如何从AES-256切换到AES-128？ [英] How to switch from AES-256 to AES-128?

问题描述

有很多关于AES的问题，但我有以下问题。
我目前正在使用以下AES实现加密数据

There were many questions about AES, but I have the following problem. I'm currently using the following AES implementation to encrypt data

byte [] PRFkey = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};
byte [] plaintext = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15};

SecretKeySpec encryptionKey=new SecretKeySpec(PRFkey, "AES");
Cipher cipher=Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
byte[] encryptedData=cipher.doFinal(plaintext);

结果是32字节（256位）。所以我使用AES-256。这个实现对我来说是慢的。如何切换到AES-128？我不需要任何填充或操作模式或键哈希。

And it turned out that result is 32-bytes (256 bits). So I'm using AES-256. This implementation is to slow for me. How can I switch to AES-128? I don't need any padding or mode of operation or key hashing.

提前感谢。

推荐答案

位AES。这是由您传递给 Cipher.init（）的密钥长度决定的，在您的示例中为十六个字节（128位）。

You are already using 128-bit AES. This is determined by the length of the key you pass to Cipher.init(), which is sixteen bytes (128 bits) in your example.

输出的大小取决于填充模式（和输入数据的大小）。由于您忽略了指定操作模式或填充，您的JCE提供程序可能默认为AES / ECB / PKCS5Padding。 PKCS＃5填充将总是添加一个额外的块到您的输出的大小，因此您收到32字节的输出，而不是16字节。

The size of your output will depend upon your padding mode (and the size of the input data). Since you neglected to specify an operation mode or padding, your JCE provider has likely defaulted to "AES/ECB/PKCS5Padding". PKCS #5 padding will always add one additional block to the size of your output, hence you received 32 bytes of output and not 16 bytes.

不允许您的提供商选择默认值为您。而是，明确指定模式和填充：

Never allow your provider to select default values for you. Instead, specify the mode and padding explicitly:

Cipher cipher=Cipher.getInstance("AES/ECB/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
byte[] encryptedData=cipher.doFinal(plaintext);  // will be 16 bytes

请记住，如果不指定填充，输入数据必须始终为精确 16个字节的倍数。还要注意，ECB模式具有相同的明文值将产生相同的密文值的属性。这在加密系统中是很少需要的。

Just remember that if you specify no padding, your input data must always be an exact multiple of 16 bytes. Also note that ECB-mode has the property that identical plaintext values will produce identical ciphertext values. This is rarely desirable in a cryptographic system.

这篇关于如何从AES-256切换到AES-128？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！