AES加密使用openssl解密使用java [英] AES encrypt with openssl decrypt using java
问题描述
我必须使用 openssl 命令行或 C api 加密一个 xml 文件.输出应为 Base64.
I have to encrypt an xml file using openssl command line or a C api. The output shall be Base64.
一个java程序将用于解密.此程序由客户提供且无法更改(他们将此代码用于遗留应用程序).正如您在下面的代码中看到的那样,客户提供了一个密码短语,因此将使用 SecretKeySpec 方法生成密钥.
A java programm will be used for decrypting. This programm is provided by the customer and cannot be changed (they are using this code for legacy applications). As you can see in the code below the customer provides a passphrase so the key will be generated using the SecretKeySpec method.
Java 代码:
// Passphrase
private static final byte[] pass = new byte[] { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0','1', '2', '3', '4', '5' };
public static String encrypt(String Data) throws Exception {
Key key = generateKey();
Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding");
c.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = c.doFinal(Data.getBytes());
String encryptedValue = new BASE64Encoder().encode(encVal);
return encryptedValue;
}
public static String decrypt(String encryptedData) throws Exception {
Key key = generateKey();
Cipher c = Cipher.getInstance("AES/ECB/PKCS5Padding");
c.init(Cipher.DECRYPT_MODE, key);
byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedData);
byte[] decValue = c.doFinal(decordedValue);
String decryptedValue = new String(decValue);
return decryptedValue;
}
private static Key generateKey() throws Exception {
Key key = new SecretKeySpec(pass, "AES");
return key;
}
我已经测试了几个命令,例如:
I have tested several commands like:
openssl enc -aes-128-ecb -a -salt -in file.xml -out file_enc.xml -pass pass:123456789012345
openssl enc -aes-128-ecb -a -nosalt -in file.xml -out file_enc.xml -pass pass:123456789012345
但是没有使用 java 成功解密给定的输出.出于测试目的,我使用给定的 java 代码进行加密,结果当然与来自 openssl 的结果不同.
But non of the given outputs is successfuly decrypted using java. For testing purposes I used the given java code for encrypting and the result is of course different than the one from openssl.
有没有办法使用openssl C api或命令行来加密数据,以便使用给定的java代码成功解密?
Is there a way to use openssl C api or command line to encrypt data so it could be successful decrypted using the given java code?
推荐答案
Java 的 SecretKeySpec 直接使用密码 ASCII 字节作为密钥字节,而 OpenSSL 的 -pass pass:...code> 方法使用 密钥派生函数从密码中派生一个密钥 以安全的方式将密码转换为密钥.您可以尝试在 Java 中进行相同的密钥派生(如果我正确解释您的问题,您可能无法这样做),或者使用 OpenSSL 的 -K 选项来传递密钥(作为十六进制字节!)密码.
Java's SecretKeySpec uses the password ASCII bytes directly as key bytes, while OpenSSL's -pass pass:... method derives a key from the password using a key derivation function to transform the password into a key in a secure fashion. You can either try to do the same key derivation in Java (which you probably cannot if I interpret your question correctly), or use OpenSSL's -K option to pass in a key (as hex bytes!) instead of a password.
您可以在那里了解如何.
这篇关于AES加密使用openssl解密使用java的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
