PBEWithMD5AndTripleDES的关键尺寸是多少? [英] What is the key size for PBEWithMD5AndTripleDES?
问题描述
我正在使用现有代码中的PBEWithMD5AndTripleDES替换PBEWithMD5AndDES。到目前为止,我正在使用与之前使用的相同的密码,并且收到此异常:
java.security.InvalidKeyException:非法密钥大小
我在网上查看,看到DES使用64位密钥,而TripleDES使用128位密钥。我不清楚我的密码是如何用来生成密钥的,而不知道在哪里可以充分了解这一点。我的密码长度是260个字符。我尝试加倍长度,但我得到相同的异常。
我从我的密码生成一个PBEKeySpec,具有8字节的盐和迭代次数12.我看到有另一个构造函数接受一个keyLength参数,但文档将其描述为要导出,我不明白。我有一个想法,我需要修改迭代次数和/或提供一个keyLength参数,但是我不想盲目地这样做,而不完全理解我在做什么。
以下是我目前使用的代码的基本概要:
String passphrase = ...
byte [] salt = ...
int iterationCount = 12;
String algorithm =PBEWithMD5AndTripleDES;
KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(),salt,iterationCount);
SecretKey key = SecretKeyFactory.getInstance(algorithm).generateSecret(keySpec);
密码密码= Cipher.getInstance(key.getAlgorithm());
AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt,iterationCount);
cipher.init(Cipher.ENCRYPT_MODE,key,paramSpec);
byte [] encoded = cipher.doFinal(data);
PBEWith< Hash> AndTripleDES需要无限力量
该算法使用168位密钥(尽管由于漏洞,它具有112位的有效强度)。要使用该长度的对称密钥,您需要无限力量管理政策安装在您的Java运行时。
非法键大小消息表示密钥政策不允许长度;如果密钥长度对于算法不正确,则SunJCE提供商使用消息错误密钥大小。
不要使用PBEWith< ; Hash> AndTripleDES
请注意,PBEWithMD5AndTripleDES是一种不好的使用算法。
基于密码的加密通常遵循 PKCS#5。定义了一种称为PBES1的DES(或RC2)的加密方案。由于PBES1旨在生成64位(或更少)密钥,因此Oracle已创建专有扩展以生成更长的密钥。它没有受到PKCS#5的同样的审查,如果您需要与任何其他平台进行互操作,则必须使用挖掘源代码,以了解如何导出密钥和初始化向量。
也是奇怪的是,初始化向量是从密码派生出来的。 IV的目的是每当使用相同的密钥加密给定的明文时,创建不同的密文。如果IV是从密钥生成的,则这个目的被击败。 PBES1使用的密钥导出算法通过结合使用密码时应该不同的盐来避免这种情况。但是,这可能很容易,提供IV直接加密初始化是更常规的,并使它更明显发生了什么。
使用PBKDF2而不是
PKCS#5还定义了现在由Java支持的称为PBKDF2的密钥导出算法。它为PBES1提供了卓越的安全性,因为初始化向量和密码所需的任何其他参数都不是密码导出的,而是独立选择。
以下是使用AES的使用PBKDF2的示例。如果您不能按照建议更新AES,该示例可以使用长度为192的密钥长度,并将事件AES更改为DESEDE。
TDEA键控选项
有三个可用于TDEA(三重DES或DESEDE)的键控选项。它们采用64位,128位或192位密钥(包括奇偶校验位),具体取决于该选项。
TDEA实现所接受的密钥大小取决于提供者;有一些需要您形成一个192位的密钥,即使您使用的是56位密钥选项,这是有效的DES而不是TDEA。大多数实现将需要16或24个字节作为密钥。
只有三键选项(168位或192位带有奇偶校验)可以被认为是强加密 。它有112位有效强度。
I am trying to replace PBEWithMD5AndDES with PBEWithMD5AndTripleDES in existing code. So far, I am using the same passphrase that I was using before, and receiving this Exception:
java.security.InvalidKeyException: Illegal key size
I looked online and saw that DES uses a 64 bit key and TripleDES uses a 128 bit key. I am not clear on the details of how my passphrase is used to generate a key, and not sure where to look to understand this fully. My passphrase is 260 characters long. I tried doubling the length, but I get the same Exception.
I am generating a PBEKeySpec from my passphrase, with an 8 byte salt and an iteration count of 12. I see that there's another constructor that takes a keyLength argument, but the documentation describes it as "to be derived," and I don't understand that. I have the idea that I need to modify the iteration count and/or supply a keyLength argument, but I don't want to just do this blindly without fully understanding what I am doing.
Here is the basic outline of the code I'm currently using:
String passphrase = ...
byte[] salt = ...
int iterationCount = 12;
String algorithm = "PBEWithMD5AndTripleDES";
KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(), salt, iterationCount);
SecretKey key = SecretKeyFactory.getInstance(algorithm).generateSecret(keySpec);
Cipher cipher = Cipher.getInstance(key.getAlgorithm());
AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, iterationCount);
cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
byte[] encoded = cipher.doFinal(data);
PBEWith<Hash>AndTripleDES Requires "Unlimited Strength" Policy
This algorithm uses a 168-bit key (although due to vulnerabilities, it has an effective strength of 112 bits). To use a symmetric key of that length, you need the "unlimited strength jurisdiction policy" installed in your Java runtime.
An "Illegal key size" message indicates the key length is not permitted by policy; if the key length is incorrect for the algorithm, the SunJCE provider uses the message, "Wrong key size".
Don't Use PBEWith<Hash>AndTripleDES
Note that "PBEWithMD5AndTripleDES" is a bad algorithm to use.
Password-based encryption generally follows PKCS #5. It defines an encryption scheme for DES (or RC2) called PBES1. Because PBES1 was designed to generate 64-bit (or less) keys, Oracle has created a proprietary extension to generate longer keys. It hasn't been exposed to the same scrutiny that PKCS #5 has, and if you need to inter-operate with any other platform, you'll have to dig into the source code to find out how the key and initialization vector are derived.
It's also strange that the initialization vector is derived from the password. The purpose of an IV is to create different cipher texts each time a given plain text is encrypted with the same key. If the IV is generated from the key, this purpose is defeated. The key-derivation algorithm used by PBES1 avoids this by incorporating a "salt" that is supposed to be different each time the password is used. But, it could be easy to screw this up; providing an IV directly to the cipher initialization is more conventional, and makes it more obvious what is happening.
Use PBKDF2 Instead
PKCS #5 also defines an key-derivation algorithm called PBKDF2 that is now supported by Java. It provides superior security to PBES1 because the initialization vector and any other parameters required by the cipher are not derived from the password, but are selected independently.
Here's an example with PBKDF2, using AES. If you can't follow the recommendation to update to AES, the example can be applied to DESede by using a key length of 192, and changing occurrences "AES" to "DESede".
TDEA Keying Options
There are three keying options that can be used with TDEA ("Triple DES" or "DESede"). They take 64-, 128-, or 192-bit keys (including parity bits), depending on the option.
The key sizes accepted by the TDEA implementation depend on the provider; a few require you to form a 192-bit key, even if you are using the 56-bit key option which is effectively DES instead of TDEA. Most implementations will take 16 or 24 bytes as a key.
Only the three-key option (168 bits, or 192 bits with parity) can be considered "strong encryption". It has 112 bits of effective strength.
这篇关于PBEWithMD5AndTripleDES的关键尺寸是多少?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
