle.crypto.modes.GCMBlockCipher.init(Unknown Source)
    at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.init(Unknown Source)
    ... 4 more

调试输出如下所示:

passwordKey: com.sun.crypto.provider.PBKDF2KeyImpl@f00a68fe
passwordKey.getEncoded(): [122, -75, -99, 114, -123, 71, 6, 50, 45, 64, -97, 10, -66, 7, 110, 17]
passwordKey.getEncoded().length: 16
passwordKey.getFormat():RAW
passwordKey.getAlgorithm(): PBKDF2WithHmacSHA512

我错过了什么


共 (2) 个答案

  1. # 1 楼答案

    对于AES,您需要基于PBE密钥的AES密钥:

    SecretKeyFactory secKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");
KeySpec spec = new PBEKeySpec(password, salt, iterations, 128);
SecretKey pbeSecretKey = secKeyFactory.generateSecret(spec);
SecretKey aesSecret = new SecretKeySpec(pbeSecretKey.getEncoded(), "AES");

Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding","BC");
  2. # 2 楼答案

    我发现了问题!获取密钥工厂时,我没有指定提供程序。替换:

    SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512");

    为了

    SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512", "BC");

    让这个例子起作用