序列化对象解密(和其他字节字段)期间的StreamCorruptedException [英] StreamCorruptedException during serialised object decryption (and other byte fields)
问题描述
我的软件在解密过程中引发了StreamCorruptedException:
我的密码是AES / CBC / PKCS5Padding,我的密钥是用PBKey Derivation方法获得的,所以我需要创建一个salt来生成AES128密钥。
my software raised StreamCorruptedException during a deciphering: My cipher is AES/CBC/PKCS5Padding and my key is obtained with PBKey Derivation method, so I need to create a salt to generate AES128 key.
我的目标是获得以这种方式形成的文件:
My goal is to obtain a file formed in this way:
(我将删除异常管理代码以提高可读性)
我的密码:
(I will delete exception management code to improve readability) My cipher code:
char[] password = passwordString.toCharArray();
SecureRandom random = new SecureRandom();
byte salt[] = new byte[SALT_BYTES];
random.nextBytes(salt);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec keySpec = new PBEKeySpec(password, salt, ITERATION, AES_KEY_BITS);
SecretKey tmp = factory.generateSecret(keySpec);
SecretKey secretKey = new SecretKeySpec(tmp.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
FileOutputStream fout = null;
ObjectOutputStream objOut = null;
fout = new FileOutputStream(PRIVATE_RING_FILENAME);
fout.write(salt);
byte[] ivN = cipher.getIV();
fout.write(ivN);
CipherOutputStream cos = new CipherOutputStream(fout, cipher);
objOut = new ObjectOutputStream(cos);
PrivateKeyRing prvKeyRing = new PrivateKeyRing();
SealedObject sealedObject = new SealedObject(prvKeyRing, cipher);
objOut.writeObject(sealedObject);
fout.close();
objOut.close();
cos.close();
它没有问题。
我的解密代码:
char[] password = passwordString.toCharArray();
File file = new File(PRIVATE_RING_FILENAME);
FileInputStream fin = new FileInputStream(file);
Cipher cipher = Cipher.getInstance("AES/CFB/PKCS5Padding");
byte[] salt = new byte[SALT_BYTES];
fin.read(salt);
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
KeySpec keySpec = new PBEKeySpec(password, salt, ITERATION, AES_KEY_BITS);
SecretKey = factory.generateSecret(keySpec);
SecretKey secretKey = new SecretKeySpec(tmp.getEncoded(), "AES");
byte[] ivN = new byte[AES_BYTES];
fin.read(ivN, 0, AES_BYTES);
cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(ivN));
CipherInputStream cis = new CipherInputStream(fin, cipher);
ObjectInputStream objIn;
PrivateKeyRing prvKeyRing = null;
SealedObject sealedObject = null;
objIn = new ObjectInputStream(cis);
sealedObject = (SealedObject) objIn.readObject();
prvKeyRing = (PrivateKeyRing) sealedObject.getObject(cipher);
objIn.close();
fin.close();
cis.close();
但StreamCorruptedException:无效的流标题:73720019在系统执行时发生:
But StreamCorruptedException: invalid stream header: 73720019 occurs when system execute:
objIn = new ObjectInputStream(cis);
如果我尝试编写对象而不加密所有作品。
您怎么看?
我在尝试编写多个序列化对象时读到了一些问题,但我认为情况并非如此。
If I try to write the object without ciphering all works. What do you think about? I read about some problem when you try to write multiple serialised object but I think this is not the case.
推荐答案
这是因为您使用相同的密码加密和解密两次。首先用密码密封物体,然后将其写入密码输出流,密码处于密封物体的状态。这不会产生可以使用密码在其初始状态下解密的文件。您必须首先解开对象,然后从流中读取它,这是不可能的。摆脱密码流或密封对象。
This comes about because you are encrypting and decrypting twice with the same cipher. The object is first sealed with the cipher and then written to the cipher output stream, with the cipher in the state resulting from sealing the object. This does not yield a file that can be decrypted with the cipher in its initial state. You would have to unseal the object first and then read it from the stream, which is impossible. Get rid of either the cipher streams or the sealed object.
这篇关于序列化对象解密(和其他字节字段)期间的StreamCorruptedException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
