如何使用Java从CryptoJS解密加密的AES-256字符串?
我有来自CryptoJS的加密AES-256字符串和密码短语。 我需要用Java解密它,但无法弄清楚如何做到这一点。 您似乎需要IV,密钥和salt来解密,并且在CryptoJS主页中 ,加密数据已经包含所有这些,并且CryptoJS可以以某种方式将它们从加密输入中解析出来。
谁知道怎么做? 我已经看到了很多关于CryptoJS的例子 – Java加密/解密,但大多数都使用硬编码的IV /密钥,或者只是将密码/密钥从cryptoJS端发送到Java端。 我所拥有的只是一个密码,就像这个网站所做的那样!
以这种方式加密邮件时:
CryptoJS.AES.encrypt("message", "passphrase")
使用基于密码的方法。 因为CryptoJS生成一个新的盐并将此盐与密码一起使用以导出密钥和IV(我为此问题编写了一个派生函数)。
产生密文后,使用特殊的OpenSSL格式化程序对包含用过的盐的密文进行编码:
var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext);
您可能需要解码Base64编码的字符串以获取字节数组。 然后你可以检查标题是否匹配:
byte[] ctBytes = Base64.getDecoder().decode(ciphertext.getBytes("UTF-8")); System.out.println("Is salted: " + new String(Arrays.copyOf(ctBytes, 8)).equals("Salted__"));
之后,您可以从中恢复盐和密文:
byte[] saltBytes = Arrays.copyOfRange(ctBytes, 8, 16); byte[] ciphertextBytes = Arrays.copyOfRange(ctBytes, 16, ctBytes.length);
导出键+ IV:
byte[] key = new byte[keySize/8]; byte[] iv = new byte[ivSize/8]; EvpKDF(password.getBytes("UTF-8"), keySize, ivSize, saltBytes, key, iv);
并解密密文:
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv)); byte[] recoveredPlaintextBytes = cipher.doFinal(ciphertextBytes); String recoveredPlaintext = new String(recoveredPlaintextBytes);
完整的完整代码:
public static void main(String[] args) throws UnsupportedEncodingException, GeneralSecurityException { String ciphertext = "U2FsdGVkX1+0m/gle/XQX1shjnpveUrl1fO3oOlurPMlTks6+oQlEPfOrucihzEz"; String plaintext = "This is some example plaintext"; String password = "This is a very strong password"; int keySize = 256; int ivSize = 128; // var wordArray = WordArray.create([0x53616c74, 0x65645f5f]).concat(salt).concat(ciphertext); byte[] ctBytes = Base64.getDecoder().decode(ciphertext.getBytes("UTF-8")); System.out.println("Is salted: " + Arrays.equals(Arrays.copyOf(ctBytes, 8), new byte[]{0x53, 0x61, 0x6c, 0x74, 0x65, 0x64, 0x5f, 0x5f})); System.out.println("Is salted: " + new String(Arrays.copyOf(ctBytes, 8)).equals("Salted__")); byte[] saltBytes = Arrays.copyOfRange(ctBytes, 8, 16); System.out.println("Salt matches: " + Arrays.equals(saltBytes, hexStringToByteArray("b49bf8257bf5d05f"))); byte[] ciphertextBytes = Arrays.copyOfRange(ctBytes, 16, ctBytes.length); System.out.println("CT matches: " + Arrays.equals(ciphertextBytes, hexStringToByteArray("5b218e7a6f794ae5d5f3b7a0e96eacf3254e4b3afa842510f7ceaee722873133"))); byte[] key = new byte[keySize/8]; byte[] iv = new byte[ivSize/8]; EvpKDF(password.getBytes("UTF-8"), keySize, ivSize, saltBytes, key, iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"), new IvParameterSpec(iv)); byte[] recoveredPlaintextBytes = cipher.doFinal(ciphertextBytes); String recoveredPlaintext = new String(recoveredPlaintextBytes); System.out.println("Recovered Plaintext: " + recoveredPlaintext); System.out.println("Expected Plaintext: " + plaintext); } public static byte[] EvpKDF(byte[] password, int keySize, int ivSize, byte[] salt, byte[] resultKey, byte[] resultIv) throws NoSuchAlgorithmException { return EvpKDF(password, keySize, ivSize, salt, 1, "MD5", resultKey, resultIv); } public static byte[] EvpKDF(byte[] password, int keySize, int ivSize, byte[] salt, int iterations, String hashAlgorithm, byte[] resultKey, byte[] resultIv) throws NoSuchAlgorithmException { keySize = keySize / 32; ivSize = ivSize / 32; int targetKeySize = keySize + ivSize; byte[] derivedBytes = new byte[targetKeySize * 4]; int numberOfDerivedWords = 0; byte[] block = null; MessageDigest hasher = MessageDigest.getInstance(hashAlgorithm); while (numberOfDerivedWords < targetKeySize) { if (block != null) { hasher.update(block); } hasher.update(password); block = hasher.digest(salt); hasher.reset(); // Iterations for (int i = 1; i < iterations; i++) { block = hasher.digest(block); hasher.reset(); } System.arraycopy(block, 0, derivedBytes, numberOfDerivedWords * 4, Math.min(block.length, (targetKeySize - numberOfDerivedWords) * 4)); numberOfDerivedWords += block.length/4; } System.arraycopy(derivedBytes, 0, resultKey, 0, keySize * 4); System.arraycopy(derivedBytes, keySize * 4, resultIv, 0, ivSize * 4); return derivedBytes; // key + iv } /** * Copied from https://stackoverflow.com/a/140861 * */ public static byte[] hexStringToByteArray(String s) { int len = s.length(); byte[] data = new byte[len / 2]; for (int i = 0; i < len; i += 2) { data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i+1), 16)); } return data; }
JavaScript代码:
var pw = "This is a very strong password"; var pt = "This is some example plaintext"; var encrypted = CryptoJS.AES.encrypt(pt, pw); encrypted.toString(); // U2FsdGVkX1+0m/gle/XQX1shjnpveUrl1fO3oOlurPMlTks6+oQlEPfOrucihzEz encrypted.salt.toString(); // b49bf8257bf5d05f encrypted.ciphertext.toString(); // 5b218e7a6f794ae5d5f3b7a0e96eacf3254e4b3afa842510f7ceaee722873133