使用 Windows 通过 TCP 流 BadPaddingException 发送由密钥编码的字符串

Question

我认为我在使用 writeUTF() 和 readUTF() 方法通过 TCP 连接发送加密字符串时遇到了特定于 Windows 操作系统 (windows 7) 的问题。

客户端和服务器首先使用私钥-公钥对建立连接。然后他们就用于进一步通信的共享密钥达成一致。当由共享密钥加密并通过 writeUTF() 和 readUTF() 发送的字符串填充错误时，就会出现此问题。它发生的第一个实例是使用 writeUTF() 方法从服务器向客户端发送加密确认。

这个问题只是偶尔出现！有时程序运行顺利完成，没有错误，但有时会抛出一个 BadPaddingException，说明在两个客户端都“给定最终块没有正确填充”：

            byte[] byteDecriptedAck = decryptCipher.doFinal(encryptedAck.getBytes());

和服务器端：

            byte[] byteDecriptedAck = decryptCipher.doFinal(encryptedPassword.getBytes());

在 OSX 操作系统上运行代码时不会出现此问题。因此，我认为这与windows如何表示UTF字符串，写入UTF字符串或读取UTF字符串有关。

我无法解决这个问题。任何帮助将不胜感激。

谢谢

客户端建立连接代码：

private void establishConnection() {
    try {
        int numBytesPubKey = in.readInt();
        byte[] bytesPubKey = new byte[numBytesPubKey];
        in.readFully(bytesPubKey, 0, numBytesPubKey);

        //get public key from server
        X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(bytesPubKey);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey pubKey = keyFactory.generatePublic(pubKeySpec);

        //generate secret key for communicating
        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
        keyGen.init(128); //key size
        SecretKey secretKey = keyGen.generateKey();
        byte[] encodedSecretKey = secretKey.getEncoded();

        //use public key to encode message containing secret key to send to server
        encryptCipher = Cipher.getInstance("RSA");
        encryptCipher.init(Cipher.ENCRYPT_MODE, pubKey);
        byte[] cipherData = encryptCipher.doFinal(encodedSecretKey);

        //send secret key to server encoded by servers public key
        out.writeInt(cipherData.length);
        out.write(cipherData, 0, cipherData.length);

        //read acknowledge from server
        SecretKeySpec secretKeySpec = new SecretKeySpec(encodedSecretKey,"AES");

        String encryptedAck = in.readUTF();
        decryptCipher = Cipher.getInstance("AES");
        decryptCipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
        byte[] byteDecriptedAck = decryptCipher.doFinal(encryptedAck.getBytes());

        if(!(new String(byteDecriptedAck).equals("ACK"))) {
            System.err.println("Server acknowledgement corrupted. Terminate communications.");
            System.exit(1);
        }

        //send password to server

        encryptCipher = Cipher.getInstance("AES");
        encryptCipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
        byte[] cipheredPassword = encryptCipher.doFinal("password".getBytes());
        out.writeUTF(new String(cipheredPassword));

    } catch (Exception e) {
        System.err.println(e.getMessage());
        e.printStackTrace();
    }
}

服务器端建立连接代码：

private void establishConnection() {
    try {
        //generate public/private key pair for communicating with initially
        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
        keyGen.initialize(1024, random);

        KeyPair pair = keyGen.generateKeyPair();
        PrivateKey privKey = pair.getPrivate();
        PublicKey pubKey = pair.getPublic();

        //send public key to client
        byte[] bytesPubKey = pubKey.getEncoded();
        out.writeInt(bytesPubKey.length);
        out.write(bytesPubKey, 0, bytesPubKey.length);

        //read in secret key to use for further communications
        int numBytesSecretKey = in.readInt();
        byte[] bytesSecretKey = new byte[numBytesSecretKey];
        in.readFully(bytesSecretKey, 0, numBytesSecretKey);

        decryptCipher = Cipher.getInstance("RSA");
        decryptCipher.init(Cipher.DECRYPT_MODE, privKey, decryptCipher.getParameters());
        byte[] byteDecriptedSecretKey = decryptCipher.doFinal(bytesSecretKey);
        SecretKeySpec secretKeySpec = new SecretKeySpec(byteDecriptedSecretKey,"AES");

        //send back acknowledgment encoded with secret key: ACK
        encryptCipher = Cipher.getInstance("AES");
        encryptCipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
        byte[] cipheredACK = encryptCipher.doFinal("ACK".getBytes());

        out.writeUTF(new String(cipheredACK));

        //read password from client
        String encryptedPassword = in.readUTF();
        decryptCipher = Cipher.getInstance("AES");
        decryptCipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
        byte[] byteDecriptedAck = decryptCipher.doFinal(encryptedPassword.getBytes());

        if(!(new String(byteDecriptedAck).equals("password"))) {
            System.err.println("Access Denied. Client password incorrect. Terminate communications.");
            System.exit(1);
        } else {
            System.err.println("Access Granted.");
        } 
    } catch (Exception e) {
        e.printStackTrace();
    }
} 

Answer 1

byte[] cipheredACK = encryptCipher.doFinal("ACK".getBytes());
out.writeUTF(new String(cipheredACK));

那是行不通的。 UTF 和 String 用于字符数据。这里有原始字节，不能解释为文本。

将它们作为二进制数据发送：

out.write(cipheredACK);

您看到 OS X 和 Windows 之间存在差异的原因是您在将字节强制转换为字符串时没有指定字符编码，因此它成为特定于平台的。如果这真的是字符数据，您可以将字符集传递给构造函数以使其与平台无关。但在你的情况下，无论如何它都不是字符数据，所以只使用字节。

另外，你为什么不直接使用 SSL？