Java加密和Javascript解密 [英] Java Encryption and Javascript Decryption
问题描述
我想加密一个数据在java和解密相同的javascript。在SO中已经有一个类似的问题,但它不适合我。
我的问题是 - 由Java代码给出的加密文本不会被Javascript解密。我已经硬编码加密的文本和密钥在我的JS下面。
我知道在UI上的解密是没有用的,因为Key将可见,任何用户都可以解码代码。但是我这样做的要求是绕过渗透测试工具。
Java代码 -
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class Crypt {
private static final String ALGO =AES;
private static final byte [] keyValue =
new byte [] {'A','b','c','d','e','f','g',$ b'b'h','i','j','k','l','m','n','o','p'
public static String encrypt(String Data)throws Exception {
Key key = generateKey();
String keyForJS = Base64.encodeBase64String(keyValue);
System.out.println(Key2 =+ keyForJS);
Cipher c = Cipher.getInstance(ALGO);
c.init(Cipher.ENCRYPT_MODE,key);
byte [] encVal = c.doFinal(Data.getBytes());
String encryptedValue = Base64.encodeBase64(encVal).toString();
return encryptedValue;
}
private static Key generateKey()throws Exception {
Key key = new SecretKeySpec(keyValue,ALGO);
return key;
}
public static void main(String a [])throws Exception
{
System.out.println(Encryption =+ Crypt.encrypt测试));
}
}
在eclipse中执行上述代码生成以下输出 -
Key2 = [B @ 670b5064
加密= [B @ 3c8b22e5
现在我将这个数据用于我的JS代码
< script src =http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js>< / script>
< script src =http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js>< / script>
var base64Key =[B @ 670b5064; //这是来自Java的输出键
var key = CryptoJS.enc.Base64.parse(base64Key);
var decryptptedData = CryptoJS.AES.decrypt([B @ 3c8b22e5,key,{//这是来自Java
mode:CryptoJS.mode的输出文本。 ECB,
padding:CryptoJS.pad.Pkcs7
});
var decryptptedText = decryptptedData.toString(CryptoJS.enc.Utf8);
console.log(decryptptedText =+ decryptedText);
JS代码的输出 -
- (空白,没有出现)。
请查找JS Fiddle - http://jsfiddle.net/achyut/pKNzV/11/
你没有听GregS的意见,所以我会为你做所有的工作:
Fiddle的HTML:
< script src =http ://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js>< / script>
< script src =http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js>< / script>
< body>
< pre id =output>< / pre>
< / body>
和解决问题的JavaScript,基本上只是GregS的注释和输出函数。 p>
function out(){
var args = Array.prototype.slice.call(arguments,0);
document.getElementById('output')。innerHTML + = args.join()+\\\
;
}
out(decrypted text:);
var base64Key =QWJjZGVmZ2hpamtsbW5vcA ==;
var key = CryptoJS.enc.Base64.parse(base64Key);
VAR decryptedData = CryptoJS.AES.decrypt(lxbdRfoav / 6UW / yZtuQM9X1qaI7qZLyuPWgmwPkti / Ayl4CpiPEAMklpaq74BU / U / MxxLgDz4CMs / jm9xzATMFyHOAvObkrnHwydC4PKsej1mqZsgYyQ4qDeKk6on / fdkkLLRMkIFYyBXRTLb / Q1Y85jzbRTOpTG50EjOxMZFlQ =键,{
模式:CryptoJS.mode .ECB,
padding:CryptoJS.pad.Pkcs7
});
var decryptptedText = decryptptedData.toString(CryptoJS.enc.Utf8);
out(decryptedText =+ decryptedText);
I am trying to encrypt a data in java and decrypt the same in javascript. There is already a similar question in SO but it does not work for me.
My question is - Encrypted Text given by Java code is not getting decrypted by Javascript. I have hardcoded the the encrypted text and key in my JS below.
P.S. I know decryption on the UI is of no use as Key will be visible and any user can decode the code. But my requirement of doing so is to bypass a Penetration Testing tool. So please suggest how it can be done
Java code -
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
public class Crypt {
private static final String ALGO = "AES";
private static final byte[] keyValue =
new byte[] { 'A', 'b', 'c', 'd', 'e', 'f', 'g',
'h', 'i', 'j', 'k','l', 'm', 'n', 'o', 'p'};
public static String encrypt(String Data) throws Exception {
Key key = generateKey();
String keyForJS = Base64.encodeBase64String(keyValue);
System.out.println("Key2 = " + keyForJS);
Cipher c = Cipher.getInstance(ALGO);
c.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = c.doFinal(Data.getBytes());
String encryptedValue = Base64.encodeBase64(encVal).toString();
return encryptedValue;
}
private static Key generateKey() throws Exception {
Key key = new SecretKeySpec(keyValue, ALGO);
return key;
}
public static void main(String a[]) throws Exception
{
System.out.println("Encryption = " + Crypt.encrypt("Test"));
}
}
execution of the above code in eclipse generate the following output -
Key2 = [B@670b5064
Encryption = [B@3c8b22e5
Now i will use this data for my JS Code
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js"></script>
var base64Key = "[B@670b5064"; // This is the output key from Java
var key = CryptoJS.enc.Base64.parse(base64Key);
var decryptedData = CryptoJS.AES.decrypt( "[B@3c8b22e5", key, { // This is the Output text from Java
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
} );
var decryptedText = decryptedData.toString( CryptoJS.enc.Utf8 );
console.log( "decryptedText = " + decryptedText );
Output of JS code -
decryptedText - (Its blank, nothing appears). Please find JS Fiddle - http://jsfiddle.net/achyut/pKNzV/11/
You didn't listen to the comments of GregS, so I'll do all the work for you:
HTML of Fiddle:
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/aes.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/mode-ecb-min.js"></script>
<body>
<pre id="output"></pre>
</body>
and the JavaScript that solves the issue, basically just the comment of GregS and an output function.
function out() {
var args = Array.prototype.slice.call(arguments, 0);
document.getElementById('output').innerHTML += args.join("") + "\n";
}
out("decrypted text: ");
var base64Key = "QWJjZGVmZ2hpamtsbW5vcA==";
var key = CryptoJS.enc.Base64.parse(base64Key);
var decryptedData = CryptoJS.AES.decrypt("lxbdRfoav/6UW/yZtuQM9X1qaI7qZLyuPWgmwPkti/Ayl4CpiPEAMklpaq74BU/U/MxxLgDz4CMs/jm9xzATMFyHOAvObkrnHwydC4PKsej1mqZsgYyQ4qDeKk6on/fdkkLLRMkIFYyBXRTLb/Q1Y85jzbRTOpTG50EjOxMZFlQ=", key, {
mode: CryptoJS.mode.ECB,
padding: CryptoJS.pad.Pkcs7
});
var decryptedText = decryptedData.toString(CryptoJS.enc.Utf8);
out("decryptedText = " + decryptedText);
You can run the fiddle here and you can find the hints with regards to the output here.
这篇关于Java加密和Javascript解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!