我正在解密來自oracle數據庫的密碼,以便登錄頁面驗證用戶名和密碼。它是一種簡單的JSP頁面:JSP CODE dbms obfuscation toolkit.DESEncrypt DECRYPT Oracle
<HTML>
<BODY>
<%
Class.forName("oracle.jdbc.OracleDriver");
Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@xxx:xxxx:xxxx","i----r","i-----r");
// @//machineName:port:SID, userid, password
Statement st=conn.createStatement();
ResultSet rs=st.executeQuery("Select * from xxxxxxx");
//Just testing now, for decryption
String algorithm1 = "DES";//magical mystery constant
String algorithm2 = "DES/CBC/NoPadding";//magical mystery constant
IvParameterSpec iv = new IvParameterSpec(new byte [] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 });//magical mystery constant
Cipher cipher;
SecretKey key;
String k="12345abc";
key = new SecretKeySpec(k.getBytes(), algorithm1);
cipher = Cipher.getInstance(algorithm2);
String str="test1234abc";
cipher.init(Cipher.ENCRYPT_MODE, key, iv); //normally you could leave out the IvParameterSpec argument, but not with Oracle
byte[] bytes=str.getBytes("UTF-8");
byte[] encrypted = cipher.doFinal(bytes);
%>
</BODY>
</HTML>
我現在面臨的問題是,一切正常,但是代碼byte[] encrypted = cipher.doFinal(bytes);
最後一行給我一個錯誤:
javax.crypto.IllegalBlockSizeException: Input length not multiple of 8 bytes
at com.sun.crypto.provider.SunJCE_h.a(DashoA6275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA6275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA6275)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA6275)
at javax.crypto.Cipher.doFinal(DashoA6275)
at _check1._jspService(_check1.java:83) [SRC:/check1.jsp:45]
at com.orionserver[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
at oracle.jsp.runtimev2.JspPageTable.compileAndServe(JspPageTable.java:569)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:305)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:509)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:413)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:285)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:126)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
什麼可能導致這一點,我該如何解決它?
對於密碼驗證,我強烈建議不要使用加密/解密。相反,使用密碼散列函數和足夠長的鹽。然後比較哈希值以驗證密碼。 – Codo 2012-07-09 10:31:44
我不使用這種方法,我正在使用的公司正在使用它。我只需要開發一個jsp頁面,該頁面允許我通過從該數據庫獲取密碼來登錄,其中密碼已經存儲。然後這個jsp頁面將重定向到一個Oracle表單。你能改正這個代碼嗎? – Murtaza 2012-07-09 10:43:25
如果系統已經存在,那麼您需要從創建它的人那裏獲得更多信息。 DES要求數據大小爲8個字節的倍數。因此,如果加密不做任何填充,那麼您需要了解現有系統如何產生8個字節的倍數。此外,請確保您使用完全相同的參數來創建密鑰,加密密碼,初始化向量以及將基於字符的數據轉換爲二進制數據(是否真的是UTF-8?)。 – Codo 2012-07-09 11:45:25