这是一个安全的加密方法 [英] Is this a secure encryption method
本文介绍了这是一个安全的加密方法的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我为Android编写使用对称密钥加密来保护敏感数据的应用程序。据我所知,只有Android的直接支持PBEWithMD5AndDES。安全性如何这个算法?另外,我在下面列出(非安卓)我的code。是我的code正确加密的数据?
进口java.io.UnsupportedEncodingException;
进口java.security.InvalidAlgorithmParameterException;
进口java.security.InvalidKeyException;
进口java.security.NoSuchAlgorithmException;
进口java.security.SecureRandom中;
进口java.security.spec.InvalidKeySpecException;
进口java.security.spec.InvalidParameterSpecException;
进口javax.crypto.BadPaddingException;
进口javax.crypto.Cipher中;
进口javax.crypto.IllegalBlockSizeException;
进口javax.crypto.NoSuchPaddingException;
进口javax.crypto.SecretKey;
进口javax.crypto.SecretKeyFactory;
进口javax.crypto.spec.IvParameterSpec;
进口javax.crypto.spec.PBEKeySpec;
进口javax.crypto.spec.SecretKeySpec;公共类CipherTest
{ 私有静态类EncryptInfo
{ 私人最终的byte []的EncryptedData;
私人最终的byte [] initVector;
私人最终的byte []盐; 公共EncryptInfo(字节[]的EncryptedData,字节[] initVector,字节[]盐)
{
this.encryptedData = encryptedData.clone();
this.initVector = initVector.clone();
this.salt = salt.clone();
} 公众的byte [] getEncryptedData()
{
返回的EncryptedData;
} 公众的byte [] getInitVector()
{
返回initVector;
} 公众的byte [] getSalt()
{
返回盐;
} } 私有静态最后弦乐keyGenAlgorithm =PBEWithMD5AndDES;
私有静态最后弦乐keyAlgorithm =DES;
私有静态最后弦乐cipherTransform =PBEWithMD5AndDES / CBC / PKCS5Padding 私有静态EncryptInfo加密(的char []密码,字节[]数据)
抛出抛出:NoSuchAlgorithmException,InvalidKeySpecException,
NoSuchPaddingException,InvalidKeyException将,
InvalidParameterSpecException,IllegalBlockSizeException,
BadPaddingException,UnsupportedEncodingException
{ 字节[] =盐新的字节[16];
新的SecureRandom()的nextBytes(盐); PBEKeySpec keySpec =新PBEKeySpec(口令,盐,1024); SecretKeyFactory secretKeyFactory = SecretKeyFactory
.getInstance(keyGenAlgorithm);
SecretKey的SecretKey的= secretKeyFactory.generateSecret(keySpec)根据;
keySpec.clearPassword();
字节[]键= secretKey.getEn codeD();
SecretKeySpec secretKeySpec =新SecretKeySpec(键,keyAlgorithm);
密码加密= Cipher.getInstance(cipherTransform);
cipher.init(Cipher.ENCRYPT_MODE,secretKeySpec); 字节[] = initVector cipher.getParameters()。getParameterSpec可以(
IvParameterSpec.class).getIV(); 返回新EncryptInfo(cipher.doFinal(数据),initVector,盐);
} 公共静态的byte []解密(字节[]数据的char []密码,字节[]盐,
字节[] initVector)抛出抛出:NoSuchAlgorithmException,
InvalidKeySpecException,NoSuchPaddingException,
InvalidKeyException将,抛出:InvalidAlgorithmParameterException,
IllegalBlockSizeException,BadPaddingException
{
PBEKeySpec keySpec =新PBEKeySpec(口令,盐,1024); SecretKeyFactory secretKeyFactory = SecretKeyFactory
.getInstance(keyGenAlgorithm);
SecretKey的SecretKey的= secretKeyFactory.generateSecret(keySpec)根据;
keySpec.clearPassword();
字节[]键= secretKey.getEn codeD();
SecretKeySpec secretKeySpec =新SecretKeySpec(键,keyAlgorithm);
密码加密= Cipher.getInstance(cipherTransform);
cipher.init(Cipher.DECRYPT_MODE,secretKeySpec,新IvParameterSpec(
initVector));
返回cipher.doFinal(数据);
} 公共静态无效的主要(字串[] args)抛出异常
{
的char []密码=密码.toCharArray(); EncryptInfo信息=加密(密码,消息.getBytes()); 字节[] = decyptedText解密(info.getEncryptedData(),密码信息
.getSalt(),info.getInitVector()); 的System.out.println(新的String(decyptedText)); }
}
解决方案
这两个MD5和DES薄弱。如果你被加密的数据是真正有价值的,你应该寻找一些外部加密库为Android,提供AES和SHA256 / SHA512算法。
I'm writing an application for Android that uses symmetric key encryption to protect sensitive data. As far as I can tell, Android only directly supports "PBEWithMD5AndDES". How secure is this algorithm? Also, I've included my code below (non-andriod). Is my code correctly encrypting the data?
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class CipherTest
{
private static class EncryptInfo
{
private final byte[] encryptedData;
private final byte[] initVector;
private final byte[] salt;
public EncryptInfo(byte[] encryptedData, byte[] initVector, byte[] salt)
{
this.encryptedData = encryptedData.clone();
this.initVector = initVector.clone();
this.salt = salt.clone();
}
public byte[] getEncryptedData()
{
return encryptedData;
}
public byte[] getInitVector()
{
return initVector;
}
public byte[] getSalt()
{
return salt;
}
}
private static final String keyGenAlgorithm = "PBEWithMD5AndDES";
private static final String keyAlgorithm = "DES";
private static final String cipherTransform = "PBEWithMD5AndDES/CBC/PKCS5Padding";
private static EncryptInfo encrypt(char[] password, byte[] data)
throws NoSuchAlgorithmException, InvalidKeySpecException,
NoSuchPaddingException, InvalidKeyException,
InvalidParameterSpecException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException
{
byte[] salt = new byte[16];
new SecureRandom().nextBytes(salt);
PBEKeySpec keySpec = new PBEKeySpec(password, salt, 1024);
SecretKeyFactory secretKeyFactory = SecretKeyFactory
.getInstance(keyGenAlgorithm);
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
keySpec.clearPassword();
byte[] key = secretKey.getEncoded();
SecretKeySpec secretKeySpec = new SecretKeySpec(key, keyAlgorithm);
Cipher cipher = Cipher.getInstance(cipherTransform);
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
byte[] initVector = cipher.getParameters().getParameterSpec(
IvParameterSpec.class).getIV();
return new EncryptInfo(cipher.doFinal(data), initVector, salt);
}
public static byte[] decrypt(byte[] data, char[] password, byte[] salt,
byte[] initVector) throws NoSuchAlgorithmException,
InvalidKeySpecException, NoSuchPaddingException,
InvalidKeyException, InvalidAlgorithmParameterException,
IllegalBlockSizeException, BadPaddingException
{
PBEKeySpec keySpec = new PBEKeySpec(password, salt, 1024);
SecretKeyFactory secretKeyFactory = SecretKeyFactory
.getInstance(keyGenAlgorithm);
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
keySpec.clearPassword();
byte[] key = secretKey.getEncoded();
SecretKeySpec secretKeySpec = new SecretKeySpec(key, keyAlgorithm);
Cipher cipher = Cipher.getInstance(cipherTransform);
cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, new IvParameterSpec(
initVector));
return cipher.doFinal(data);
}
public static void main(String[] args) throws Exception
{
char[] password = "password".toCharArray();
EncryptInfo info = encrypt(password, "Message".getBytes());
byte[] decyptedText = decrypt(info.getEncryptedData(), password, info
.getSalt(), info.getInitVector());
System.out.println(new String(decyptedText));
}
}
解决方案
Both MD5 and DES are weak. If your data being encrypted is really valuable, you should look for some external crypto library for Android that offers AES and SHA256/SHA512 algorithms.
这篇关于这是一个安全的加密方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文