我可以使用标准Java Cipher API使用BouncyCastle的Tweakable Block Ciphers吗? [英] Can I use BouncyCastle's Tweakable Block Ciphers using the standard Java Cipher API?
问题描述
BouncyCastle提供了Threefish的实现,可以将调整作为参数:
BouncyCastle provides an implementation of Threefish, which can take a tweak as a parameter:
ThreeFishEngine engine = new ThreeFishEngine(256);
engine.init(true, new TweakableBlockCipherParams(...));
然而, TweakableBlockCipherParams 与 AlgorithmParameter Java默认 Cipher 实例使用的类型。
However, TweakableBlockCipherParams is not compatible with the AlgorithmParameter type that is used by instances of Java's default Cipher.
有没有办法通过调整来初始化这个密码?
Is there a way to initialize this cipher with a tweak?
Cipher cipher = Cipher.getInstance("Threefish-256/CBC/NoPadding");
cipher.init(???);
推荐答案
你只能使用Bouncy Castle的 Threefish <如果您不希望在加密期间使用 tweak 参数,则可以通过Java的加密API实现/ em>算法。通过Java的API,您只能引入键和初始化向量参数,但这不会被用作调整参数(我解释了为什么在代码示例之后,请参阅下面)。
You can only use Bouncy Castle's Threefish algorithm through Java's cryptography API if you don't want to use a tweak parameter during ciphering. Through Java's API you can only introduce a key and an initialization vector parameter, but this won't be used as a tweak parameter (I explained why after the code example, see below).
另外,为了使下面的例子工作,你必须使用Java Cryptography Extension(JCE)Unlimited Strength Jurisdiction Policy Files更新你的JRE / JDK,你可以从此处下载。 Java 7和8有不同的版本。
Also, for the below example to work you have to update your JRE/JDK with the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files which you can download from here. There are different versions for Java 7 and 8.
如果您不想使用tweak参数,可以通过标准加密API使用Threefish算法。
If you don't want to use a tweak parameter you can use the Threefish algorithm through the standard crypto API like this.
static final BouncyCastleProvider PROVIDER = new BouncyCastleProvider();
public static void main(String[] args) throws Exception {
KeyGenerator kg = KeyGenerator.getInstance("Threefish-1024", PROVIDER);
kg.init(1024);
SecretKey key = kg.generateKey();
byte[] plaintext = "Hi! I'm cat!".getBytes();
byte[] ciphertext = encrypt(key, plaintext);
System.out.println(new String(decrypt(key, ciphertext)));
// prints "Hi! I'm cat!"
}
static byte[] encrypt(SecretKey key, byte[] plaintext) throws Exception {
return encryptOrDecrypt(true, key, plaintext);
}
static byte[] decrypt(SecretKey key, byte[] ciphertext) throws Exception {
return encryptOrDecrypt(false, key, ciphertext);
}
static byte[] encryptOrDecrypt(boolean encrypt, SecretKey key, byte[] bytes) throws Exception {
Cipher cipher = Cipher.getInstance("Threefish-1024/CBC/PKCS5Padding", PROVIDER);
// note that we are creating a dummy iv parameter, in this case it
// should be 128 bytes long, because if it's not an exception is raised
cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, key, new IvParameterSpec(new byte[128]));
return cipher.doFinal(bytes);
}
我已经下载了一个带有调试符号从这里并调试上面的代码。对 Cipher.init 的调用登陆 Threefish.init 和变量<$ c $在我们的例子中,c> params 将是 KeyParameter 的实例,而不是 TweakableBlockCipherParameters 。因此, tweakBytes 将为空,并且在加密期间不会使用。
I've downloaded a Bouncy Castle JAR with debug symbols from here and debugged the above code. The call to Cipher.init lands in Threefish.init and the variable params will be an instance of KeyParameter and not TweakableBlockCipherParameters in our case. So, tweakBytes will be null and won't be used during ciphering.
知道这一点,正确现在不可能使用Java API将tweak参数提供给底层的Threefish密码引擎。
Knowing this, right now it's impossible to use the Java API to supply the tweak parameter to the underlying Threefish cipher engine.
这篇关于我可以使用标准Java Cipher API使用BouncyCastle的Tweakable Block Ciphers吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
