Android：加密字符串、通过 HTTPS 发送和解密字符串问题

Question

我必须加密一个字符串才能通过 HTTPS 发送到服务器。然后，在服务器端，我必须解密字符串并使用它。

我在两边都使用了这段代码：

public class SimpleCrypto {

public static String encrypt(String seed, String cleartext) throws Exception {

    byte[] rawKey = getRawKey(seed.getBytes());

    byte[] result = encrypt(rawKey, cleartext.getBytes());

    return toHex(result);
}

public static String decrypt(String seed, String encrypted) throws Exception {

    byte[] rawKey = getRawKey(seed.getBytes());

    byte[] enc = toByte(encrypted);

    byte[] result = decrypt(rawKey, enc);

    return new String(result);
}

private static byte[] getRawKey(byte[] seed) throws Exception {

    KeyGenerator kgen = KeyGenerator.getInstance("AES");

    SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");

    sr.setSeed(seed);

    kgen.init(128, sr); // 192 and 256 bits may not be available

    SecretKey skey = kgen.generateKey();

    byte[] raw = skey.getEncoded();

    return raw;
}


private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception {

    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");

    Cipher cipher = Cipher.getInstance("AES");

    cipher.init(Cipher.ENCRYPT_MODE, skeySpec);

    byte[] encrypted = cipher.doFinal(clear);

    return encrypted;
}

private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception {

    SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");

    Cipher cipher = Cipher.getInstance("AES");

    cipher.init(Cipher.DECRYPT_MODE, skeySpec);

    byte[] decrypted = cipher.doFinal(encrypted);

    return decrypted;
}

public static String toHex(String txt) {

    return toHex(txt.getBytes());
}
public static String fromHex(String hex) {

    return new String(toByte(hex));
}

public static byte[] toByte(String hexString) {

    int len = hexString.length()/2;

    byte[] result = new byte[len];

    for (int i = 0; i < len; i++)
        result[i] = Integer.valueOf(hexString.substring(2*i, 2*i+2), 16).byteValue();

    return result;
}

public static String toHex(byte[] buf) {

    if (buf == null)
        return "";

    StringBuffer result = new StringBuffer(2*buf.length);

    for (int i = 0; i < buf.length; i++) {
            appendHex(result, buf[i]);
    }

    return result.toString();
}

private final static String HEX = "0123456789ABCDEF";

private static void appendHex(StringBuffer sb, byte b) {

    sb.append(HEX.charAt((b>>4)&0x0f)).append(HEX.charAt(b&0x0f));
}

}

在 android 上，使用 rawKey 给我的“123456789”作为种子：

[99, 51, -103, -58, 81, -52, 90, -103, -114, 70, -128, -25, -105, -124, -128, -67]

但是在服务器端，使用相同的种子，给我：

[-52、103、4、60、123、-49、-11、-18、-91、86、107、-39、-79、-13、-57、79]

我不明白为什么。 Android 上的 javax.crypto.KeyGenerator 有什么不同吗？我做错了什么？

拜托，我需要一些帮助。

非常感谢

对不起我的英语不好

------------------更新----------------- ---------------------------------------

这是我的新代码：

public class DesEncrypter {

    public static final int SALT_LENGTH = 20;
    public static final int PBE_ITERATION_COUNT = 1024;

    private static final String RANDOM_ALGORITHM = "SHA1PRNG";
    private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";


    public byte[] encrypt(String password, String cleartext) {

        byte[] encryptedText = null;

        try {
            byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();

            PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);

            SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHSHAAND256BITAES-CBC-BC");

            SecretKey tmp = factory.generateSecret(pbeKeySpec);

            SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

            byte[] key = secret.getEncoded();

            Cipher encryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);   

            byte[] iv = generateIv();

            IvParameterSpec ivspec = new IvParameterSpec(iv);

            encryptionCipher.init(Cipher.ENCRYPT_MODE, secret, ivspec);

            encryptedText = encryptionCipher.doFinal(cleartext.getBytes());

        } catch (Exception e) {
            e.printStackTrace();
        }

        return encryptedText;
    }

    public String decrypt(String password, byte[] encryptedText) {

        String cleartext = "";

        try {
            byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();

            PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);

            SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHSHAAND256BITAES-CBC-BC");

            SecretKey tmp = factory.generateSecret(pbeKeySpec);

            SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

            byte[] key = secret.getEncoded();

            Cipher decryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);

            byte[] iv = generateIv();

            IvParameterSpec ivspec = new IvParameterSpec(iv);

            decryptionCipher.init(Cipher.DECRYPT_MODE, secret, ivspec);

            byte[] decryptedText = decryptionCipher.doFinal(encryptedText);

            cleartext =  new String(decryptedText); 

        } catch (Exception e) {
            e.printStackTrace();
        }

        return cleartext;
    }   

    private byte[] generateIv() throws NoSuchAlgorithmException {

        SecureRandom random = SecureRandom.getInstance(RANDOM_ALGORITHM);

        byte[] iv = new byte[16];

        random.nextBytes(iv);

        return iv;
    }

}

----------------最终代码可在安卓上运行！------------- -------------------

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

public class DesEncrypter {

    public static final int SALT_LENGTH = 20;
    public static final int PBE_ITERATION_COUNT = 200; //1024;

    private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";

    //algoritmo / modo / relleno 
    private static final String CIPHER_ALGORITHM = "AES/CBC/PKCS5Padding";

    byte[] iv = "1234567890asdfgh".getBytes();

    byte[] salt = "dfghjklpoiuytgftgyhj".getBytes();

    public byte[] encrypt(String password, String cleartext) {

        byte[] encryptedText = null;

        try {


            PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);

            //Factoria para crear la SecretKey, debemos indicar el Algoritmo
            SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGORITHM);

            SecretKey tmp = factory.generateSecret(pbeKeySpec);

            //Creamos una llave;
            SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

            //Obtenemos la llave, solo informativo
            byte[] key = secret.getEncoded();

            //La clase Cipher, se usa para cifrar mediante algoritmos de  clave simétrica
            Cipher encryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);   

            //byte[] iv = generateIv();

            IvParameterSpec ivspec = new IvParameterSpec(iv);

            //Accion, SecretKey, parameter specification for an initialization vector
            encryptionCipher.init(Cipher.ENCRYPT_MODE, secret, ivspec);

            //Realizamos el cifrado
            encryptedText = encryptionCipher.doFinal(cleartext.getBytes());

        } catch (Exception e) {
            e.printStackTrace();
        }

        return encryptedText;
    }

    public String decrypt(String password, byte[] encryptedText) {

        String cleartext = "";

        try {

            PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray(), salt, PBE_ITERATION_COUNT, 256);

            //Factoria para crear la SecretKey, debemos indicar el Algoritmo
            SecretKeyFactory factory = SecretKeyFactory.getInstance(PBE_ALGORITHM);

            SecretKey tmp = factory.generateSecret(pbeKeySpec);

            //Creamos una llave;
            SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");

            //Obtenemos la llave, solo informativo
            byte[] key = secret.getEncoded();

            //La clase Cipher, se usa para cifrar mediante algoritmos de  clave simétrica
            Cipher decryptionCipher = Cipher.getInstance(CIPHER_ALGORITHM);

            //byte[] iv = generateIv();

            IvParameterSpec ivspec = new IvParameterSpec(iv);

            //Accion, SecretKey, parameter specification for an initialization vector
            decryptionCipher.init(Cipher.DECRYPT_MODE, secret, ivspec);

            //Realizamos el descifrado
            byte[] decryptedText = decryptionCipher.doFinal(encryptedText);

            cleartext =  new String(decryptedText); 

        } catch (Exception e) {
            e.printStackTrace();
        }

        return cleartext;
    }      
}

Answer 1

如果您首先使用 SSL，为什么要加密？ HTTPS (SSL) 将加密传输中的数据，并在服务器上自动解密。此外，您的自定义加密方案很可能不如 SSL 安全。

您的错误在于您获取密钥的方式：setSeed() 不会替换随机数生成器的状态，它只会增加它。这意味着即使您将相同的字节传递给setSeed()，generateKey() 也很可能会生成不同的密钥。使用PBE（基于密码的加密）类从密码派生密钥。或者确保您的服务器和客户端以其他方式使用相同的密钥。

这里是从密码生成密钥的示例（适用于 Android）。您需要找到一种在 Android 和您的服务器上都支持的 PBE 算法。如果您在服务器应用程序中使用 JCE Bouncy Castle 提供程序，它应该支持与 Android 相同的算法（Android 将 Bouncy Castle 用于其 JCE 实现的一部分）。

SecretKeyFactory factory = 
    SecretKeyFactory.getInstance("PBEWITHSHAAND256BITAES-CBC-BC");
KeySpec spec = new PBEKeySpec("password".toCharArray(), salt, 1024, 256);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");