在Java中等效于perl CBC DES [英] perl CBC DES equivalent in java
问题描述
我们正在将一些代码从perl迁移到java / scala,但遇到了障碍。
We are migrating some code from perl to java/scala and we hit a roadblock.
我们试图弄清楚如何在Java / scala中做到这一点。 :
We're trying to figure out how to do this in Java/scala:
use Crypt::CBC;
$aesKey = "some key"
$cipher = new Crypt::CBC($aesKey, "DES");
$encrypted = $cipher->encrypt("hello world");
print $encrypted // prints: Salted__�,%�8XL�/1�&�n;����쀍c
$decrypted = $cipher->decrypt($encrypted);
print $decrypted // prints: hello world
我在scala中尝试了一些东西,但是并没有真正做到正确,例如:
I tried a few things in scala but didn't really get it right, for example something like this:
val secretKey = new SecretKeySpec("some key".getBytes("UTF-8"), "DES")
val encipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
encipher.init(Cipher.ENCRYPT_MODE, secretKey)
val encrypted = encipher.doFinal(bytes)
println("BYTES:" + bytes)
println("ENCRYPTED!!!!!!: " + encrypted)
println(toString(encrypted))
非常感谢Java / scala中的任何帮助或指导
Any help or direction in Java/scala would very much be appreciated
推荐答案
假定我发现了Crypt模块在 https://metacpan.org/pod/Crypt::CBC 中被记录为默认情况下(与openssl相同),显然意味着命令行 enc(openssl库还有许多其他选项)。那不是直接使用指定的密钥(和IV)加密
,而是使用从指定的密钥(真正的密码短语)加上(传输的)盐派生的密钥和IV进行基于密码的加密(PBE) ,对原始(现在不推荐)PKCS#5 v1.5算法(改名为PBKDF1)进行了修改。参见 http://www.openssl.org/docs/crypto/EVP_BytesToKey.html(或在已安装openssl的Unix系统上的手册页)和rfc2898(或现在位于EMC的RSA Labs原始PKCS文档)。
Assuming that Crypt module is the one I find at https://metacpan.org/pod/Crypt::CBC it is documented as by default doing (the same as) openssl, apparently meaning commandline 'enc' (openssl library has MANY other options). That is not encryption with the specified key (and IV) directly, but instead 'password-based' encryption (PBE) with a key and IV derived from the specified 'key' (really passphrase) plus (transmitted) salt, using a twist on the original (now unrecommended) PKCS#5 v1.5 algorithm, retronymed PBKDF1. See http://www.openssl.org/docs/crypto/EVP_BytesToKey.html (or the man page on a Unix system with openssl installed) and rfc2898 (or the original RSA Labs PKCS documents now somewhere at EMC).
您说您不能更改perl发送者。我希望用户/所有者/谁能意识到原始的DES,为清晰起见,以
来代替单DES,实际上已经可以蛮力使用了十多年了,而
的PBE-1DES可能更弱。
You say you cannot change the perl sender. I hope the users/owners/whoever realize that original DES, retronymed single-DES for clarity, has been practically brute-forceable for well over a decade, and PBE-1DES may be even weaker; the openssl twist doesn't iterate as PKCS#5 (both KDF1 and KDF2) should.
Java(带有Suncle提供程序)确实实现了PBEWithMD5AndDES,它是通过PBEParameterSpec初始化的(因此,openssl不会像PKCS#5(KDF1和KDF2)那样进行迭代。) salt,1)
确实从'openssl enc -des-cbc'成功解密了数据,因此我也希望您的perl发送者(未测试)。
FWIW,如果可以更改为三重DES,则Java使用明显非标准的PBKDF1的
扩展名(超出散列大小)来实现PBEWithMD5AndTripleDES,这与openssl的非标准扩展名完全不同,因此如果perl模块位于其中则不兼容在openssl之后的事实。
您必须自己进行密钥派生,然后直接启动3DES-CBC-pad,这并不是很难。
Java (with the Suncle providers) does implement PBEWithMD5AndDES, which initted with PBEParameterSpec (salt, 1) does successfully decrypt data from 'openssl enc -des-cbc', and thus I expect also your perl sender (not tested). FWIW if you could change to triple-DES, Java implements PBEWithMD5AndTripleDES using an apparently nonstandard extension of PBKDF1 (beyond hash size) that is quite unlike openssl's nonstandard extension, and thus incompatible if the perl module is in fact following openssl. You would have to do the key-derivation yourself and then direct 3DES-CBC-pad, which isn't very hard.
还要注意来自任何现代计算机算法都是二进制的。如果您再次尝试使用它,就好像在perl,Java或几乎其他任何东西中以文本
进行打印一样,可能会导致数据损坏。
如果您只是想看看是否有任何输出,并且显然不是明文,就可以了。
Also note encrypted data from any modern computer algorithm is binary. "Printing" it as if it were text in perl, or Java or nearly anything else, is likely to cause data corruption if you try to use it again. If you are only looking to see 'is there any output at all, and is it visibly not the plaintext' you're okay.
这篇关于在Java中等效于perl CBC DES的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
