在.NET中,我怎么能解密用PBEWithMD5AndDES在Java中的加密值? [英] In .NET, how can I decrypt values that were encrypted using PBEWithMD5AndDES in Java?
问题描述
我们正在从一个传统的Java应用到我们新的.net应用程序迁移数据。 Java的应用程序有一个MySQL后端,和.NET应用程序有一个SQL Server后端。我们有两个完整的源代码code和配置文件,但没有谁曾在Java应用程序的开发人员仍留在公司,我们遇到了反向工程的一些逻辑,以迁移数据。我们大部分的数据移动超过正常在我们的测试。但是有一个柱,我们遇到了麻烦加密的值。
We're migrating data from a legacy Java app into our newer .NET app. The Java app has a MySQL backend, and the .NET app has a SQL Server back end. We have the full source code and config files for both, but none of the developers who worked on the Java app are still with the company, and we're having to reverse-engineer some of the logic in order to migrate the data. We have most of the data moving over properly in our tests. But there's one column with encrypted values that we're having trouble with.
据我所知,没有方法是明确被称为在Java应用程序进行加密或解密列它的访问时。相反,加密似乎是被自动内的ORM被用来访问数据(休眠)发生。我发现了一个名为 /entities/TABLENAME.hbm.xml ,我认为是为列Hibernate的模型定义XML文件。是XML文件中的相关行如下:
As far as I can tell, no methods are explicitly being called in the Java app to encrypt or decrypt the column when it's accessed. Rather, the encryption seems to be be happening automatically inside the ORM being used to access the data (Hibernate). I found an XML file named /entities/TABLENAME.hbm.xml that I believe to be Hibernate's model definition for the column. The relevant lines inside the XML file are as follows:
<property name="columnname" type="stringEncrypted">
<column name="TBL_COLUMNNAME" not-null="false" unique="false" sql-type="VARCHAR(255)"/>
</property>
请注意,该类型是 stringEncrypted 。对于定义 stringEncrypted 似乎是 /entities/global/User.hbm.xml ,如下:
Note that the type is stringEncrypted. The definition for stringEncrypted appears to be in /entities/global/User.hbm.xml, as follows:
<typedef name="stringEncrypted" class="org.jasypt.hibernate.type.EncryptedStringType">
<param name="encryptorRegisteredName">stringEncrypter</param>
</typedef>
然后在 stringEncrypter 设置似乎是在 /webapp/resources/spring/CompanyName-encryption.xml 如下(消毒,当然):
And then the stringEncrypter settings appear to be in /webapp/resources/spring/CompanyName-encryption.xml as follows (sanitized, of course):
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<bean id="stringEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="password">
<value>PASSWORD</value>
</property>
<property name="algorithm">
<value>PBEWithMD5AndDES</value>
</property>
<property name="saltGenerator">
<ref bean="fixedStringSaltGenerator"/>
</property>
</bean>
<bean id="fixedStringSaltGenerator" class="org.jasypt.salt.FixedStringSaltGenerator">
<property name="salt">
<value>SALTSALTSALTSALTSALTSALTSALTSALTSALT</value>
</property>
</bean>
<bean id="hibernateEncryptor" class="org.jasypt.hibernate.encryptor.HibernatePBEStringEncryptor">
<property name="registeredName">
<value>stringEncrypter</value>
</property>
<property name="encryptor">
<ref bean="stringEncryptor" />
</property>
</bean>
</beans>
所以,我认为这告诉我,是该列被加密 PBEWithMD5AndDES -method加密,使用密码密码和 SALTSALTSALTSALTSALTSALTSALTSALTSALT 。因此,问题是我怎么能解密列值.NET
So, what I think this tells me, is that the column is being encrypted with PBEWithMD5AndDES-method encryption, using a password of PASSWORD and a salt of SALTSALTSALTSALTSALTSALTSALTSALTSALT. So, the question is how can I decrypt the column values in .NET?
我最好的铅到目前为止,这是<一个href="http://thomashundley.com/post/2011/04/21/Emulating-Javae28099s-PBEWithMD5AndDES-Encryption-with-NET.aspx"相对=nofollow> 张贴者汤姆·亨德利PKCSKeyGenerator类。利用这一点,我已经尝试在.NET中的以下内容:
My best lead so far is this PKCSKeyGenerator class posted by Tom Hundley. Using that, I've attempted the following in .NET:
string encryptedInput = "mG5bz6duwBL3jVCLKyI8Zw=="; // This is an encrypted value copied from MySQL Workbench
string saltString = "SALTSALTSALTSALTSALTSALTSALTSALTSALT";
string keyString = "PASSWORD";
byte[] saltBytes = new byte[saltString.Length * sizeof(char)];
System.Buffer.BlockCopy(saltString.ToCharArray(), 0, saltBytes, 0, saltBytes.Length);
PKCSKeyGenerator crypto = new PKCSKeyGenerator(
keyString, // key
saltBytes, // salt
13, 1); // Magic numbers. I don't really get 'em.
ICryptoTransform ct = crypto.Decryptor;
byte[] cipherBytes = Convert.FromBase64String(encryptedInput);
byte[] clearBytes = ct.TransformFinalBlock(cipherBytes, 0, cipherBytes.Length);
string clearString = Encoding.Unicode.GetString(clearBytes);
当我运行它,我得到:
CryptographicException: Bad Data
我环顾四周,其他的解密方法,扫描了Java $ C $下的任何其他code,可能是在使用中,并修补了在PKCSKeyGenerator的参数,和我没有取得任何进展。我似乎无法使这能解密工作。你有什么建议吗?先谢谢了。
I've looked around for other decryption methods, scanned the Java code for any other code that might be in use, and tinkered with the parameters in of PKCSKeyGenerator, and I've made no progress. I just can't seem to make this decription work. Do you have any suggestions? Thanks in advance.
推荐答案
汤姆·亨德利的<一个href="http://thomashundley.com/post/2011/04/21/Emulating-Javae28099s-PBEWithMD5AndDES-Encryption-with-NET.aspx"相对=nofollow> PKCSGenerator 在问题中提到类似乎正确地实施非标PBEwithMD5andDES密钥派生算法。你缺少的部分是迭代,其中显示13个问题中的数量。 (这些段参数应为1,因为你显示,对DES;对于三重DES,这将增加,这取决于所使用的密钥的选项)
Tom Hundley's PKCSGenerator class mentioned in the question appears to correctly implement the non-standard "PBEwithMD5andDES" key derivation algorithm. The piece you are missing is the number of iterations, which you show as 13 in the question. (The segments parameter should be 1, as you show, for DES; for triple-DES, this would increase, depending on the keying option used.)
在我检查的版本,迭代Jasypt的密钥派生算法的默认数量仅为1000的值( StandardPBEByteEncryptor.DEFAULT_KEY_OBTENTION_ITERATIONS )。
In the version I checked, the default number of iterations for Jasypt's key derivation algorithm is only 1000 (the value of StandardPBEByteEncryptor.DEFAULT_KEY_OBTENTION_ITERATIONS).
由于要删除加密,这应该足以让你继续.NET。如果你想保持加密,我会强烈建议迁移加密列,使他们使用PBKDF2从PKCS#5与AES加密一起。如果你要做到这一点,我会使用更为反复,也许5万至10取决于您有可用。
Since you are removing encryption, this should suffice to allow you to proceed with .NET. If you wanted to keep the encryption, I would strongly recommend migrating the encrypted columns so that they are encrypting using PBKDF2 from PKCS #5 together with AES. If you were to do that, I'd use far more iterations, maybe 50,000 to 100,000 depending on the resources you have available.
这篇关于在.NET中,我怎么能解密用PBEWithMD5AndDES在Java中的加密值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
