我应该使用哪种Java加密算法? [英] What Java encryption algorithms should I use?

问题描述

我正在开发一个程序，该程序需要存储静态加密的二进制信息.不幸的是，我似乎找不到一个可以解释哪种加密方案最适合不同应用程序的资源.

I'm working on a program that needs to store binary information encrypted at rest. Unfortunately, I can't seem to find a resource that explains which encryption schemes are best for different applications.

由于加密非常复杂，而且我不是专家，因此我决定使用名为 Jasypt 包装了Java的内置加密功能.为了弄清楚我可以使用哪些算法，我编写了一些单元测试.

Since encryption is complicated and I'm not an expert, I've decided to use a library called Jasypt that wraps Java's built-in encryption functions. To figure out what algorithms are available to me, I wrote a few unit tests.

第一个测试调用Jasypt的AlgorithmRegistry.getAllPBEAlgorithms()函数，并列出所有可用的加密算法:

The first test calls Jasypt's AlgorithmRegistry.getAllPBEAlgorithms() function and lists out all available encryption algorithms:

PBEWITHHMACSHA1ANDAES_128
PBEWITHHMACSHA1ANDAES_256
PBEWITHHMACSHA224ANDAES_128
PBEWITHHMACSHA224ANDAES_256
PBEWITHHMACSHA256ANDAES_128
PBEWITHHMACSHA256ANDAES_256
PBEWITHHMACSHA384ANDAES_128
PBEWITHHMACSHA384ANDAES_256
PBEWITHHMACSHA512ANDAES_128
PBEWITHHMACSHA512ANDAES_256
PBEWITHMD5ANDDES
PBEWITHMD5ANDTRIPLEDES
PBEWITHSHA1ANDDESEDE
PBEWITHSHA1ANDRC2_128
PBEWITHSHA1ANDRC2_40
PBEWITHSHA1ANDRC4_128
PBEWITHSHA1ANDRC4_40

在运行时，如果您尝试使用由于某种原因不被支持或违反Java的加密规则的算法，Jasypt将抛出EncryptionOperationNotPossibleException.有趣的是，如果我尝试使用每种可用"算法来加密然后解密一些任意数据，并且只打印出不会抛出该异常的算法，那么我会得到一个缩小的列表:

At runtime, Jasypt will throw an EncryptionOperationNotPossibleException if you try to use an algorithm that for some reason isn't supported or violates Java's encryption rules. Interestingly, if I attempt to use each of the 'available' algorithms to encrypt and then decrypt some arbitrary data, and only print out the ones that don't throw that exception, I get this slimmed down list:

PBEWITHMD5ANDDES
PBEWITHSHA1ANDDESEDE
PBEWITHSHA1ANDRC2_128
PBEWITHSHA1ANDRC2_40
PBEWITHSHA1ANDRC4_128
PBEWITHSHA1ANDRC4_40

通过引入 BouncyCastle JCE并通过执行.如果在执行此操作后重复上一次测试，则会得到更大的算法列表供您选择:

The list of available algorithms can be expanded by pulling in the BouncyCastle JCE and registering it by executing Security.addProvider(new BouncyCastleProvider()). If I repeat the previous test after doing this, I get a much bigger list of algorithms to choose from:

PBEWITHMD2ANDDES
PBEWITHMD5AND128BITAES-CBC-OPENSSL
PBEWITHMD5AND192BITAES-CBC-OPENSSL
PBEWITHMD5AND256BITAES-CBC-OPENSSL
PBEWITHMD5ANDDES
PBEWITHMD5ANDRC2
PBEWITHSHA1ANDDES
PBEWITHSHA1ANDDESEDE
PBEWITHSHA1ANDRC2
PBEWITHSHA1ANDRC2_128
PBEWITHSHA1ANDRC2_40
PBEWITHSHA1ANDRC4_128
PBEWITHSHA1ANDRC4_40
PBEWITHSHA256AND128BITAES-CBC-BC
PBEWITHSHA256AND192BITAES-CBC-BC
PBEWITHSHA256AND256BITAES-CBC-BC
PBEWITHSHAAND128BITAES-CBC-BC
PBEWITHSHAAND128BITRC2-CBC
PBEWITHSHAAND128BITRC4
PBEWITHSHAAND192BITAES-CBC-BC
PBEWITHSHAAND2-KEYTRIPLEDES-CBC
PBEWITHSHAAND256BITAES-CBC-BC
PBEWITHSHAAND3-KEYTRIPLEDES-CBC
PBEWITHSHAAND40BITRC2-CBC
PBEWITHSHAAND40BITRC4
PBEWITHSHAANDIDEA-CBC
PBEWITHSHAANDTWOFISH-CBC

不幸的是，现在我不知道所有这些算法中哪一个最适合我的应用程序.我有点怀疑AES是正确的选择，并且PBEWITHSHA256AND256BITAES-CBC-BC看起来是密钥长度最长的AES实现，但是我不知道该去哪里确认这一怀疑.

Unfortunately, now I have no idea which of these many algorithms is most appropriate for my application. I have an inkling that AES is the right way to go, and it looks like PBEWITHSHA256AND256BITAES-CBC-BC is the AES implementation with the longest key length, but I don't know where to go to confirm that suspicion.

其中哪些方案可以提供最高的安全级别，并且存在明显的安全问题?

Which of these schemes would provide the highest security levels and which have obvious security issues?

编辑:我希望能够在不要求最终用户安装无限加密文件的情况下分发我的代码，因为这几乎肯定超出了并非精通技术的用户的能力.我真正想要的是在不使用无限制强度管辖区文件的情况下可以获得的最强大的加密.

I want to be able to distribute my code without requiring the end user to install the unlimited cryptography files, as that will almost certainly be beyond the capabilities of not so tech savvy users. What I really want is the strongest encryption that I can get without using the unlimited strength jurisdiction files.

推荐答案

首先，您应该从Oracle安装无限的加密文件.这样做之后，您应该拥有较少的EncryptionOperationNotPossibleException s和更高的安全级别.

First of all you should install the unlimited cryptography files from Oracle. After doing so you should have fewer EncryptionOperationNotPossibleExceptions and higher security levels should become available.

此外，对于最高级别的加密，我根本不会使用JaSypt，因为它不会似乎提供了密文的完整性检查或身份验证.对于只是似乎无关紧要的机密性.但是实际上，您需要根据威胁模型进行检查.

Furthermore, for the highest level encryption possible I would not use JaSypt at all, because it doesn't seem to provide any integrity checking or authentication of ciphertext. For just confidentiality that doesn't seem to matter. But in practice you'd need to check that against your threat model.

如果您决定使用JaSypt(我个人不喜欢)，则应该将PBEWITHHMACSHA512ANDAES_256作为最高级别的选择.确保您了解PBKDF2和工作因素(迭代次数，例如

If you'd decide to use JaSypt (which I personally dislike) you should probably go for PBEWITHHMACSHA512ANDAES_256 as highest level possibility. Make sure you understand PBKDF2 and work factors (iteration count, e.g. setKeyObtentionIterations.

您不需要充气城堡. AES被认为是安全的；在您使用JaSypt的示例中，Bouncy Castle所做的所有事情都是添加晦涩的密码.在上面的列表中，除AES以外的所有内容都没有比AES安全.

You don't need Bouncy Castle. AES is considered secure; all Bouncy Castle does - for your example that uses JaSypt - is adding obscure ciphers. In the above list, everything other than AES is less secure than AES.

这篇关于我应该使用哪种Java加密算法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！