Java的加密问题 [英] Java Encryption issue
问题描述
我使用PBE加密加密和解密的Android应用程序一些文字,但我得到的BadPaddingException:与垫块损坏的消息时,我使用了错误的私钥解密文本。
我的问题,因为我不能很好地加密Java的精通,就是如果是加密API的正常行为,因为我需要做一些逻辑的情况下输入了错误的关键时候,但我不知道私关键的,我也不保存任何地方(存储仅仅是加密和解密检查文本)。
I am using PBE encryption to encrypt and decrypt some text on an Android application but I get the BadPaddingException: with the "pad block corrupted" message when I use the wrong private key to decrypt the text. My question, since I am not well versed with encryption in Java, is if this is the normal behavior of the encryption API, because I need to do some logic in the case when the wrong key is entered, but I do not know the private key, nor do I store it anywhere (storing just the encrypted and decrypted check text).
谢谢,
米哈伊
Thanks, Mihai
推荐答案
这是正常的,最关键的不匹配导致坏填充错误。但是,这是不是100%万无一失无论是。例如,在对称加密与PKCS#5填充(填充数据的一种很常见的方式)的情况下,错误的按键约0.4%的的不的导致不良填充。解密后的数据仍然是垃圾,但是,出于发飙的机会,垃圾变成了一个有效的填充结束。您的应用程序的不得的使它明显解密失败是由于不良的填充,或与异想天开的有效填充垃圾:该信息(主要是中键的0.4%,其中产生一个正确的部件填充)是其可具有严重的后果泄漏。已经有针对SSL连接一些攻击的方式。
It is normal that most key mismatches result in a "bad padding error". But this is not 100% foolproof either. For instance, in the case of symmetric encryption with PKCS#5 padding (a very common way to pad data), about 0.4% of wrong keys will not result in a bad padding. The decrypted data will still be garbage, but, out of freak chance, that garbage turned out to end with a valid padding. Your application must not make it apparent whether a decryption failure is due to bad padding, or to garbage with freakishly valid padding: that information (whether the key is part of the 0.4% of keys which yield a proper padding) is a leak which can have severe consequences. There have been some attacks against SSL connections that way.
这篇关于Java的加密问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
