解密（使用PHP）Java加密（PBEWithMD5AndDES） [英] Decrypt ( with PHP ) a Java encryption ( PBEWithMD5AndDES )

问题描述

有人要我用PHP解密用以下Java类加密的字符串。

Someone asked me to decrypt with PHP a string encrypted with the following Java Class.

public class CryptoLibrary {

private Cipher encryptCipher;
private sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();

public CryptoLibrary() throws SecurityException{

    java.security.Security.addProvider(new com.sun.crypto.provider.SunJCE());

    char[] pass = "NNSHHETJKKSNKH".toCharArray();
    byte[] salt = {
    (byte) 0xa3, (byte) 0x21, (byte) 0x24, (byte) 0x2c,
    (byte) 0xf2, (byte) 0xd2, (byte) 0x3e, (byte) 0x19 };

    init(pass, salt, iterations);

}

public void init(char[] pass, byte[] salt, int iterations)throws SecurityException{

        PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt, 20);
        SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
        SecretKey k = kf.generateSecret(new javax.crypto.spec.PBEKeySpec(pass));

        encryptCipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding");
        encryptCipher.init(Cipher.ENCRYPT_MODE, k, ps);
    }
}

public synchronized String encrypt(String str)  throws SecurityException{
    if(str!=null){
        byte[] utf8 = str.getBytes("UTF8");
        byte[] enc = encryptCipher.doFinal(utf8);
        return encoder.encode(enc);
    }
    else {
        return null;
    }
}
}

我不知道任何Java所以我需要一些帮助来理解这种加密。

I don't know any Java so I need some help to understand this encryption.

1）这条线的含义是什么？
PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec（salt，20）;

1) what is the meaning of this line? PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt,20);

2 ）我应该使用什么值作为第一个参数
string mcrypt_encrypt（string $ cipher，string $ key，string $ data，string $ mode [，string $ iv]）

2) what value should I use for the first parameter of string mcrypt_encrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] )

3）我什么时候应该在我的php脚本中使用MD5？

3) When should I use MD5 in my php script?

推荐答案

1）它创建了基于密码的加密的参数，包含在哈希计算中的salt，以及执行哈希方法的迭代次数（在它自己的输出上）。它用于打败彩虹表攻击，基本上攻击者必须通过相同的迭代次数来检查密码是否正确，并且他不能使用预先计算的表，因为每个密码的盐都不同（所以你看不到如果有人拥有与其他用户相同的密码。）

1) It creates the parameters for Password Based Encryption, the salt, which is included in the hash calculations, and the number of iterations that the hash method is executed (on it's own output). It is used to defeat rainbow table attacks, basically an attacker has to go through the same number of iterations to check if the password is correct, and he cannot use a precalculated table because the salt will be different for each password (so you cannot see if somebody has the same password as another user).

2）MCRYPT_DES，你需要MCRYPT_MODE_CBC用于模式，当然还需要PKCS＃5填充。

2) MCRYPT_DES, and you will need MCRYPT_MODE_CBC for the mode, and PKCS#5 padding of course.

3）只有当您完全确定其缺陷未暴露或绝对需要兼容性时。幸运的是，密钥派生函数相对安全。下载PHP的pbkdf1方法并将其放在那里 - 如果尚未包含的话。

3) Only when you are absolutely sure that its weaknesses are not exposed or when absolutely required for compatibility. Fortunately, it is relatively secure for key derivation functions. Download a pbkdf1 method for PHP and put it in there - if not already included.

这篇关于解密（使用PHP）Java加密（PBEWithMD5AndDES）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！