如何开始使用 BouncyCastle? [英] How do I get started using BouncyCastle?

问题描述

因此，在 CodingHorror 的加密乐趣 和激烈的评论之后，我们正在重新考虑做我们自己的加密.

So after CodingHorror's fun with encryption and the thrashing comments, we are reconsidering doing our own encryption.

在这种情况下，我们需要将一些识别用户的信息传递给第三方服务，然后第三方服务将使用这些信息和哈希值回调我们网站上的服务.

In this case, we need to pass some information that identifies a user to a 3rd party service which will then call back to a service on our website with the information plus a hash.

第二个服务查找该用户的信息，然后将其传递回第三个服务.

The 2nd service looks up info on that user and then passes it back to the 3rd party service.

我们想加密这些进入第 3 方服务的用户信息，并在它出来后解密.所以它不是一个长期存在的加密.

We want to encrypt this user information going into the 3rd party service and decrypt it after it comes out. So it is not a long lived encryption.

在编码恐怖文章中，Coda Hale 推荐了 BouncyCastle 和库中的高级抽象来针对特定需求进行加密.

On the coding horror article, Coda Hale recommended BouncyCastle and a high level abstraction in the library to do the encryption specific to a particular need.

我的问题是 BouncyCastle 命名空间很大，而且文档不存在.谁能指出我这个高级抽象库?(或者除了 BouncyCastle 之外的其他选择?)

My problem is that the BouncyCastle namespaces are huge and the documentation is non-existant. Can anyone point me to this high level abstraction library? (Or another option besides BouncyCastle?)

推荐答案

高级抽象?我想 Bouncy Castle 库中的最高级别抽象包括:

High level abstraction? I suppose the highest level abstractions in the Bouncy Castle library would include:

• BlockCipher 接口(用于对称密码)
• BufferedBlockCipher 类
• AsymmetricBlockCipher 接口
• BufferedAsymmetricBlockCipher 类
• CipherParameters 接口(用于初始化分组密码和非对称分组密码)

• The BlockCipher interface (for symmetric ciphers)
• The BufferedBlockCipher class
• The AsymmetricBlockCipher interface
• The BufferedAsymmetricBlockCipher class
• The CipherParameters interface (for initializing the block ciphers and asymmetric block ciphers)

我最熟悉该库的 Java 版本.也许这个代码片段会为您提供足够高的抽象来满足您的目的(例如使用 AES-256 加密):

I am mostly familiar with the Java version of the library. Perhaps this code snippet will offer you a high enough abstraction for your purposes (example is using AES-256 encryption):

public byte[] encryptAES256(byte[] input, byte[] key) throws InvalidCipherTextException {
    assert key.length == 32; // 32 bytes == 256 bits
    CipherParameters cipherParameters = new KeyParameter(key);

    /*
     * A full list of BlockCiphers can be found at http://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/crypto/BlockCipher.html
     */
    BlockCipher blockCipher = new AESEngine();

    /*
     * Paddings available (http://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/crypto/paddings/BlockCipherPadding.html):
     *   - ISO10126d2Padding
     *   - ISO7816d4Padding
     *   - PKCS7Padding
     *   - TBCPadding
     *   - X923Padding
     *   - ZeroBytePadding
     */
    BlockCipherPadding blockCipherPadding = new ZeroBytePadding();

    BufferedBlockCipher bufferedBlockCipher = new PaddedBufferedBlockCipher(blockCipher, blockCipherPadding);

    return encrypt(input, bufferedBlockCipher, cipherParameters);
}

public byte[] encrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException {
    boolean forEncryption = true;
    return process(input, bufferedBlockCipher, cipherParameters, forEncryption);
}

public byte[] decrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException {
    boolean forEncryption = false;
    return process(input, bufferedBlockCipher, cipherParameters, forEncryption);
}

public byte[] process(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters, boolean forEncryption) throws InvalidCipherTextException {
    bufferedBlockCipher.init(forEncryption, cipherParameters);

    int inputOffset = 0;
    int inputLength = input.length;

    int maximumOutputLength = bufferedBlockCipher.getOutputSize(inputLength);
    byte[] output = new byte[maximumOutputLength];
    int outputOffset = 0;
    int outputLength = 0;

    int bytesProcessed;

    bytesProcessed = bufferedBlockCipher.processBytes(
            input, inputOffset, inputLength,
            output, outputOffset
        );
    outputOffset += bytesProcessed;
    outputLength += bytesProcessed;

    bytesProcessed = bufferedBlockCipher.doFinal(output, outputOffset);
    outputOffset += bytesProcessed;
    outputLength += bytesProcessed;

    if (outputLength == output.length) {
        return output;
    } else {
        byte[] truncatedOutput = new byte[outputLength];
        System.arraycopy(
                output, 0,
                truncatedOutput, 0,
                outputLength
            );
        return truncatedOutput;
    }
}

编辑:糟糕，我刚刚阅读了您链接到的文章.听起来他在谈论比我想象的更高级别的抽象(例如，发送机密消息").恐怕我不太明白他在说什么.

Edit: Whoops, I just read the article you linked to. It sounds like he is talking about even higher level abstractions than I thought (e.g., "send a confidential message"). I am afraid I don't quite understand what he is getting at.

这篇关于如何开始使用 BouncyCastle?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！