如何开始使用 BouncyCastle? [英] How do I get started using BouncyCastle?
问题描述
因此,在 CodingHorror 的加密乐趣 和激烈的评论之后,我们正在重新考虑做我们自己的加密.
So after CodingHorror's fun with encryption and the thrashing comments, we are reconsidering doing our own encryption.
在这种情况下,我们需要将一些识别用户的信息传递给第三方服务,然后第三方服务将使用这些信息和哈希值回调我们网站上的服务.
In this case, we need to pass some information that identifies a user to a 3rd party service which will then call back to a service on our website with the information plus a hash.
第二个服务查找该用户的信息,然后将其传递回第三个服务.
The 2nd service looks up info on that user and then passes it back to the 3rd party service.
我们想加密这些进入第 3 方服务的用户信息,并在它出来后解密.所以它不是一个长期存在的加密.
We want to encrypt this user information going into the 3rd party service and decrypt it after it comes out. So it is not a long lived encryption.
在编码恐怖文章中,Coda Hale 推荐了 BouncyCastle 和库中的高级抽象来针对特定需求进行加密.
On the coding horror article, Coda Hale recommended BouncyCastle and a high level abstraction in the library to do the encryption specific to a particular need.
我的问题是 BouncyCastle 命名空间很大,而且文档不存在.谁能指出我这个高级抽象库?(或者除了 BouncyCastle 之外的其他选择?)
My problem is that the BouncyCastle namespaces are huge and the documentation is non-existant. Can anyone point me to this high level abstraction library? (Or another option besides BouncyCastle?)
推荐答案
高级抽象?我想 Bouncy Castle 库中的最高级别抽象包括:
High level abstraction? I suppose the highest level abstractions in the Bouncy Castle library would include:
- BlockCipher 接口(用于对称密码)
- BufferedBlockCipher 类
- AsymmetricBlockCipher 接口
- BufferedAsymmetricBlockCipher 类
- CipherParameters 接口(用于初始化分组密码和非对称分组密码)
- The BlockCipher interface (for symmetric ciphers)
- The BufferedBlockCipher class
- The AsymmetricBlockCipher interface
- The BufferedAsymmetricBlockCipher class
- The CipherParameters interface (for initializing the block ciphers and asymmetric block ciphers)
我最熟悉该库的 Java 版本.也许这个代码片段会为您提供足够高的抽象来满足您的目的(例如使用 AES-256 加密):
I am mostly familiar with the Java version of the library. Perhaps this code snippet will offer you a high enough abstraction for your purposes (example is using AES-256 encryption):
public byte[] encryptAES256(byte[] input, byte[] key) throws InvalidCipherTextException {
assert key.length == 32; // 32 bytes == 256 bits
CipherParameters cipherParameters = new KeyParameter(key);
/*
* A full list of BlockCiphers can be found at http://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/crypto/BlockCipher.html
*/
BlockCipher blockCipher = new AESEngine();
/*
* Paddings available (http://www.bouncycastle.org/docs/docs1.6/org/bouncycastle/crypto/paddings/BlockCipherPadding.html):
* - ISO10126d2Padding
* - ISO7816d4Padding
* - PKCS7Padding
* - TBCPadding
* - X923Padding
* - ZeroBytePadding
*/
BlockCipherPadding blockCipherPadding = new ZeroBytePadding();
BufferedBlockCipher bufferedBlockCipher = new PaddedBufferedBlockCipher(blockCipher, blockCipherPadding);
return encrypt(input, bufferedBlockCipher, cipherParameters);
}
public byte[] encrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException {
boolean forEncryption = true;
return process(input, bufferedBlockCipher, cipherParameters, forEncryption);
}
public byte[] decrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException {
boolean forEncryption = false;
return process(input, bufferedBlockCipher, cipherParameters, forEncryption);
}
public byte[] process(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters, boolean forEncryption) throws InvalidCipherTextException {
bufferedBlockCipher.init(forEncryption, cipherParameters);
int inputOffset = 0;
int inputLength = input.length;
int maximumOutputLength = bufferedBlockCipher.getOutputSize(inputLength);
byte[] output = new byte[maximumOutputLength];
int outputOffset = 0;
int outputLength = 0;
int bytesProcessed;
bytesProcessed = bufferedBlockCipher.processBytes(
input, inputOffset, inputLength,
output, outputOffset
);
outputOffset += bytesProcessed;
outputLength += bytesProcessed;
bytesProcessed = bufferedBlockCipher.doFinal(output, outputOffset);
outputOffset += bytesProcessed;
outputLength += bytesProcessed;
if (outputLength == output.length) {
return output;
} else {
byte[] truncatedOutput = new byte[outputLength];
System.arraycopy(
output, 0,
truncatedOutput, 0,
outputLength
);
return truncatedOutput;
}
}
编辑:糟糕,我刚刚阅读了您链接到的文章.听起来他在谈论比我想象的更高级别的抽象(例如,发送机密消息").恐怕我不太明白他在说什么.
Edit: Whoops, I just read the article you linked to. It sounds like he is talking about even higher level abstractions than I thought (e.g., "send a confidential message"). I am afraid I don't quite understand what he is getting at.
这篇关于如何开始使用 BouncyCastle?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!