Bouncy Castle API线程安全吗？ [英] Is Bouncy Castle API Thread Safe?

问题描述

Bouncy Castle API 线程安全吗？尤其是

org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher
org.bouncycastle.crypto.paddings.PKCS7Padding
org.bouncycastle.crypto.engines.AESFastEngine
org.bouncycastle.crypto.modes.CBCBlockCipher

我打算在我的应用中编写一个Singleton Spring bean，以提供基本级别的加密支持。由于它是一个Web应用程序，因此多个线程一次访问此组件的可能性更大。因此，胎面安全在这里至关重要。

I am planning to write a singleton Spring bean for basic level cryptography support in my app. Since it is a web application, there are greater chances of multiple threads accessing this component at a time. So tread safety is essential here.

请告知我您是否在使用Bouncy Castle时遇到过这种情况。

Please let me know if you have come across such situations using Bouncy Castle.

推荐答案

API /代码是否是线程安全的，这并不重要。 CBC加密本身不是线程安全的。
某些术语-

It really does not matter if the API/Code is thread safe. CBC encryption in itself is not thread safe. Some terminology -

E(X) = Enctrypt message X
D(X) = Dectrypt X. (Note that D(E(X)) = X)
IV = Initialization vector. A random sequence to bootstrap the CBC algorithm
CBC = Cipher block chaining.

一个非常简单的CBC实现如下所示：
P1，P2，P3 =纯文本消息

A really simple CBC implementation can look like: P1, P2, P3 = Plain text messages

1. Generate an IV, just random bits.
2. Calculate E( P1 xor IV) call this C1
3. Calculate E( P2 xor C1) call this C2
4. Calculate E( P3 xor C2) call this C3.

如您所见，加密P1，P2和P3（按此顺序）的结果不同加密P2，P1和P3（按此顺序）。

As you can see, the result of encrypting P1, P2 and P3 (in that order) is different from encrypting P2, P1 and P3 (in that order).

因此，在CBC实施中，顺序很重要。根据定义，顺序很重要的任何算法都不是线程安全的。

So, in a CBC implementation, order is important. Any algorithm where order is important can not, by definition, be thread safe.

您可以创建一个提供加密对象的Singleton工厂，但您不能相信它们是线程安全的。

You can make a Singleton factory that delivers encryption objects, but you cant trust them to be thread safe.

这篇关于Bouncy Castle API线程安全吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！