有没有区别,如果我启动AES密码,有和没有IvParameterSpec [英] Is there any difference, if I init AES cipher, with and without IvParameterSpec
问题描述
使用IvParameterSpec
SecretKeySpec skeySpec = new SecretKeySpec(key,AES);
密码密码= Cipher.getInstance(AES / CBC / PKCS5Padding);
cipher.init(Cipher.ENCRYPT_MODE,skeySpec,new IvParameterSpec(new byte [16]));
没有IvParameterSpec
code> SecretKeySpec skeySpec = new SecretKeySpec(key,AES);
密码密码= Cipher.getInstance(AES / CBC / PKCS5Padding);
cipher.init(Cipher.ENCRYPT_MODE,skeySpec);
我用一些样本测试数据进行了测试,他们的加密和解密结果相同。
然而,由于我不是安全专家,我不想错过任何东西,并创造一个潜在的安全漏洞。我正在想,这是正确的方法吗?
有一点背景(对不起,如果你已经知道了,这只是值得确保我们使用相同的术语):
- AES是一种块密码,加密算法对128位块进行操作。
- CBC是一种使用块密码加密大量数据的块加密模式。 / li>
- 块密码模式需要一个初始化向量(IV),它是初始化数据块,通常与底层密码的块大小相同。 / li>
(关于块密码模式的维基百科 - http://en.wikipedia.org/wiki/Block_cipher_mode - 真的很好,并说明你为什么需要一个IV。)
不同的块模式对IV选择过程施加不同的要求,但是它们是a将有一个共同点:
您绝对不得使用相同的IV和密钥加密两个不同的消息。
如果您攻击者通常可以得到你的明文,有时是你的密钥(或者等价的有用的数据)。
CBC附加了一个约束条件,即IV必须是不可预知的一个攻击者 - 所以artjom-b的建议是使用 SecureRandom 来生成它是一个很好的例子。
此外,如artjob-b指出,CBC只给你保密。这在实践中意味着你的数据是保密的,但不能保证它的数据是一体的。理想情况下,您应该使用经认证的模式,例如GCM,CCM或EAX。
使用这些模式之一是真的很好,。即使是专家,加密 - 然后MAC也是笨重的;如果可以的话避免它。 (如果您必须这样做,请记住,必须使用不同的密钥进行加密和MAC。)
I was wondering, is there any difference, if I init AES cipher, with and without IvParameterSpec?
With IvParameterSpec
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[16]));
Without IvParameterSpec
SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
I tested with some sample test data, their encryption and decryption result yield the same.
However, since I'm not the security expert, I don't want to miss out anything, and create a potential security loop hole. I was wondering, which is the correct way?
A bit of background (I'm sorry if you already know this, it's just worth making sure we're using the same terminology):
- AES is a block cipher, an encryption algorithm that operates on 128-bit blocks.
- CBC is a block cipher mode, a way of using a block cipher to encrypt large amounts of data.
- Block cipher modes need an initialisation vector (IV), which is a block of initialisation data, usually the same size as the block size of the underlying cipher.
(The Wikipedia on block cipher modes - http://en.wikipedia.org/wiki/Block_cipher_mode - is really good, and makes it clear why you need an IV.)
Different block modes impose different requirements on the IV selection process, but they all have one thing in common:
You must never encrypt two different messages with the same IV and key. If you do, an attacker can usually get your plaintext, and sometimes your key (or equivalently useful data).
CBC imposes an additional constraint, which is that the IV must be unpredictable to an attacker - so artjom-b's suggestion of using a SecureRandom to generate it is a good one.
Additionally, as artjob-b points out, CBC only gives you confidentiality. What that means in practice is that your data is kept secret, but there's no guarantee that it arrives in one piece. Ideally, you should use an authenticated mode, such as GCM, CCM, or EAX.
Using one of these modes is a really, really good idea. Encrypt-then-MAC is unwieldy even for the experts; avoid it if you can. (If you have to do it, remember that you must use different keys for encryption and MAC.)
这篇关于有没有区别,如果我启动AES密码,有和没有IvParameterSpec的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
