如何获取Java SSL连接的实际块密码大小_in code_? [英] How to get the actual block cipher key size for Java SSL connection _in code_?
问题描述
当Java客户端建立SSL / TLS会话时,可以获取使用的协议和密码名称:
When a Java client has established a SSL/TLS session, it can get the used protocol and the cipher name:
SSLSession session = s.getSession();
String protocol = session.getProtocol(); // e.g. "TLSv1"
String cipher = session.getCipherSuite(); // e.g. "TLS_RSA_WITH_AES_128_CBC_SHA"
但是一些密码可以具有128或256的密钥(例如AES CBC)。
But some of the ciphers can have keys of size 128 or 256 (for example, AES CBC).
如何获得为此特定连接协商的实际密钥大小?
我在Apache代码库中找到了这个代码:
I have found this code in Apache codebase:
static final CipherData cipherSizes[] = {
new CipherData("_WITH_NULL_", 0),
new CipherData("_WITH_IDEA_CBC_", 128),
new CipherData("_WITH_RC2_CBC_40_", 40),
new CipherData("_WITH_RC4_40_", 40),
new CipherData("_WITH_RC4_128_", 128),
new CipherData("_WITH_DES40_CBC_", 40),
new CipherData("_WITH_DES_CBC_", 56),
new CipherData("_WITH_3DES_EDE_CBC_", 168),
new CipherData("_WITH_AES_128_CBC_", 128),
new CipherData("_WITH_AES_256_CBC_", 256)
};
它看起来像一个可接受的解决方法。这是唯一的方法吗?
It looks like an acceptable workaround. Is it the only way to do it?
推荐答案
您可以简单地从连接字符串中解析密钥大小。如果是DES EDE,它是168(如果你计数奇偶校验位,则为192)。否则它有一个默认或密钥大小直接在对称算法的名称后面。
You can simply parse the key size out of the connection string. If it's DES EDE it's 168 (or 192 if you count the parity bits). Otherwise it has a default or the key size is directly behind the name of the symmetric algorithm.
我会说Apache的方式似乎是一个非常可以接受的方式。您必须手动插入默认的密钥大小 - 对于那些密码,如IDEA - 无论如何。实例化密码对象只是为了获得可接受的密钥大小似乎对我来说太过分了。
I would say that the Apache way seems a very acceptable way to do it yes. You'll have to manually insert the default key sizes - for those ciphers such as IDEA - anyway. Instantiating a Cipher object just to get to the acceptable key sizes seems overkill to me.
抽象/自动化是所有非常好,但你可以走得太远这里的(半)硬编码表没有任何错误。
Abstraction/automation is all very nice but you can go too far. Nothing wrong with a (semi) hard coded table here.
这篇关于如何获取Java SSL连接的实际块密码大小_in code_?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
