Java密码加密 [英] Java passphrase encryption

问题描述

我正在尝试学习如何使用Java进行基于密码短语的加密。我在网上找到几个例子，但Stack Overflow中没有。这些例子对我来说有一点解释，特别是关于算法选择。似乎有很多传递的字符串来说，要使用什么算法，但很少有关于字符串来自哪里的文档以及它们的含义。而且似乎不同的算法可能需要KeySpec类的不同实现，所以我不知道什么算法可以使用我正在看的PBEKeySpec类。此外，这些示例似乎有点过时，许多需要您获得一个旧的加密包，以前不是JDK的一部分，甚至是第三方实现。

$ b $可以有人提供一个简单的介绍，我需要做什么来实现加密（String数据，字符串密码）和解密（byte [] data，String passphrase）？

解决方案

我会谨慎地从论坛提供或提供与安全相关的建议...具体细节非常复杂，经常会过时。

说了这个，我认为Sun的 Java加密体系结构（JCA）参考指南是一个很好的起点。请查看随附的代码示例

Btw，标准JRE只提供PBE开箱即用的几个选项（PBEWithMD5AndDES是一个的）。对于更多选择，您需要强加密包或某些第三方提供商，如 Bouncy Castle 。另一个替代方案是使用JRE中提供的散列和加密算法实现您自己的PBE。您可以这样使用SHA-256和AES-128实现PBE（样本加密/解密方法）。

简而言之，PBE的加密方法可能涉及以下步骤：

1. 从用户获取密码和明文，并将其转换为字节数组。


2. 生成安全随机 salt 。


3. 将盐附加到密码并计算其加密哈希。重复此次许多次。


4. 使用生成的散列加密明文作为初始化向量和/或秘密密钥。


5. 保存盐和生成的密文。

I'm trying to learn how to do passphrase-based encryption with Java. I'm finding several examples online, but none (yet) on Stack Overflow. The examples are a little light on explanation for me, particularly regarding algorithm selection. There seems to be a lot of passing strings around to say what algorithms to use, but little documentation as to where the strings came from and what they mean. And it also seems like the different algorithms may require different implementations of the KeySpec class, so I'm not sure what algorithms can use the PBEKeySpec class I'm looking at. Furthermore, the examples all seem a little out of date, many requiring you to get an older cryptography package that used to not be part of the JDK, or even a third-party implementation.

Can someone provide a straightforward introduction to what I need to do to implement encrypt(String data, String passphrase) and decrypt(byte[] data, String passphrase)?

解决方案

I'll be cautious about giving or taking security-related advice from a forum... the specifics are quite intricate, and often become outdated quickly.

Having said that, I think Sun's Java Cryptography Architecture (JCA) Reference Guide is a good starting point. Check out the accompanying code example illustrating Password-Based Encryption (PBE).

Btw, the standard JRE provides only a few options out-of-the-box for PBE ("PBEWithMD5AndDES" is one of them). For more choices, you'll need the "strong encryption pack" or some third-party provider like Bouncy Castle. Another alternative would be to implement your own PBE using the hash and cipher algorithms provided in the JRE. You can implement PBE with SHA-256 and AES-128 this way (sample encrypt/decrypt methods).

Briefly, the encrypt method for PBE may involve the following steps:

1. Get password and cleartext from the user, and convert them to byte arrays.
2. Generate a secure random salt.
3. Append the salt to the password and compute its cryptographic hash. Repeat this many times.
4. Encrypt the cleartext using the resulting hash as the initialization vector and/or secret key.
5. Save the salt and the resulting ciphertext.

这篇关于Java密码加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！