使用CryptoJS解密AES/CBC/PKCS5Padding [英] Decrypt AES/CBC/PKCS5Padding with CryptoJS
问题描述
我使用Java javax.crypto
API生成了128位的 AES/CBC/PKCS5Padding
密钥.这是我使用的算法:
I generate 128bit AES/CBC/PKCS5Padding
key using Java javax.crypto
API. Here is the algorithm that I use:
public static String encryptAES(String data, String secretKey) {
try {
byte[] secretKeys = Hashing.sha1().hashString(secretKey, Charsets.UTF_8)
.toString().substring(0, 16)
.getBytes(Charsets.UTF_8);
final SecretKey secret = new SecretKeySpec(secretKeys, "AES");
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret);
final AlgorithmParameters params = cipher.getParameters();
final byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
final byte[] cipherText = cipher.doFinal(data.getBytes(Charsets.UTF_8));
return DatatypeConverter.printHexBinary(iv) + DatatypeConverter.printHexBinary(cipherText);
} catch (Exception e) {
throw Throwables.propagate(e);
}
}
public static String decryptAES(String data, String secretKey) {
try {
byte[] secretKeys = Hashing.sha1().hashString(secretKey, Charsets.UTF_8)
.toString().substring(0, 16)
.getBytes(Charsets.UTF_8);
// grab first 16 bytes - that's the IV
String hexedIv = data.substring(0, 32);
// grab everything else - that's the cipher-text (encrypted message)
String hexedCipherText = data.substring(32);
byte[] iv = DatatypeConverter.parseHexBinary(hexedIv);
byte[] cipherText = DatatypeConverter.parseHexBinary(hexedCipherText);
final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secretKeys, "AES"), new IvParameterSpec(iv));
return new String(cipher.doFinal(cipherText), Charsets.UTF_8);
} catch (BadPaddingException e) {
throw new IllegalArgumentException("Secret key is invalid");
}catch (Exception e) {
throw Throwables.propagate(e);
}
}
通过这些方法,我可以使用secretKey轻松加密和解密消息.由于Java默认具有128位AES加密,因此它将使用SHA1生成原始密钥的哈希,并使用哈希的前16个字节将其用作AES中的密钥.然后以HEX格式转储IV和cipherText.
I can easily encrypt and decrypt messages using secretKey with these methods. Since Java has 128bit AES encryption by default, it generates a hash of the original secret key with SHA1 and takes the first 16-bytes of the hash to use it as secret key in AES. Then it dumps the IV and cipherText in HEX format.
例如 encryptAES("test","test")
生成 CB5E759CE5FEAFEFCC9BABBFD84DC80C0291ED4917CF1402FF03B8E12716E44C
,我想用CryptoJS解密此密钥.
For example encryptAES("test", "test")
generates CB5E759CE5FEAFEFCC9BABBFD84DC80C0291ED4917CF1402FF03B8E12716E44C
and I want to decrypt this key with CryptoJS.
这是我的尝试:
var str = 'CB5E759CE5FEAFEFCC9BABBFD84DC80C0291ED4917CF1402FF03B8E12716E44C';
CryptJS.AES.decrypt(
CryptJS.enc.Hex.parse(str.substring(32)),
CryptJS.SHA1("test").toString().substring(0,16),
{
iv: CryptJS.enc.Hex.parse(str.substring(0,32)),
mode: CryptJS.mode.CBC,
formatter: CryptJS.enc.Hex,
blockSize: 16,
padding: CryptJS.pad.Pkcs7
}).toString()
但是它返回一个空字符串.
However it returns an empty string.
推荐答案
问题是您将64位密钥用作128位密钥. Hashing.sha1().hashString(secretKey,Charsets.UTF_8)
是
The problem is that you're using a 64 bit key as a 128 bit. Hashing.sha1().hashString(secretKey, Charsets.UTF_8)
is an instance of HashCode
and its toString
method is described as such:
按顺序返回一个字符串,该字符串包含asBytes()的每个字节,为小写的两位数字无符号十六进制数.
Returns a string containing each byte of asBytes(), in order, as a two-digit unsigned hexadecimal number in lower case.
它是十六进制编码的字符串.如果仅使用该字符串的16个字符并将其用作键,则只有64位的熵而不是128位.您确实应该直接使用 HashCode#asBytes()
.
It is a Hex-encoded string. If you take only 16 characters of that string and use it as a key, you only have 64 bits of entropy and not 128 bits. You really should be using HashCode#asBytes()
directly.
无论如何,CryptoJS代码的问题有很多:
Anyway, the problem with the CryptoJS code is manyfold:
- 密文必须是一个
CipherParams
对象,但是如果它在ciphertext
属性中包含作为WordArray的密文字节就足够了. - 密钥必须以WordArray而不是字符串的形式传递.否则,将使用与OpenSSL兼容的(EVP_BytesToKey)密钥派生函数从字符串(假定为密码)中派生密钥和IV.
- 附加选项不是必需的,因为它们是默认值,或者它们是错误的,因为blockSize是用字而不是字节计算的.
- The ciphertext must be a
CipherParams
object, but it is enough if it contains the ciphertext bytes as a WordArray in theciphertext
property. - The key must be passed in as a WordArray instead of a string. Otherwise, an OpenSSL-compatible (EVP_BytesToKey) key derivation function is used to derive the key and IV from the string (assumed to be a password).
- Additional options are either unnecessary, because they are defaults, or they are wrong, because the blockSize is calculated in words and not bytes.
以下是与损坏的Java代码兼容的CryptoJS代码:
Here is CryptoJS code that is compatible with your broken Java code:
var str = 'CB5E759CE5FEAFEFCC9BABBFD84DC80C0291ED4917CF1402FF03B8E12716E44C';
console.log("Result: " + CryptoJS.AES.decrypt({
ciphertext: CryptoJS.enc.Hex.parse(str.substring(32))
}, CryptoJS.enc.Utf8.parse(CryptoJS.SHA1("test").toString().substring(0,16)),
{
iv: CryptoJS.enc.Hex.parse(str.substring(0,32)),
}).toString(CryptoJS.enc.Utf8))
<script src="https://cdn.rawgit.com/CryptoStore/crypto-js/3.1.2/build/rollups/sha1.js"></script>
<script src="https://cdn.rawgit.com/CryptoStore/crypto-js/3.1.2/build/rollups/aes.js"></script>
以下是与固定Java代码兼容的CryptoJS代码:
Here is CryptoJS code that is compatible with the fixed Java code:
var str = 'F6A5230232062D2F0BDC2080021E997C6D07A733004287544C9DDE7708975525';
console.log("Result: " + CryptoJS.AES.decrypt({
ciphertext: CryptoJS.enc.Hex.parse(str.substring(32))
}, CryptoJS.enc.Hex.parse(CryptoJS.SHA1("test").toString().substring(0,32)),
{
iv: CryptoJS.enc.Hex.parse(str.substring(0,32)),
}).toString(CryptoJS.enc.Utf8))
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/sha1.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script>
CryptoJS中的等效加密代码如下所示:
The equivalent encryption code in CryptoJS would look like this:
function encrypt(plaintext, password){
var iv = CryptoJS.lib.WordArray.random(128/8);
var key = CryptoJS.enc.Hex.parse(CryptoJS.SHA1(password).toString().substring(0,32));
var ct = CryptoJS.AES.encrypt(plaintext, key, { iv: iv });
return iv.concat(ct.ciphertext).toString();
}
console.log("ct: " + encrypt("plaintext", "test"));
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/sha1.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/aes.js"></script>
这篇关于使用CryptoJS解密AES/CBC/PKCS5Padding的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!