SUN JCE / Oracle JCE中的默认RSA填充 [英] Default RSA padding in SUN JCE/Oracle JCE

问题描述

你能帮我指出什么是默认的RSA填充。

Could you help me to point out what is the default RSA padding.

精确地说，如果我创建如下的密码实例，确保java正在使用某种填充作为加密文本字节长度总是显示256字节的2048 RSA密钥，不管纯文本是一个字符或10个字符。

Precisely, if I create cipher instance as below, sure java is using some sort of padding as encrypted text bytes length always shows 256 bytes for 2048 RSA key irrespective of plain text is one characters or 10 characters.

Cipher.getInstance("RSA")  

我想知道什么是默认填充java如果在Cipher.getInstance（RSA）中没有指定填充，则使用内部。是PKCS＃1 v 1.5？

I wanted to know what is default padding java use internally if no padding is specified in Cipher.getInstance("RSA"). is that PKCS#1 v 1.5?

感谢您，
Sam

Thanks, Sam

推荐答案

RSA / ECB / PKCS1Padding其中ECB是一个不正确的位，因为它不实现块加密操作模式（它不处理大于块大小）。 RSA / None / PKCS1Padding将是一个更好的名称或RSA / None / RSASSA-PKCS1-v1_5因为你对padding机制的猜测是正确的。

It's identical to "RSA/ECB/PKCS1Padding" where ECB is a bit of a misnomer, as it does not implement a block cipher mode of operation (it doesn't handle plaintext larger than the "block size"). "RSA/None/PKCS1Padding" would have been a better name or "RSA/None/RSASSA-PKCS1-v1_5" as your guess about the padding mechanism is correct.

这意味着它使用旧的加密模式; OAEP更能抵御攻击，并包含安全证据。不幸的是，OAEP当然不能成为新的默认值，因为所有现有的密文将不再解密。这是为什么使用默认值是stupid的原因之一。

This means that it uses a older mode of encryption; OAEP is more resistant against attacks and contains a security proof. Unfortunately OAEP can of course not be made the new default because all existing ciphertext would not decrypt anymore. This is one of the reasons why using defaults is stupid in the first place.

PKCS＃1 v1.5 padding也意味着输入被限制为键大小减去11字节。注意，生成的密文的大小总是与PKCS＃1中的密钥大小相同;即使所得到的整数较小，它将用零字节左填充。我假设这里的键大小是8的倍数。

PKCS#1 v1.5 padding also means that the input is restricted to a maximum of the key size minus 11 bytes. Note that the size of the resulting ciphertext is always identical to the key size in PKCS#1; even if the resulting integer is smaller it will be left padded with zero bytes. I'm assuming here that the key size is a multiple of 8.

你不应该依赖默认的算法规范。这使得代码更难理解，默认值可能确实因每个提供商而不同（尽管大多数会尝试遵循Oracle的领先，以避免不兼容）。所以使用它只是为了理解在现有代码中配置的算法。在我看来，平台默认值唯一的地方是 SecureRandom 。

You should not rely on defaults for the algorithm specification. It makes the code harder to understand and defaults may indeed differ per provider (although most will try to follow Oracle's lead, to avoid incompatibilities). So use this only to understand which algorithm is configured in existing code. The only place where a platform default makes sense is SecureRandom in my opinion.

这篇关于SUN JCE / Oracle JCE中的默认RSA填充的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！