1. 首頁
  2. 問答
  3. Java中的PBKDF2與Bouncy Castle vs .NET Rfc2898DeriveBytes?

Java中的PBKDF2與Bouncy Castle vs .NET Rfc2898DeriveBytes?

2011-06-15 90 views
3

我有一些使用PBKDF2生成密鑰的C#代碼。Java中的PBKDF2與Bouncy Castle vs .NET Rfc2898DeriveBytes?

//byte[] salt = new RNGCryptoServiceProvider().GetBytes(salt); 
byte[] salt = new byte[] { 19, 3, 248, 189, 144, 42, 57, 23 }; // for testing 

byte[] bcKey = new Rfc2898DeriveBytes("mypassword", salt, 8192).GetBytes(32);

這工作正常。我試圖用Bouncy Castle在Java中實現它。無法實現它(Java缺少無符號類型使得它更加惱人)。

SecureRandom random = new SecureRandom(); 
byte[] salt = u2s(new int[] { 19, 3, 248, 189, 144, 42, 57, 23 }); 
//random.nextBytes(salt); 

PBEParametersGenerator generator = new PKCS5S2ParametersGenerator(); 
generator.init(PBEParametersGenerator.PKCS5PasswordToUTF8Bytes(("BLK" + password).toCharArray()), salt, keyTransformationRounds); 
KeyParameter params = (KeyParameter)generator.generateDerivedParameters(keyLengthBits); 
byte[] bcKey = params.getKey(); 
int[] bcKeyU = s2u(bcKey); 
System.out.println(new String(Base64.encode(bcKey), "UTF-8")); 

// Helper functions because Java has no unsigned types 
// 
// EDIT: THESE FUNCTIONS ARE INCORRECT. 
// See my answer below for the correct versions. 
// 
static byte[] u2s(int[] unsignedArray) throws IOException 
{ 
    byte[] signedArray = new byte[unsignedArray.length]; 
    for (int i = 0; i < signedArray.length; i++) 
    { 
     if (unsignedArray[i] < 0 || unsignedArray[i] > 255) 
     { 
      throw new IOException("unsignedArray at " + i + " was not within the range 0 to 255."); 
     } 

     signedArray[i] = (byte)(unsignedArray[i] - 128); 
    } 

    return signedArray; 
} 

static int[] s2u(byte[] signedArray) 
{ 
    int[] unsignedArray = new int[signedArray.length]; 
    for (int i = 0; i < unsignedArray.length; i++) 
    { 
     unsignedArray[i] = (int)(signedArray[i] + 128); 
    } 

    return unsignedArray; 
}

生成的bcKey字節數組不同。我究竟做錯了什麼?我是否正在處理從無符號到正確簽名的轉換,還是不能按我的預期工作?

來源

2011-06-15 Jake Petroules

回答

1

我沒有正確處理簽名/未簽名的轉換。這裏有一些幫助函數演示整數數組(表示無符號字節數組)和有符號字節數組之間的轉換。

intsToBytes範圍以外的整數在0-255範圍內的檢查是不必要的,但可能有助於調試。

static byte[] intsToBytes(int[] ints) 
{ 
    byte[] bytes = new byte[ints.length]; 
    for (int i = 0; i < ints.length; i++) 
    { 
     if (ints[i] < 0 || ints[i] > 255) System.out.println(String.format("WARNING: ints at index %1$d (%2$d) was not a valid byte value (0-255)", i, ints[i])); 

     bytes[i] = (byte)ints[i]; 
    } 

    return bytes; 
} 

static int[] bytesToInts(byte[] bytes) 
{ 
    int[] ints = new int[bytes.length]; 
    for (int i = 0; i < bytes.length; i++) 
    { 
     ints[i] = bytes[i] & 0xff; 
    } 

    return ints; 
}

來源

2011-06-15 21:36:46

+0

不要這麼做,只是把它轉換成字節。 'signedArray [i] =(byte)unsignedArray [i]' – 2011-06-16 00:17:55

+0

它不會截斷超出範圍的數字嗎? – 2011-06-16 01:48:50

+0

是的,但這幾乎總是你想要的行爲。實際上,它只是將源的低8位複製到目的地。 – 2011-06-17 11:15:12

相關問題

 相關問題