Java加密替代硬编码密钥 [英] Java encryption alternitive to hardcoded key

问题描述

我查看了javax.crypto文档，并使用这段代码加密了一个文件...

 文件saveFile =新文件（Settings.set）; 
 saveFile.delete（）; 
 FileOutputStream fout = new FileOutputStream（saveFile）; 
 
 //加密设置
 //生成一个键
 byte key [] =我的加密Key98.getBytes（）; 
 DESKeySpec desKeySpec = new DESKeySpec（key）; 
 SecretKeyFactory keyFactory = SecretKeyFactory.getInstance（DES）; 
 SecretKey skey = keyFactory.generateSecret（desKeySpec）; 
 
 //准备加密
密码ecipher = Cipher.getInstance（DES）; 
 ecipher.init（Cipher.ENCRYPT_MODE，skey）; 
 //密封（加密）对象
 SealedObject so = new SealedObject（this，ecipher）; 
 
 ObjectOutputStream o = new ObjectOutputStream（fout）; 
 o.writeObject（so）; 
 o.close（）; 
  

然而，如果你是一个聪明的黑客（或者甚至业余，因为我想到这一点），所有你必须打开包含此代码的类文件，加密密钥（我的加密密钥98）显然可见。

如何加密加密密钥？感谢您的帮助！

解决方案

$ b

如果攻击者可以访问软件和文件，它可以对其进行解密。有一些方法来解决这个问题：

• 使用不对称密钥。用公钥加密文件，只能用私钥解密。这假设软件不需要解密文件。


• 使用Diffie-Hellman交换。如果您想通过网络发送加密的数据，双方可以建立一个密钥，而不用攻击者了解它。

如果程序需要对数据进行加密和解密，那么没有什么可以做的。攻击者可以简单地运行程序并查看解密的信息。

I am new to encryption.

I have looked at the javax.crypto documentation and got encryption of a file to work using this code ...

File saveFile = new File("Settings.set");
        saveFile.delete();
        FileOutputStream fout = new FileOutputStream(saveFile);

        //Encrypt the settings
        //Generate a key
        byte key[] = "My Encryption Key98".getBytes();
        DESKeySpec desKeySpec = new DESKeySpec(key);
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
        SecretKey skey = keyFactory.generateSecret(desKeySpec);

        //Prepare the encrypter
        Cipher ecipher = Cipher.getInstance("DES");
        ecipher.init(Cipher.ENCRYPT_MODE, skey);
        // Seal (encrypt) the object
        SealedObject so = new SealedObject(this, ecipher);

        ObjectOutputStream o = new ObjectOutputStream(fout);
        o.writeObject(so);
        o.close();

However if you were a clever hacker ( or maybe even amateur since I figured this out), all you would have to do is open the class file that contains this code, and the encryption key (My Encryption Key98) is plainly visible.

How do you encrypt the encryption key? ...LOL... Can you?

Thanks for your help!

解决方案

If the attacker has access to both the software and the file, it could decrypt it. There are some ways to solve this:

• Use asymetric keys. Encrypt the file with the public key, and it can only be decrypted with a private key. This assumes that the software does not need to decrypt the file.
• Use Diffie-Hellman exchange. If you want to send an encrypted piece of data over the network, both parties can establish a key without an attacker knowing about it.

If the program needs to both encrypt and decrypt the data, there is nothing you can do. The attacker can simply run the program and look at the decrypted information.

这篇关于Java加密替代硬编码密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！