如何开始使用BouncyCastle？ [英] How do I get started using BouncyCastle?

问题描述

因此，在 CodingHorror加密的乐趣和引人注目的评论之后，我们重新考虑做我们自己的加密。

So after CodingHorror's fun with encryption and the thrashing comments, we are reconsidering doing our own encryption.

在这种情况下，我们需要传递一些信息，标识用户的第三方服务，然后将回调到我们的服务网站与信息加一个散列。

In this case, we need to pass some information that identifies a user to a 3rd party service which will then call back to a service on our website with the information plus a hash.

第二个服务查找该用户的信息，然后将其传回第三方服务。

The 2nd service looks up info on that user and then passes it back to the 3rd party service.

我们要加密这个用户信息进入第三方服务，并在它出来后解密。因此，它不是一个长寿命的加密。

We want to encrypt this user information going into the 3rd party service and decrypt it after it comes out. So it is not a long lived encryption.

在编码恐怖文章，Coda Hale推荐BouncyCastle和库中的高级抽象做一个特定的加密需要。

On the coding horror article, Coda Hale recommended BouncyCastle and a high level abstraction in the library to do the encryption specific to a particular need.

我的问题是BouncyCastle命名空间巨大，文档不存在。任何人都可以点我这个高级抽象库？ （或者BouncyCastle之外的另一个选项）

My problem is that the BouncyCastle namespaces are huge and the documentation is non-existant. Can anyone point me to this high level abstraction library? (Or another option besides BouncyCastle?)

推荐答案

高级抽象？我认为Bouncy城​​堡图书馆中最高级别的抽象将包括：

High level abstraction? I suppose the highest level abstractions in the Bouncy Castle library would include:

• BlockCipher 接口（用于对称密码）


• BufferedBlockCipher 类


• AsymmetricBlockCipher 接口 li>
  
• BufferedAsymmetricBlockCipher class


• CipherParameters 接口（用于初始化块密码和非对称块密码）

• The BlockCipher interface (for symmetric ciphers)
• The BufferedBlockCipher class
• The AsymmetricBlockCipher interface
• The BufferedAsymmetricBlockCipher class
• The CipherParameters interface (for initializing the block ciphers and asymmetric block ciphers)

Java版本的库。也许这个代码片段将为您提供足够高的抽象（例如使用AES-256加密）：

I am mostly familiar with the Java version of the library. Perhaps this code snippet will offer you a high enough abstraction for your purposes (example is using AES-256 encryption):

public byte[] encryptAES256(byte[] input, byte[] key) throws InvalidCipherTextException {
    assert key.length == 32; // 32 bytes == 256 bits
    CipherParameters cipherParameters = new KeyParameter(key);

    /*
     * A full list of BlockCiphers can be found at http://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/crypto/BlockCipher.html
     */
    BlockCipher blockCipher = new AESEngine();

    /*
     * Paddings available (http://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/crypto/paddings/BlockCipherPadding.html):
     *   - ISO10126d2Padding
     *   - ISO7816d4Padding
     *   - PKCS7Padding
     *   - TBCPadding
     *   - X923Padding
     *   - ZeroBytePadding
     */
    BlockCipherPadding blockCipherPadding = new ZeroBytePadding();

    BufferedBlockCipher bufferedBlockCipher = new PaddedBufferedBlockCipher(blockCipher, blockCipherPadding);

    return encrypt(input, bufferedBlockCipher, cipherParameters);
}

public byte[] encrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException {
    boolean forEncryption = true;
    return process(input, bufferedBlockCipher, cipherParameters, forEncryption);
}

public byte[] decrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException {
    boolean forEncryption = false;
    return process(input, bufferedBlockCipher, cipherParameters, forEncryption);
}

public byte[] process(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters, boolean forEncryption) throws InvalidCipherTextException {
    bufferedBlockCipher.init(forEncryption, cipherParameters);

    int inputOffset = 0;
    int inputLength = input.length;

    int maximumOutputLength = bufferedBlockCipher.getOutputSize(inputLength);
    byte[] output = new byte[maximumOutputLength];
    int outputOffset = 0;
    int outputLength = 0;

    int bytesProcessed;

    bytesProcessed = bufferedBlockCipher.processBytes(
            input, inputOffset, inputLength,
            output, outputOffset
        );
    outputOffset += bytesProcessed;
    outputLength += bytesProcessed;

    bytesProcessed = bufferedBlockCipher.doFinal(output, outputOffset);
    outputOffset += bytesProcessed;
    outputLength += bytesProcessed;

    if (outputLength == output.length) {
        return output;
    } else {
        byte[] truncatedOutput = new byte[outputLength];
        System.arraycopy(
                output, 0,
                truncatedOutput, 0,
                outputLength
            );
        return truncatedOutput;
    }
}

编辑我只是读了你链接到的文章。听起来他正在谈论比我想象的更高层次的抽象（例如，发送机密消息）。恐怕我不太明白他在做什么。

Edit: Whoops, I just read the article you linked to. It sounds like he is talking about even higher level abstractions than I thought (e.g., "send a confidential message"). I am afraid I don't quite understand what he is getting at.

这篇关于如何开始使用BouncyCastle？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！