处理加密异常 [英] Handling crypto exceptions

问题描述

这是一个非常基本的代码段，在Java中处理加密/解密时很常见。

This, pretty basic, piece of code is quite common when handling encryption\decryption in Java.

final Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key, iv);
cipher.doFinal(*something*);

这三行，可能会抛出六个异常，我不知道什么是最干净的的代码可读性）方式来处理它们。
尝试使用六个catch子句对我来说真的看起来像一个气味。

These three lines alone, potentially throw six exceptions and I'm not sure what's the cleanest (in terms of code readability) way to handle them. A try with six catch clauses really looks like a smell to me.

使用这样的对象时，有没有micropatterns或最佳实践？

Are there micropatterns or best practices, I am obviously missing, when working with such objects?

EDIT

对不起，我想我没有自我解释好。我的问题不是真的要避免使用try \catch子句，而是如果有一种常见的方法来处理类似的情况。

Sorry, I think I didn't explain myself very well. My question is not really about avoiding a try\catch clause, but if there is a common way to handle similar situations.

例外是

NoSuchPaddingException, NoSuchAlgorithmException
InvalidAlgorithmParameterException, InvalidKeyException,
BadPaddingException, IllegalBlockSizeException

推荐答案

您表示以下异常：

NoSuchPaddingException, NoSuchAlgorithmException
InvalidAlgorithmParameterException, InvalidKeyException,
BadPaddingException, IllegalBlockSizeException

现在所有这些都是 GeneralSecurityException ，所以很容易捕获它们。但是看看用例，你可能不想这样做。

Now all of these are GeneralSecurityException's, so it would be easy to catch them all. But looking at the use case, you probably don't want to do that.

如果你查看异常的原因，你会发现任何这些异常 - 除了最后两个 - 只在生成算法或密钥的实现时抛出。我认为一旦你测试了你的应用程序，这些值保持或多或少静态是合理的。因此，合乎逻辑的是抛出一个 IllegalStateException 。 IllegalStateException 是一个运行时异常，你不需要抛出或捕获。当然，您应该将安全性异常说明为异常的原因

If you look at the cause of the exceptions then you will find that any of these exceptions - except for the last two - are only thrown when generating an implementation of an algorithm or a key. I think it is reasonable that once you have tested your application that these values remain more or less static. Hence it would be logical to throw - for instance - an IllegalStateException. IllegalStateException is a runtime exception which you are not required to throw or catch. Of course, you should indicate the security exception as being the cause of the exception.

现在最后两个异常， BadPaddingException 和 IllegalBlockSizeException 不同。它们依赖于实际的密文，因此它们依赖于算法的输入。现在通常您应该始终验证输入的完整性，然后将其输入到您的 Cipher 实例，例如通过首先验证HMAC校验和而解密）。所以在这个意义上，你仍然可以逃避运行时异常。如果你不检查完整性，你应该做一些不同的异常，如重新抛出它作为一个（不同的）检查异常。如果你采取这条路线，你应该明白例如。填充oracle攻击。

Now the last two exceptions, BadPaddingException and IllegalBlockSizeException are different. They depend on the actual ciphertext, so they are dependent on the input of the algorithm. Now normally you should always verify the integrity of the input before you feed it into your Cipher instance, initiated for decryption, for instance by first validating a HMAC checksum). So in that sense you could still get away with a runtime exception. If you don't check for integrity you should do something different with the exception, such as re-throwing it as a (different?) checked exception. If you take that route you should understand about e.g. padding oracle attacks.

最好使用单独 try / code>块用于构建和初始化 Cipher 和解密本身。您还可以在处理 BadPaddingException 和 IllegalBlockSizeException .com / javase / 6 / docs / api / java / security / GeneralSecurityException.htmlrel =nofollow> GeneralSecurityException 。从Java 7开始，你可以使用multi-catch语句（例如 catch（final BadPaddingException | IllegalBlockSizeException e））。

It is probably best to use separate try/catch blocks for the construction and initialization of the Cipher and the decryption itself. You could also catch the exceptions BadPaddingException and IllegalBlockSizeException before handling the GeneralSecurityException. Starting with Java 7 you may use multi-catch statements as well (e.g. catch(final BadPaddingException | IllegalBlockSizeException e)).

最后一些注意事项：

• 请注意，AES密钥可能会抛出异常如果未安装无限制的加密文件，请检查大小为192位和256位（检查 Oracle JavaSE网站以获取更多信息）;您应该在应用启动时检查是否允许密钥大小;


• 两者 BadPaddingException 和 IllegalBlockSizeException 可能是由于攻击或数据未创建完全存在。

• Beware that an exception may be thrown for AES key sizes 192 bit and 256 bit if the unlimited crypto files are not being installed (check the Oracle JavaSE site for more info); you should check if the key size is permitted when the application is started;
• Both BadPaddingException and IllegalBlockSizeException may be created because of attacks or because the data was not completely present.

这篇关于处理加密异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！