AES256加密解密可能在Java中没有无限的强度JCE文件？ [英] Is AES256 encryption decryption possible in Java without unlimited strength JCE files?

问题描述

我正在开展的项目有一个需要AES加密和解密的段。从我可以查找的所有可能的互联网来源，很难找到任何AES256加密的参考，而无需从Sun的（现在的Oracle网站）下载并安装Unlimited Strength JCE文件。除了分发相关的任何法律问题外，在询问最终用户访问特定网站并下载一些文件时，不要帮助我们，而是将其放在目录中，然后将其添加到classpath中在Windows等等！

The project I am working on has a segment which requires AES encryption and decryption. From all the possible internet source that I could look up, it was hard to find any reference to AES256 encryption without having to download and install the Unlimited Strength JCE files from Sun's (now Oracle's website). Besides whatever legal issues that exist with the distribution of the same, it is not helping us very practically when it comes to asking an end user to visit a particular website and download some files, put them in a directory and then add things to classpath if on Windows etc!

在互联网上有一些参考BountyCastle的轻量级API，可能不需要JCE文件，但我无法查找非常相关参考或示例展示了它。

There were some references on the internet to BountyCastle's lightweight API which possibly didn't require the JCE files, but I couldn't look up a very relevant reference or example which demonstrated it.

不确定，但这是每个其他编程语言的问题吗？

Not sure, but is this a problem with every other programming language?

如果没有安装具有这些特定JCE文件的AES 256位加密程序不可能，JNI方法可以帮助吗？

If it is not possible to have AES 256 bit encryption without those having those particular JCE files installed, then can the JNI approach help?

要详细说明一下，AES 256加密在C / C ++中完成，然后我可以使用JNI调用那些具有所需结果的加密？将软件（作为jar文件）打包成为关注的问题，还是有其他问题？

To elaborate a bit, can AES 256 encryption be done in C/C++ and then can I call those using JNI to have the desired results? Would packaging the software (as a jar file) be a cause of concern, or can there be other issues?

另一个重要的因素是项目将运行Mac和Windows，所以可以使用C / C ++（特定的编译器/解释器版本或任何东西）来限制？

Another important factor that comes into play is that the project would be run both of Mac and Windows, so can be be limitations using C/C++ (specific compiler/interpreter versions or anything)?

有不同的方法来处理这个？任何其他方法？

Is there a different way to handle this? Any other approach(es)?

推荐答案

密钥大小限制在密码 Java类。可以使用实现AES的任何其他类获得AES-256功能。例如，可以使用 Bouncy Castle 的轻量级API来使用任何力量。在这种情况下，您可以例如使用 org.bouncycastle.crypto.engines.AESFastEngine （和模式和填充，仍然可以使用Bouncy Castle的正常的 .jar ，但是您不会使用BouncyCastle的JCA功能提供者。

The key size restrictions are implemented in the Cipher class of Java. It is possible to use any other class that implements AES to get AES-256 functionality. For instance, it is possible to use the "lightweight" API of Bouncy Castle to use key sizes of any strength. In that case you can e.g. use org.bouncycastle.crypto.engines.AESFastEngine directly (and a mode and a padding of your choice. It is still possible to use the normal .jar for Bouncy Castle, but you won't be using the JCA functionality of the BouncyCastle provider.

这有一些缺点和优势。轻量级的Bouncy Castle API通过添加到Sun类中的JCA功能稍低一些BC提供者，而且，许多组件（如Java，JSSE或XML加密库中的SSL层）使用JCA提供所需的加密功能，需要的库e JCA功能仍将被限制在限制的密钥大小。

This has some disadvantages and advantages. The lightweight Bouncy Castle API is somewhat lower level to the JCA functionality added to the Sun classes by the "BC" provider. Furthermore, a lot of components (such as the SSL layer within Java, JSSE, or the XML encryption libraries) use the JCA to supply the required cryptographic functionality. The libraries that require JCA functionality will still be limited to restricted key sizes.

请注意，使用其他提供者将不起作用，因为 Cipher 类本身检查密钥大小。可能包含在JCA提供程序中的 CipherSpi 实现类不能（肯定地）影响允许的密钥大小。您只能直接使用实现类。

Note that using other providers won't work, as the Cipher class itself checks for the key size. The CipherSpi implementation classes that may be contained within a JCA provider cannot (positively) influence the allowed key sizes. You can only directly use the implementation classes.

这篇关于AES256加密解密可能在Java中没有无限的强度JCE文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！