如何使用java解码使用openssl aes-128-cbc编码的字符串? [英] How to decode a string encoded with openssl aes-128-cbc using java?
本文介绍了如何使用java解码使用openssl aes-128-cbc编码的字符串?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我使用 openssl 使用以下命令对字符串进行编码:
openssl enc -aes-128-cbc -a -salt -pass pass:mypassword<<< stackoverflow
结果给我一个编码字符串: U2FsdGVkX187CGv6DbEpqh / L6XRKON7uBGluIU0nT3w = / code>
到目前为止,我只需要使用openssl进行解码,所以以下命令返回以前编码的字符串:
openssl enc -aes-128-cbc -a -salt -pass pass:mypassword -d<<< U2FsdGVkX187CGv6DbEpqh / L6XRKON7uBGluIU0nT3w =
结果: stackoverflow
现在,我需要在 java应用程序中解码编码的字符串。
< h1>我的问题是:
有人可以为我提供一个简单的java类来解码用以前给出的openssl命令编码的字符串?
非常感谢。
解决方案
使用Bouncy Castle图书馆解决。
这是代码:
包示例;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.BlockCipherPadding;
import org.bouncycastle.crypto.paddings.PKCS7Padding;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
public class OpenSSLAesDecrypter
{
private static final int AES_NIVBITS = 128; // CBC初始化向量(与密码块大小相同)[16字节]
private final int keyLenBits;
public OpenSSLAesDecrypter(int nKeyBits)
{
this.keyLenBits = nKeyBits;
}
public byte []解密(byte [] pwd,byte [] src)
{
// openssl非标准扩展名:salt embedded in start的加密文件
byte [] salt = Arrays.copyOfRange(src,8,16); // 0..7是SALTED__,8..15是盐
try
{
//加密算法。请注意,strength(bitsize)由所使用的关键对象控制。
//请注意,PKCS5填充和PKCS7填充是相同的。
BlockCipherPadding padding = new PKCS7Padding();
BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()),padding);
CipherParameters params = getCipherParameters(pwd,salt);
cipher.reset();
cipher.init(false,params);
int buflen = cipher.getOutputSize(src.length - 16);
byte [] workingBuffer = new byte [buflen];
int len = cipher.processBytes(src,16,src.length - 16,workingBuffer,0);
len + = cipher.doFinal(workingBuffer,len);
//请注意,getOutputSize返回一个数字,其中包含要存储的填充字节的空格。
//但是我们不希望这些填充字节; len变量包含* real * data的长度
//(它总是小于getOutputSize的返回值
byte [] bytesDec = new byte [len];
System.arraycopy(workingBuffer,0,bytesDec,0,len);
return bytesDec;
}
catch(InvalidCipherTextException e)
{
System.err。 println(Error:Decryption failed);
return null;
}
catch(RuntimeException e)
{
System.err.println(Error:Decryption失败);
返回null;
}
}
私有CipherParameters getCipherParameters(byte [] pwd,byte [] salt)
{
//使用opensl非标准(pwd,salt) - >(key,iv)算法的bouncycastle实现
//注意,如果选择了CBC密码,则需要IV当一个密钥使用密码
// Openssl
// *在派生密钥的同时,从(pwd,salt)对导出IV。
//
// * PBE =基于密码的加密
// * CBC =密码块链接(即需要IV)
//
//注意当IV源自(pwd,salt)时,每个消息的盐**必须是不同的;这是
// openssl的默认值 - 只要确保不明确提供盐,或者加密安全性会严重影响
//。
OpenSSLPBEParametersGenerator gen = new OpenSSLPBEParametersGenerator();
gen.init(pwd,salt);
CipherParameters cp = gen.generateDerivedParameters(keyLenBits,AES_NIVBITS);
return cp;
}
public static void main(String [] args)
{
OpenSSLAesDecrypter d = new OpenSSLAesDecrypter(128);
String r = new String(d.decipher(mypassword.getBytes(),
Base64.decodeBase64(U2FsdGVkX187CGv6DbEpqh / L6XRKON7uBGluIU0nT3w =)));
System.out.println(r);
}
}
使用以下依赖关系来编译/运行它: / p>
I'm using openssl to encode a string using the following command :
openssl enc -aes-128-cbc -a -salt -pass pass:mypassword <<< "stackoverflow"
Result give me an encoded string: U2FsdGVkX187CGv6DbEpqh/L6XRKON7uBGluIU0nT3w=
Until now, i only need to decode this using openssl, so the following command returns the string previously encoded:
openssl enc -aes-128-cbc -a -salt -pass pass:mypassword -d <<< "U2FsdGVkX187CGv6DbEpqh/L6XRKON7uBGluIU0nT3w="
Result: stackoverflow
Now, i need to decode the encoded string in a java application.
My question is:
Is anyone can provide me a simple java class to decode a string encoded with the previously given openssl command?
Many thanks.
解决方案
Solved it using Bouncy Castle library.
Here is the code:
package example;
import java.util.Arrays;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.BufferedBlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.paddings.BlockCipherPadding;
import org.bouncycastle.crypto.paddings.PKCS7Padding;
import org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher;
public class OpenSSLAesDecrypter
{
private static final int AES_NIVBITS = 128; // CBC Initialization Vector (same as cipher block size) [16 bytes]
private final int keyLenBits;
public OpenSSLAesDecrypter(int nKeyBits)
{
this.keyLenBits = nKeyBits;
}
public byte[] decipher(byte[] pwd, byte[] src)
{
// openssl non-standard extension: salt embedded at start of encrypted file
byte[] salt = Arrays.copyOfRange(src, 8, 16); // 0..7 is "SALTED__", 8..15 is the salt
try
{
// Encryption algorithm. Note that the "strength" (bitsize) is controlled by the key object that is used.
// Note that PKCS5 padding and PKCS7 padding are identical.
BlockCipherPadding padding = new PKCS7Padding();
BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()), padding);
CipherParameters params = getCipherParameters(pwd, salt);
cipher.reset();
cipher.init(false, params);
int buflen = cipher.getOutputSize(src.length - 16);
byte[] workingBuffer = new byte[buflen];
int len = cipher.processBytes(src, 16, src.length - 16, workingBuffer, 0);
len += cipher.doFinal(workingBuffer, len);
// Note that getOutputSize returns a number which includes space for "padding" bytes to be stored in.
// However we don't want these padding bytes; the "len" variable contains the length of the *real* data
// (which is always less than the return value of getOutputSize.
byte[] bytesDec = new byte[len];
System.arraycopy(workingBuffer, 0, bytesDec, 0, len);
return bytesDec;
}
catch (InvalidCipherTextException e)
{
System.err.println("Error: Decryption failed");
return null;
}
catch (RuntimeException e)
{
System.err.println("Error: Decryption failed");
return null;
}
}
private CipherParameters getCipherParameters(byte[] pwd, byte[] salt)
{
// Use bouncycastle implementation of openssl non-standard (pwd,salt)->(key,iv) algorithm.
// Note that if a "CBC" cipher is selected, then an IV is required as well as a key. When using a password,
// Openssl
// *derives* the IV from the (pwd,salt) pair at the same time as it derives the key.
//
// * PBE = Password Based Encryption
// * CBC = Cipher Block Chaining (ie IV is needed)
//
// Note also that when the IV is derived from (pwd, salt) the salt **must** be different for each message; this is
// the default for openssl - just make sure to NOT explicitly provide a salt, or encryption security is badly
// affected.
OpenSSLPBEParametersGenerator gen = new OpenSSLPBEParametersGenerator();
gen.init(pwd, salt);
CipherParameters cp = gen.generateDerivedParameters(keyLenBits, AES_NIVBITS);
return cp;
}
public static void main(String[] args)
{
OpenSSLAesDecrypter d = new OpenSSLAesDecrypter(128);
String r = new String(d.decipher("mypassword".getBytes(),
Base64.decodeBase64("U2FsdGVkX187CGv6DbEpqh/L6XRKON7uBGluIU0nT3w=")));
System.out.println(r);
}
}
Use the following dependencies to compile/run it:
这篇关于如何使用java解码使用openssl aes-128-cbc编码的字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
