Pycrypto-AES-GCM加密和Java解密

Exception in thread "main" javax.crypto.AEADBadTagException: Tag mismatch! at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:524) at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1023) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:960) at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824) at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436) at javax.crypto.Cipher.doFinal(Cipher.java:2165)

2条回答

网友

1楼 · 编辑于 2024-05-27 12:19:15

您缺少一件事：Pycryptodome不会将哈希标记添加到消息中—您必须将其附加到加密的消息中：

例如

ciphertext, tag = cipher.encrypt_and_digest(message)
ciphertext = ciphertext + tag

网友

2楼 · 编辑于 2024-05-27 12:19:15

感谢Alastair McCormack's answer above，以下是对我有用的（Python代码）：

from Crypto.PublicKey import RSA
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES, PKCS1_OAEP
from Crypto.Hash import SHA256, SHA1
from Crypto.Signature import pss
from base64 import b64encode

data = 'hello world'.encode("utf-8")

with open("joe.pub", "rb") as f:
    encodedKey = f.read()
pubkey = RSA.importKey(encodedKey)
if pubkey.has_private():
    raise Exception('need a public key for encryption')

session_key = get_random_bytes(16)

# Encrypt the session key with the public RSA key
cipher_rsa = PKCS1_OAEP.new(pubkey, hashAlgo=SHA256, mgfunc=lambda x,y: pss.MGF1(x,y, SHA1))
enc_session_key = cipher_rsa.encrypt(session_key)

# Encrypt the data with the AES session key
cipher_aes = AES.new(session_key, AES.MODE_GCM)
ciphertext, tag = cipher_aes.encrypt_and_digest(data)
ciphertext = ciphertext + tag
mesg = ''.join([x for x in (enc_session_key, cipher_aes.nonce, tag, ciphertext)])
print b64encode(mesg)

以及相关的Java代码：

^{pr2}$

相关问题更多 >

编程相关推荐

热门问题

热门文章