使用 Java 和 Bouncy Castle 进行 Rijndael 256 加密

Question

我正在开发一个用纯 php 构建的项目，我正在对登录进行返工，但数据库中的用户是 Rijndael-256 中的密码，我尝试了很多东西，但似乎没有工作，我觉得我很接近这段代码，但它不起作用，我真的迷路了

private final String key = "...";

public String decrypt(String password, String cypherKey) {
    try {
        password = password.substring(0, password.lenght() - 1); // 1
        byte[] passwordBytes = password.getBytes("UTF-8");
        byte[] key = cypherKey.getBytes("UTF-8");

        RijndaelEngine rijndaelEngine = new RijndaelEngine(256);
        KeyParameter keyParam = new KeyParameter(key);
        rijndaelEngine.init(false, keyParam); // 2
        PaddedBufferedBlockCipher bufferedBlock = new PaddedBufferedBlockCipher(rijndaelEngine, new ZeroBytePadding());

        byte[] decryptedBytes = new byte[bufferedBlock.getOutputSize(passwordBytes.length)];
        int processed = bufferedBlock.processBytes(passwordBytes, 0, passwordBytes.length, decryptedBytes, 0);

        return String.valueOf(bufferedBlock.doFinal(decryptedBytes, processed));
    } catch (Exeption e) {
        e.printStackTrace();
    }

    return ""; // I know this is awful but i was trying something and left this like that
}

*1) 我不知道这是否正确，但所有加密密码都以等号结尾，我使用加密工具进行了测试，我认为不需要它

2) False为解密模式

堆栈跟踪：org.bouncycastle.crypto.DataLengthException：最后一个块在解密中不完整

我正在为这个解密工作两个星期，我真的很绝望:(

PHP 代码：

function fnEncrypt($sValue) 
{ 
    include("constants.php");

    return trim( 
        base64_encode( 
            mcrypt_encrypt( 

                MCRYPT_RIJNDAEL_256,
                $SecretKey, $sValue,
                MCRYPT_MODE_ECB,


                mcrypt_create_iv( 
                    mcrypt_get_iv_size( 
                        MCRYPT_RIJNDAEL_256,  
                        MCRYPT_MODE_ECB 
                    ),


                    MCRYPT_RAND) 
                ) 
            ) 
        ); 
} 

function fnDecrypt($sValue) 
{ 
    include("constants.php");

    return trim( 
        mcrypt_decrypt( 
            MCRYPT_RIJNDAEL_256,  
            $sSecretKey,  
            base64_decode($sValue),  
            MCRYPT_MODE_ECB, 

            mcrypt_create_iv(
                mcrypt_get_iv_size( 
                    MCRYPT_RIJNDAEL_256, 
                    MCRYPT_MODE_ECB 
                ),  
                MCRYPT_RAND 
            ) 
        ) 
    ); 
}

Answer 1

在decrypt-方法中，密文必须首先经过 Base64 解码 (1)。此外，解密文本的长度没有正确确定（2a），相应的字节数组的长度也没有相应调整（2b）。最后，从字节数组中确定 UTF8 字符串存在问题 (3)。修改decrypt-方法的主体如下：

//password = password.substring(0, password.lenght() - 1); // 1                             // Remove
//byte[] passwordBytes = password.getBytes("UTF-8");                                        // Remove
byte[] passwordBytes = Base64.getDecoder().decode(password);                                // Base64-decode the ciphertext (1)
byte[] key = cypherKey.getBytes("UTF-8");

RijndaelEngine rijndaelEngine = new RijndaelEngine(256);
KeyParameter keyParam = new KeyParameter(key);
rijndaelEngine.init(false, keyParam); // 2
PaddedBufferedBlockCipher bufferedBlock = new PaddedBufferedBlockCipher(rijndaelEngine, new ZeroBytePadding());

byte[] decryptedBytes = new byte[bufferedBlock.getOutputSize(passwordBytes.length)];
int processed = bufferedBlock.processBytes(passwordBytes, 0, passwordBytes.length, decryptedBytes, 0);
processed += bufferedBlock.doFinal(decryptedBytes, processed);                              // Refresh the parameter containing the length of the decrypted data (2a)
decryptedBytes = Arrays.copyOfRange(decryptedBytes, 0, processed);                          // Reduce the byte-array accordingly (2b)

//return String.valueOf(bufferedBlock.doFinal(decryptedBytes, processed));                  // Remove           
return new String(decryptedBytes, "UTF-8");                                                 // Create a UTF-8 string from the byte-array (3)

导入 java.util.Base64 和 org.bouncycastle.util.Arrays。

尽管这可能是遗留代码，但有两个关于安全性的注意事项：密码通常不应该加密，而是hashed。此外，ECB 是不安全的。

Answer 2

这是我的解决方案：

/**
     * Step 1: password and key are converted to bytes in order to be processed by the cypher.
     *
     * Step 2: a KeyParameter is created with the key bytes.
     *
     * Step 3: a PaddedBufferedBlockCipher statement is assigned with Rijndael 256 algorithm and ZeroBytePadding, this padder adds NULL byte padding to a block.
     *
     * Step 4: the bufferedBlockCipher is then initialized with parameters "true" meaning Encryption mode, and the KeyParameter.
     * This initialization prepares the bufferedBlock with the parameters needed for encryption.
     *
     * Step 5: a variable "buffer" stores the length in bytes the output should have
     *
     * Step 6: the processed bytes are calculated and stored, buffer now stores the value of the password
     *
     * Step 7: the encryption is finalized, the plus equals sign ensures that the output is multiple of 32
     *
     * Step 8: the buffer and processedBytes are converted into an array of bytes and then a String
     *
     * @param password
     *
     * @return
     */

    public String encrypt(String password) throws InvalidCipherTextException {
        byte[] data = password.getBytes();
        byte[] encryptionKey = key.getBytes();

        KeyParameter keyParameter = new KeyParameter(encryptionKey);

        PaddedBufferedBlockCipher bufferedBlockCipher = new PaddedBufferedBlockCipher(new RijndaelEngine(256), new ZeroBytePadding());
        bufferedBlockCipher.init(true, keyParameter);

        byte[] buffer = new byte[bufferedBlockCipher.getOutputSize(data.length)];
        int processedBytes = bufferedBlockCipher.processBytes(data, 0, data.length, buffer, 0);
        processedBytes += bufferedBlockCipher.doFinal(buffer, processedBytes);

        byte[] result = Arrays.copyOfRange(buffer, 0, processedBytes);
        String output = Base64.encodeBase64String(result);

        return output;
    }