如何进行文件的加密和解密？ [英] How to do Encryption and Decryption of a File?

问题描述

我使用 CipherOutputStream 加密和解密文件在java，但输入文件> 117字节无法加密。
我使用RSA算法公钥长度为1024字节。

  cipher.init（Cipher.ENCRYPT_MODE，secKey）; 
 
 String cleartextFile =cleartext.txt; 
 String ciphertextFile =ciphertextSymm.txt; 
 
 FileInputStream fis = new FileInputStream（cleartextFile）; 
 FileOutputStream fos = new FileOutputStream（ciphertextFile）; 
 CipherOutputStream cos = new CipherOutputStream（fos，cipher）; 
 
 byte [] block = new byte [8]; 
 int i; 
 while（（i = fis.read（block））！= -1）{
 cos.write（block，0，i）; 
} 
 cos.close（）; 
  

如何加密输入文件长度> 117字节？

解决方案

您无法使用RSA加密文件，因为RSA（更确切地说， / Java>中的RSA）不允许您加密比密钥长度更多的数据。对于1024位密钥，您只能加密1024位，即128字节（实际上填补原因有点少）。

在所有情况下，使用公钥算法（非对称加密）加密大块数据是不好的做法，主要有两个原因。

1. 加密方式/填充使用RSA加密大量数据是不实际，适当和安全的。（即，做到这一点并不真正安全）。




2. 公钥算法要求一个大密钥是安全的（1024位，2048位），因此比对称密钥算法慢（只需要128到256位密钥如果你想要更多的细节，你不应该只使用RSA加密大量的数据。 ，看到这两个很棒的stacktexchange帖子：

   
   
   
   
   
   
   
   • 是RSA在类似ECB的模式下可以安全地进行批量加密？
   
   
   
   
   

   如果要加密大量数据，标准的进行方式是生成会话密钥（密码学使用一次的安全随机数）。用公钥加密会话密钥。然后使用未加密的会话密钥对对称算法（如AES）对文件（大量数据）进行加密。然后，将加密的会话密钥和加密数据完全存储在最终文件中。这就是PGP（或GnuPG）发送加密邮件时的方式。 SSL / TLS也以类似的方式工作。

   
   
   

   最后，正确使用加密技术是复杂的（几乎任何事情都可能造成安全漏洞：加密模式，填充等）。 。）所以我建议你非常小心，并确保您的代码将由有知识的密码事务的人审查。

   
   
   

   这是一段代码显示一般过程：

     // 1.生成一个会话密钥
    KeyGenerator keyGen = KeyGenerator.getInstance（AES ）; 
    keyGen.init（128）
    SecretKey sessionKey = keyGen.generateKey（）; 
    
    // 2.使用RSA公钥加密会话密钥
   密码rsaCipher = Cipher.getInstance（RSA）; 
    rsaCipher.init（Cipher.ENCRYPT_MODE，rsaPublicKey）
    byte [] encryptedSessionKey = rsaCipher.doFinal（sessionKey.getEncoded（））; 
    
    // 3.使用会话密钥（未加密）加密数据
   密码aesCipher = Cipher.getInstance（AES / CBC / PKCS5Padding）; 
    aesCipher.init（Cipher.ENCRYPT_MODE，sessionKey）; <  -  sessionKey是未加密的
    //会话密钥。 
    // ...使用aesCipher加密数据
    
    // 4.将加密的数据与加密的
    //会话密钥（encryptedSessionKey）一起保存。 
    //请注意，由于加密模式（CBC），
    //您还需要保存IV（初始化向量）。 
    // aesCipher.aesCipher.getParameters（）。 
    // getParametersSpec（IvParameters.class）.getIV（）; 
     

   
   

   I use CipherOutputStream to encryption and decryption file in java, but input file > 117 byte cannot encryption. I use RSA algorithm public key lenght 1024 byte.

   cipher.init(Cipher.ENCRYPT_MODE, secKey);
   
   String cleartextFile = "cleartext.txt";
   String ciphertextFile = "ciphertextSymm.txt";
   
   FileInputStream fis = new FileInputStream(cleartextFile);
   FileOutputStream fos = new FileOutputStream(ciphertextFile);
   CipherOutputStream cos = new CipherOutputStream(fos, cipher);
   
   byte[] block = new byte[8];
   int i;
   while ((i = fis.read(block)) != -1) {
         cos.write(block, 0, i);
   }
   cos.close();
   

   How to encryption input file length > 117 byte?

   解决方案

   You cannot encrypt a file using RSA because RSA (well, to be more precise, the implementation of RSA in Java) does not let you encrypt more data than the length of the key. For a 1024 bits key, you can only encrypt 1024 bits that is to say 128 bytes (actually a bit less for padding reasons).

   In all cases, it is bad practice to encrypt a large piece of data using a public-key algorithm (asymmetric cryptography) for two main reasons.

   1. The is no practical, appropriate and secure cryptographic mode/padding to encrypt large amounts of data using RSA (ie it is not really secure to do that).

   2. Public-key algorithms require a large key to be secure (1024 bits, 2048 bits) and are therefore much slower than symmetric-key algorithms (which only require 128 to 256 bits keys to be secure).

   If you want more details on why you should not use solely RSA to encrypt large amounts of data, see these two great stacktexchange posts :

   • How can I use asymmetric encryption, such as RSA, to encrypt an arbitrary length of plaintext?
   • Is RSA in a ECB-like-mode safe for bulk encryption?

   If you want to encrypt a large amount of data, the standard way to proceed is to generate a session key (a cryptographically secure random number used once). You encrypt the session key with the public key. Then you encrypt the file (the large amount of data) with a symmetric algorithm (such AES) using the unencrypted session key. You then store the encrypted session key and the encrypted data altogether in the final file. That's the way PGP (or GnuPG) proceeds when it sends an encrypted mail. SSL/TLS also works in a similar way.

   Lastly, properly using cryptography is complicated (pretty much anything can create a security flaw : encryption modes, padding, etc...) so I would advise you to be very careful and make sure your code is going to be reviewed by someone knowledgeable in crypto matters.

   Here is a piece of code that shows the general process :

   // 1. Generate a session key
   KeyGenerator keyGen = KeyGenerator.getInstance("AES");
   keyGen.init(128)
   SecretKey sessionKey = keyGen.generateKey();
   
   // 2. Encrypt the session key with the RSA public key
   Cipher rsaCipher = Cipher.getInstance("RSA");
   rsaCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey)
   byte[] encryptedSessionKey = rsaCipher.doFinal(sessionKey.getEncoded());
   
   // 3. Encrypt the data using the session key (unencrypted)
   Cipher aesCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
   aesCipher.init(Cipher.ENCRYPT_MODE, sessionKey); <-- sessionKey is the unencrypted
   //                                                   session key.
   // ... use aesCipher to encrypt your data
   
   // 4. Save the encrypted data along with the encrypted 
   // session key (encryptedSessionKey).
   // PLEASE NOTE THAT BECAUSE OF THE ENCRYPTION MODE (CBC),
   // YOU ALSO NEED TO ALSO SAVE THE IV (INITIALIZATION VECTOR).
   // aesCipher.aesCipher.getParameters().
   //     getParametersSpec(IvParameters.class).getIV();
   

   这篇关于如何进行文件的加密和解密？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！