解密硬codeD文件的byte [] [英] Decrypting a hardcoded file as byte[]
问题描述
嗯,这实际上是一个双舞伴...
Well this is actually a two-parter...
首先,我需要
- 读取文件的内容
- 隐窝它们放到一个
字节[]
- 写
字节[]
在一个文件或任何...
- read the contents of the file
- crypt them into a
byte[]
- write the
byte[]
in a file or whatever...
然后,从第2或第3的结果将进入另一个项目。我试图保护我们的PEM / DER键。
Then the result from #2 or #3 will go into another project. I'm trying to protect our PEM/DER keys.
有关解密,我需要
- 读取加密的文件中的内容
字节[]
- 解密它们放到一个
字节[]
- 解密后的数据写入到文件或用它来代替的文件
现在,我有一些基本的crypting code
Now, I have some basic crypting code
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128); // 192 and 256 bits may not be available
SecretKey secretKey = keyGenerator.generateKey();
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
// By initializing the cipher in CBC mode, an "initialization vector" has been randomly
// generated. This initialization vector will be necessary to decrypt the encrypted data.
// It is safe to store the initialization vector in plain text for later use. You can obtain
// it's bytes by calling iv.getIV().
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
IvParameterSpec iv = cipher.getParameters().getParameterSpec(IvParameterSpec.class);
// IvParameterSpec iv = new IvParameterSpec(IV); //used for the hardcoded one
byte[] encryptedData = cipher.doFinal(data);
和解密之一,也是
cipher.init(Cipher.DECRYPT_MODE, secretKey, iv);
byte[] decryptedData = cipher.doFinal(encryptedData);
System.out.println("decrypted: " + new String(decryptedData));
和问题是:
我知道我需要保存IV,但是当我做了解密不太好 - 这使我相信,我需要保存SecretKey的还有
I know I need to save the IV, but when I did decryption wasn't quite good - which leads me to believe that I need to save the secretKey as well.
谁能给我任何提示,指针或一般的安全提示,以更好的解决方案?如果我需要保存密钥,IV和加密数据,我应该在哪里存放呢?也许硬code中的键和存储沿着所述加密的数据的第四?也许很难code IV和密钥和加密都只是数据存储中的文件?
Could anyone give me any tips, pointers or general security hints to a better solution? If I need to save the key, the IV and the encrypted data, where should I store them? Maybe hardcode the key and store the IV along the encrypted data? Maybe hardcode both the IV and the key and just store encrypted data in the files?
这是不是理论上的安全性,认为这是最大的nuissance和不便,你可能会导致有人认为是试图窃取你的钥匙。我们都知道有没有办法,我可以完全隐藏起来。
This isn't about theoretical safety, think of this as the biggest nuissance and inconvenience you can cause to someone that is trying to steal your keys. We all know there's no way I can perfectly hide them.
我pretty多么需要这家伙开始<一href=\"http://stackoverflow.com/questions/8432531/decrypting-an-encrypted-file-and-executing-in-java\">Decrypting加密文件,并在Java中执行
I pretty much need what this guy started with Decrypting an encrypted file and executing in Java
不过,如果有安全的数据馈送到PemKeyReader一个更好的办法,我所有的耳朵。
However if there's a better way of feeding secure data into a PemKeyReader, i'm all ears.
推荐答案
共享密钥和加密的东西是两个完全不同的事情。 <一href=\"http://docs.oracle.com/javase/6/docs/technotes/guides/security/certpath/CertPathProgGuide.html#CoreClasses\"相对=nofollow>如何共享密钥
Sharing the key and encrypting something are two completely different things. How to share keys
尽管如此, AES
有128位是相当强大的加密算法,比 3DES
所以,你可以做的是保持 PKI
到位的基础设施来交换 AES密钥
,然后加密,并使用它们解密。
Having said this, AES
with 128bit is fairly strong encryption algorithm than 3DES
So what you can do is keep PKI
infrastructure in place to exchange AES keys
and then Encrypt and Decrypt using them.
为什么不 RSA
? RSA
必须是最小的512位认为它是最强的,如果你增加更多的位,然后它增加了加密和解密所需的时间。
Why not RSA
? RSA
needs to be minimum 512 bit to consider it as strongest and if you increase more bits then it increases time required for encryption and decryption.
SO AES是快速和安全。
SO AES is fast and safe.
使用 SecretKeySpec 创建从字节键[]
Use SecretKeySpec to create key from byte[]
public static void main(String[] args) throws Exception
{
// Initialise secret key with predefined byte array [] like below. I
// have used simple string to array method to generate 16 byte array.
// AES Key must be minimum 16 bytes.
// Now you can put this byte array some where is .SO file.
// Generate new Key using this byte []
// Then you can generate a key using device specific information at
// first boot up.
// Use second key to encrypt data and first key to encrypt the second
// key
// I Hope it clears all the doubts
SecretKey key = new SecretKeySpec("ABCDEFGHIJKLMNOP".getBytes(), "AES");
System.out.println(Arrays.toString(key.getEncoded()));
// Initialise Cipher with AES Algorithm
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
// Set The Encrypt Mode
cipher.init(Cipher.ENCRYPT_MODE, key);
// Encrypt some bytes
byte[] encrypted = cipher.doFinal("ABCDEFGH".getBytes());
// Print it to vefiry
System.out.println(Arrays.toString(encrypted));
// Get The IV
byte[] iv = cipher.getIV();
System.out.println(iv.length);
// Now why storing you can create structure like [16 IV][Encrypted Data]
// And while decrypting you can read first [16] bytes IV and then
// decrypt remaining bytes
//byte[] iv = new byte[16];
// System.arraycopy(encrypted, 0, iv, 0, 16)
//Copy remaining bytes to decrypt
// set cipher to decrypt mode
cipher.init(Cipher.DECRYPT_MODE, key,new IvParameterSpec(iv));
// decrypt it
byte[] decrypted = cipher.doFinal(encrypted);
System.out.println(new String(decrypted));
}
现在写一个算法,将生成类似设备名称,用户名,随机种子等一些随机数据的byte []。
Now write an algorithm which will generate byte[] from some random data like device name, user name, random seed etc.
您可以通过在写C的算法添加到算法源$ C $ C更多的保护
并创建 .SO
文件,并获得字节[]
使用本地通话
。
You can add more protection to algorithm source code by writing that algorithm in C
and create.SO
file and get byte []
using Native calls
.
什么是做这一切的优势是什么?
What are the advantages of doing all this?
- 事件如果因此被黑客攻击,它需要实时环境中运行关键创造出来的。
- 即使有些人做破解它的损失将是有限的,即1设备
- 黑客将不得不重复相同的每个这是非常不可能做到的设备。
这篇关于解密硬codeD文件的byte []的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!