密码垫块在姜饼上损坏
我相信这是来自androidsnippets.org的片段 – 为什么这不是Android 2.3上的function? 怎么解决?
错误
03-05 23:19:17.479: WARN/System.err(3598): javax.crypto.BadPaddingException: pad block corrupted 03-05 23:19:17.518: WARN/System.err(3598): at org.bouncycastle.jce.provider.JCEBlockCipher.engineDoFinal(JCEBlockCipher.java:715) 03-05 23:19:17.518: WARN/System.err(3598): at javax.crypto.Cipher.doFinal(Cipher.java:1090) 我在这个主题上找到了几个答案,但我找不到一个合适的方法来解决这个问题,添加NoPadding参数或不同的算法或..?
public static String code(String stringToCode) { try { stringToCode = encrypt("somekey",stringToCode); } catch (Exception e1) { // TODO Auto-generated catch block e1.printStackTrace(); } return stringToCode; } public static String decode(String stringToDecode) { try { stringToDecode = decrypt("somekey",stringToDecode); } catch (Exception e1) { // TODO Auto-generated catch block e1.printStackTrace(); } return stringToDecode; } public static String encrypt(String seed, String cleartext) throws Exception { byte[] rawKey = getRawKey(seed.getBytes()); byte[] result = encrypt(rawKey, cleartext.getBytes()); return toHex(result); } public static String decrypt(String seed, String encrypted) throws Exception { byte[] rawKey = getRawKey(seed.getBytes()); byte[] enc = toByte(encrypted); byte[] result = decrypt(rawKey, enc); return new String(result); } private static byte[] getRawKey(byte[] seed) throws Exception { KeyGenerator kgen = KeyGenerator.getInstance("AES"); SecureRandom sr = SecureRandom.getInstance("SHA1PRNG"); sr.setSeed(seed); kgen.init(128, sr); // 192 and 256 bits may not be available SecretKey skey = kgen.generateKey(); byte[] raw = skey.getEncoded(); return raw; } private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception { SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); byte[] encrypted = cipher.doFinal(clear); return encrypted; } private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception { SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES"); Cipher cipher = Cipher.getInstance("AES"); cipher.init(Cipher.DECRYPT_MODE, skeySpec); byte[] decrypted = cipher.doFinal(encrypted); return decrypted; } public static String toHex(String txt) { return toHex(txt.getBytes()); } public static String fromHex(String hex) { return new String(toByte(hex)); } public static byte[] toByte(String hexString) { int len = hexString.length()/2; byte[] result = new byte[len]; for (int i = 0; i < len; i++) result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue(); return result; } public static String toHex(byte[] buf) { if (buf == null) return ""; StringBuffer result = new StringBuffer(2*buf.length); for (int i = 0; i >4)&0x0f)).append(HEX.charAt(b&0x0f)); }
两点:
1)toByte()方法不清楚它正在尝试做什么,但我敢打赌它是错的,因为线
int len = hexString.length()/2;
将为长度为6和7的字符串给出相同的结果3(比如说)
2)您不能依赖将stings转换为字节数组而不指定要使用的Charset。 不同的语言环境和不同的运行机器可能具有不同的默认字符集。 您应该在算法中使用str.getBytes(“UTF8”)。
NickT说:“对于长度为6和7的字符串(例如),将给出相同的结果3”我认为在这种情况下HEX字符串的长度总是偶数(参见函数appendHex)
这是BouncyCastle的问题( 升级到1.45时BouncyCastle AES错误 )。
我发现,这导致BC 1.34对1.45的两个不同值。
我找不到解决方案,但……