2014-10-03 173 views
3

我正在爲三種平臺(Android,ios和WP8)開發應用程序。此應用程序連接到服務器並使用AES進行安全。AES加密Java到iOs - 使用密碼,iv和鹽

我已經爲Android和Windows Phone準備好了一個測試版,並且使用android代碼生成的代碼(在base64中)使用wp代碼進行解碼,反之亦然。

但是,在iOs我得到了相同的鹽,關鍵和四的其他響應。這是我的Android代碼:

public static SecretKeySpec generateKey(char[] password, byte[] salt) throws Exception { 
     SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); 
     KeySpec spec = new PBEKeySpec(password, salt, 1024, 128); 
     SecretKey tmp = factory.generateSecret(spec); 
     SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES"); 
     return secret; 
    } 

public static Map encrypt(String cleartext, byte[] iv, SecretKeySpec secret) throws Exception { 
    Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); 
    // If the IvParameterSpec argument is omitted (null), a new IV will be 
    // created 
    cipher.init(Cipher.ENCRYPT_MODE, secret, iv == null ? null : new IvParameterSpec(iv)); 
    AlgorithmParameters params = cipher.getParameters(); 
    byte[] usediv = params.getParameterSpec(IvParameterSpec.class).getIV(); 
    byte[] ciphertext = cipher.doFinal(cleartext.getBytes("UTF-8")); 
    Map result = new HashMap(); 
    result.put(IV, usediv); 
    result.put(CIPHERTEXT, ciphertext); 
    return result; 
} 


public static String decrypt(byte[] ciphertext, byte[] iv, SecretKeySpec secret) throws Exception { 
    Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding"); 
    cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv)); 
    String plaintext = new String(cipher.doFinal(ciphertext), "UTF-8"); 
    return plaintext; 
} 

public static void main(String arg) throws Exception { 
    byte[] salt = new byte[] { -11, 84, 126, 65, -87, -104, 120, 33, -89, 19, 57, -6, -27, -19, -101, 107 }; 



    byte[] interop_iv = Base64.decode("xxxxxxxxxxxxxxx==", Base64.DEFAULT); 
    byte[] iv = null; 
    byte[] ciphertext; 
    SecretKeySpec secret; 
    secret = generateKey("xxxxxxxxxxxxxxx".toCharArray(), salt); 
    Map result = encrypt(arg, iv, secret); 
    ciphertext = (byte[]) result.get(CIPHERTEXT); 
    iv = (byte[]) result.get(IV); 
    System.out.println("Cipher text:" + Base64.encode(ciphertext, Base64.DEFAULT)); 
    System.out.println("IV:" + Base64.encode(iv, Base64.DEFAULT) + " (" + iv.length + "bytes)"); 
    System.out.println("Key:" + Base64.encode(secret.getEncoded(), Base64.DEFAULT)); 
    System.out.println("Deciphered: " + decrypt(ciphertext, iv, secret)); 

    // Interop demonstration. Using a fixed IV that is used in the C# 
    // example 
    result = encrypt(arg, interop_iv, secret); 
    ciphertext = (byte[]) result.get(CIPHERTEXT); 
    iv = (byte[]) result.get(IV); 

    String text = Base64.encodeToString(ciphertext, Base64.DEFAULT); 

    System.out.println(); 
    System.out.println("--------------------------------"); 
    System.out.println("Interop test - using a static IV"); 
    System.out.println("The data below should be used to retrieve the secret message by the receiver"); 
    System.out.println("Cipher text: " + text); 
    System.out.println("IV:   " + Base64.encodeToString(iv, Base64.DEFAULT)); 
    decrypt(Base64.decode(text, Base64.DEFAULT), iv, secret); 
} 

,這是我的IOS代碼...我設置靜態IV和鹽像Android的代碼...但沒有發現:

- (NSData*)encryptData:(NSData*)data :(NSData*)key :(NSData*)iv 
{ 
    size_t bufferSize = [data length]*2; 
    void *buffer = malloc(bufferSize); 
    size_t encryptedSize = 0; 
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, 
              [key bytes], [key length], [iv bytes], [data bytes], [data length], 
              buffer, bufferSize, &encryptedSize); 
    if (cryptStatus == kCCSuccess) 
     return [NSData dataWithBytesNoCopy:buffer length:encryptedSize]; 
    else 
     free(buffer); 
    return NULL; 
} 

// =================== 

- (NSData *)encryptedDataForData:(NSData *)data 
         password:(NSString *)password 
           iv:(NSData *)iv 
          salt:(NSData *)salt 
          error:(NSError *)error { 

    NSData *key = [self AESKeyForPassword:password salt:salt]; 
    size_t outLength = 0; 
    NSMutableData * 
    cipherData = [NSMutableData dataWithLength:data.length + 
        kAlgorithmBlockSize]; 

    const unsigned char iv2[] = {68, 55, -98, -59, 22, -25, 55, -50, -101, -25, 53, 30, 42, -20, -107, 4}; 

    CCCryptorStatus 
    result = CCCrypt(kCCEncrypt, // operation 
        kAlgorithm, // Algorithm 
        kCCOptionPKCS7Padding, // options 
        key.bytes, // key 
        key.length, // keylength 
        iv2,// iv 
        data.bytes, // dataIn 
        data.length, // dataInLength, 
        cipherData.mutableBytes, // dataOut 
        cipherData.length, // dataOutAvailable 
        &outLength); // dataOutMoved 

    if (result == kCCSuccess) { 
     cipherData.length = outLength; 
    } 
    else { 
     if (error) { 
      error = [NSError errorWithDomain:kRNCryptManagerErrorDomain 
             code:result 
            userInfo:nil]; 
     } 
     return nil; 
    } 

    return cipherData; 
} 

// =================== 

- (NSData *)randomDataOfLength:(size_t)length { 
    NSMutableData *data = [NSMutableData dataWithLength:length]; 

    int result = SecRandomCopyBytes(kSecRandomDefault, 
            length, 
            data.mutableBytes); 
    NSAssert(result == 0, @"Unable to generate random bytes: %d", 
      errno); 

    return data; 
} 

// =================== 

// Replace this with a 10,000 hash calls if you don't have CCKeyDerivationPBKDF 
- (NSData *)AESKeyForPassword:(NSString *)password 
         salt:(NSData *)salt { 
    NSMutableData * 
    derivedKey = [NSMutableData dataWithLength:kAlgorithmKeySize]; 

    int 
    result = CCKeyDerivationPBKDF(kCCPBKDF2,   // algorithm 
            password.UTF8String, // password 
            [password lengthOfBytesUsingEncoding:NSUTF8StringEncoding], // passwordLength 
            salt.bytes,   // salt 
            salt.length,   // saltLen 
            kCCPRFHmacAlgSHA1, // PRF 
            kPBKDFRounds,   // rounds 
            derivedKey.mutableBytes, // derivedKey 
            derivedKey.length); // derivedKeyLen 
    // Do not log password here 
    NSAssert(result == kCCSuccess, 
      @"Unable to create AES key for password: %d", result); 

    return derivedKey; 
} 

我數據轉換爲Base64如下:

NSString* dataStr = [encryptedData base64EncodedStringWithOptions:0]; 
    NSLog(@"%@", dataStr); 

SOLUTION

決賽我在Android和WP上使用此代碼:http://www.dfg-team.com/en/secure-data-on-windows-phone-with-aes-256-encryption/

+1

我沒有看到IOS Base64編碼的算法配置。 – zaph 2014-10-05 01:14:14

+0

好吧,所以我認爲「它不工作」是最糟糕的錯誤描述,但我想「我正在得到其他答案」和「但未找到」,現在佔據榜首位置。請準確描述發生了什麼。 – 2014-10-05 11:37:48

+0

等一下,那太快了。你的'generateKey'方法在哪裏?你是否證實了你的加密程序的輸入參數在兩邊是相同的(在調用之前通過記錄明文,密鑰和IV的十六進制?) – 2014-10-05 11:42:20

回答

1

在過去,我已經有一個像你這樣的問題。我剛剛發現使用此lib中的解決方案:https://github.com/dev5tec/FBEncryptor

不要忘記驗證文件FBEncryptorAES.h

+0

謝謝桑德羅,我在這裏得到的解決方案http: //www.dfg-team.com/en/secure-data-on-windows-phone-with-aes-256-encryption/,現在,我知道很多,如果你有問題,告訴我。 – 2014-10-20 12:02:51