Bouncy Castle在CBC模式下使用AES進行基於密碼的加密

Question

我最近遇到了一段代碼，它在CBC模式下使用帶有AES的BouncyCastle PBE（「PBEWithSHA1And256BitAES-CBC-BC」）。

public static final String ALGORITHM = "PBEWithSHA1And256BitAES-CBC-BC"; 

public static byte[] encrypt(final byte[] key, final byte[] salt, final byte[] plainText) throws CryptoException { 
    try { 
     // Create the encryption key 
     final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM, "BC"); 
     final PBEKeySpec keySpec = new PBEKeySpec(new String(key).toCharArray()); 
     final SecretKey secretKey = keyFactory.generateSecret(keySpec); 

     // Encrypt the plain text 
     final PBEParameterSpec cipherSpec = new PBEParameterSpec(salt, ITERATIONS); 
     final Cipher cipher = Cipher.getInstance(ALGORITHM, "BC"); 
     cipher.init(Cipher.ENCRYPT_MODE, secretKey, cipherSpec); 
     final byte[] encryptedBytes = cipher.doFinal(plainText); 

     return encryptedBytes; 

    } catch (final Throwable t) { 
     throw new CryptoException(t.toString()); 
    } 
} 

正如您所見，此代碼沒有指定正確的IV來執行AES CBC加密。

我不知道如何指定salt，迭代次數和要使用的密碼爲的密碼。

我該怎麼做？

謝謝。

Answer 1

我認爲如果你想使用IV，你需要生成一個隨機密鑰並在你現在加密純文本的位置進行加密。然後可以使用它來加密數據，使用IvParameterSpec指定IV。當然，您需要將加密的密鑰和IV存儲在您已加密的數據旁邊。這隻有在您使用相同的密鑰加密多個明文時纔是必需的。

Answer 2

可以使用jasypt（java的簡單加密）PBEWithSHA1And256BitAES-CBC-BC

示例代碼示出如下：

StandardPBEStringEncryptor myFirstEncryptor = new StandardPBEStringEncryptor();                          
myFirstEncryptor.setProvider(new BouncyCastleProvider());                          

myFirstEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC");                       




FixedStringSaltGenerator generator = new FixedStringSaltGenerator();                       
generator.setSalt("justAnotherSaltforGX"); 
//myFirstEncryptor.setSaltGenerator(new ZeroSaltGenerator());                          

myFirstEncryptor.setSaltGenerator(generator);                              

myFirstEncryptor.setKeyObtentionIterations(1);                            
String myPassword="creditCard";                                
myFirstEncryptor.setPassword(myPassword);                              


String myText="Redeem Gacha ";                           
String myFirstEncryptedText = myFirstEncryptor.encrypt(myText);                        

System.out.println("myFirstEncryptedText AES encrypt=="+myFirstEncryptedText);                    

System.out.println("myFirstEncryptedText AES decrypt =="+myFirstEncryptor.decrypt(myFirstEncryptedText)); 

Answer 3

使用Jasypt和BouncyCastle的1.51（SpongyCastle），我可以使用以下

Algorithm: PBEWITHSHAAND128BITAES-CBC-BC 
Algorithm: PBEWITHSHAAND192BITAES-CBC-BC 
Algorithm: PBEWITHSHAAND256BITAES-CBC-BC 
Algorithm: PBEWITHSHA256AND128BITAES-CBC-BC 
Algorithm: PBEWITHSHA256AND192BITAES-CBC-BC 
Algorithm: PBEWITHSHA256AND256BITAES-CBC-BC 
Algorithm: PBEWITHMD5AND128BITAES-CBC-OPENSSL 
Algorithm: PBEWITHMD5AND192BITAES-CBC-OPENSSL 
Algorithm: PBEWITHMD5AND256BITAES-CBC-OPENSSL 
Algorithm: PBEWITHMD5AND128BITAES-CBC-OPENSSL 
Algorithm: PBEWITHMD5AND192BITAES-CBC-OPENSSL 
Algorithm: PBEWITHMD5AND256BITAES-CBC-OPENSSL 
Algorithm: PBEWITHSHAAND128BITAES-CBC-BC 
Algorithm: PBEWITHSHAAND192BITAES-CBC-BC 
Algorithm: PBEWITHSHAAND256BITAES-CBC-BC 
Algorithm: PBEWITHSHA256AND128BITAES-CBC-BC 
Algorithm: PBEWITHSHA256AND192BITAES-CBC-BC 
Algorithm: PBEWITHSHA256AND256BITAES-CBC-BC 

而且這種方式是很容易

StandardPBEByteEncryptor strongBinaryEncryptor = new StandardPBEByteEncryptor(); 
    strongBinaryEncryptor.setAlgorithm("PBEWITHSHAAND192BITAES-CBC-BC"); 
    strongBinaryEncryptor.setKeyObtentionIterations(1000); 
    strongBinaryEncryptor.setProviderName(BouncyCastleProvider.PROVIDER_NAME); 
    strongBinaryEncryptor.setPassword(password); 

    byte[] encryptedBytes = strongBinaryEncryptor.encrypt(password); 

您也可以設置SaltGenerator。