如何正确使用 CipherOutputStream 对使用 log4j (RollingFileAppender) 创建的日志进行加密和解密 [英] How to use CipherOutputStream correctly to encrypt and decrypt log created with log4j (RollingFileAppender)

问题描述

我在加密/解密由 log4j 的 RollingFileAppender 生成的日志文件时遇到问题.对于加密，我尝试扩展 RollingFileAppender，只需将其称为 EncryptedRollingFileAppender.我覆盖了方法

I have a problem in encrypting/decrypting log file generated by log4j's RollingFileAppender. For the encryption I have tried to extend the RollingFileAppender, just call it EncryptedRollingFileAppender. I override the method

setFile(String fileName, boolean append, boolean bufferedIO, int bufferSize)

基本上我使用 CipherOutputStream 和 Base64OutputStream 来加密和编码写入输出流的所有内容.这是代码的一部分:

and basically I use CipherOutputStream and Base64OutputStream to encrypt and encode everything written to the output stream. Here's part of the code:

...
setImmediateFlush(true);

FileOutputStream ostream = null;
CipherOutputStream cstream = null;
Base64OutputStream b64stream = null;
try {        
    byte[] keyBytes = "1234123412341234".getBytes();  //example
    final byte[] ivBytes = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 
         0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }; //example

    final SecretKey key = new SecretKeySpec(keyBytes, "AES");
    final IvParameterSpec IV = new IvParameterSpec(ivBytes);
    final Cipher cipher = Cipher.getInstance("AES/CFB8/NoPadding");
    cipher.init(Cipher.ENCRYPT_MODE, key, IV);

    ostream = new FileOutputStream(fileName, true);
    b64stream = new Base64OutputStream(ostream);
    cstream = new CipherOutputStream(b64stream, cipher);

    } catch(Exception ex) {
        ex.printStackTrace();
    }

Writer cw = createWriter(cstream);
...

然后我用这个代码解密文件:

And then i decrypt the file with this code:

private static void decryptFile(String filename) throws Exception {
    FileInputStream fis = null;
    BufferedReader br = new BufferedReader(new FileReader(filename));

    File file = new File(filename + "-decrypted");
    file.createNewFile();
    Writer out = new OutputStreamWriter(new FileOutputStream(filename + "-decrypted"), "UTF-8");

    String line = null;
    try {
         while (( line = br.readLine()) != null){
             line = decrypt(Base64.decodeBase64(line));
             out.write(line);
         }
    } catch (Exception e) {
        e.printStackTrace();
    } finally {
        if (br != null) {
            br.close();
        }
        if (fis != null) {
            fis.close();
        }
        if (out != null) {
            out.close();
        }
    }
}

public static String decrypt(byte[] line) throws Exception {
    byte[] keyBytes = "1234123412341234".getBytes();
    final byte[] ivBytes = new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
                0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f };

    final SecretKey secretkey = new SecretKeySpec(keyBytes, "AES");
    final IvParameterSpec IV = new IvParameterSpec(ivBytes);
    final Cipher decipher = Cipher.getInstance("AES/CFB8/NoPadding");
    decipher.init(Cipher.DECRYPT_MODE, secretkey, IV);
    final byte[] plainText = decipher.doFinal(line);

    return new String(plainText, "UTF-8").trim();
}

它起作用了，但只是部分起作用.结果文件中的一些文本被正确解密，而另一些则没有.如果你很好奇，这就是我所说的部分的意思:

It worked but only partially. Some texts in the result file were decrypted correctly but some others were not. If you're curious, this is what I mean by partially:

07 Jul 11 13:13:13, DEBUG  MrBean.java:checkUserVal���̥V;��ƃ�˨�� - username: squall,password: 4GROmr95Qcf����v�M�7�y�5�@CGO09 ,active: true 

我也尝试将算法更改为DESede"，但它仍然被部分解密.然后我尝试在两端都使用CBC/PKCS5Padding"，但出现异常

I also have tried changing the algorithm to "DESede" but it was still partially decrypted. Then I tried to use "CBC/PKCS5Padding" in both ends but I got an exception

javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher

我认为加密没有正确填充输入，但我想知道为什么...因为当我使用相同的加密和解密算法而没有 CipherOutputStream 时，填充工作得很好.任何人都可以帮助我完成这项工作吗?任何帮助将不胜感激.

I assume the encryption is not properly padding the input but I wonder why... because when I use the same encryption and decryption algorithms without the CipherOutputStream the padding worked just fine. Anyone can help me to make this works? Any help will be appreciated.

PS:对不起，我的英语不是我的母语.

PS: Sorry for my English, it's not my native language.

推荐答案

看起来不错.您是否为每条消息重置/初始化密码对象?您可能不想这样做，但是如果您这样做了，那么您需要仔细考虑密码文件的结构，因为解密器需要知道消息边界在哪里.

Looks pretty good. Are you resetting/initializing the cipher object for every message? You probably don't want to do that, but if you do then you need to think carefully about the structure of the cipher file, because the decryptor needs to know where the message boundaries are.

这篇关于如何正确使用 CipherOutputStream 对使用 log4j (RollingFileAppender) 创建的日志进行加密和解密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！