在 java/android 中使用 CBC 和 PKCS5/7Padding 使用充气城堡进行 AES 加密答案

【问题标题】：AES Encryption using CBC and PKCS5/7Padding using bouncy castle in java/android在 java/android 中使用 CBC 和 PKCS5/7Padding 使用充气城堡进行 AES 加密
【发布时间】：2016-09-13 15:52:17
【问题描述】：

我找到了这个关于 java bouncy castle https://www.bouncycastle.org/fips/BCUserGuide.pdf的指南

我尝试使用 CBC 和 PKCS5/7Padding 运行以下示例 3.3.1 AES 加密：

static byte[] encryptBytes(FipsOutputEncryptor outputEncryptor, byte[] plainText) throws IOException
 {
 ByteArrayOutputStream bOut = new ByteArrayOutputStream();
 CipherOutputStream encOut = outputEncryptor.getEncryptingStream(bOut);
 encOut.update(plainText);
 encOut.close();
 return bOut.toByteArray();
 }

static byte[] decryptBytes(FipsInputDecryptor inputDecryptor,
 byte[] cipherText) throws IOException
 {
 ByteArrayOutputStream bOut = new ByteArrayOutputStream();
 InputStream encIn = inputDecryptor.getDecryptingStream(
 new ByteArrayInputStream(cipherText));
 int ch;
 while ((ch = encIn.read()) >= 0)
 {
 bOut.write(ch);
 }
 return bOut.toByteArray();
 }


// 3.3.1 AES Encryption using CBC and PKCS5/7Padding
     // ensure a FIPS DRBG in use.
     CryptoServicesRegistrar.setSecureRandom(
     FipsDRBG.SHA512_HMAC.fromEntropySource(
     new BasicEntropySourceProvider(new SecureRandom(), true))
     .build(null, true));
     byte[] iv = new byte[16];
     CryptoServicesRegistrar.getSecureRandom().nextBytes(iv);
     FipsSymmetricKeyGenerator<SymmetricSecretKey> keyGen =
     new FipsAES.KeyGenerator(128,
    CryptoServicesRegistrar.getSecureRandom());
     SymmetricSecretKey key = keyGen.generateKey();
     FipsSymmetricOperatorFactory<FipsAES.Parameters> fipsSymmetricFactory =
     new FipsAES.OperatorFactory();
     FipsOutputEncryptor<FipsAES.Parameters> outputEncryptor =
     fipsSymmetricFactory.createOutputEncryptor(key,
     FipsAES.CBCwithPKCS7.withIV(iv));

     byte[] output = encryptBytes(outputEncryptor, new byte[16]);
     FipsInputDecryptor<FipsAES.Parameters> inputDecryptor =
     fipsSymmetricFactory.createInputDecryptor(key,
     FipsAES.CBCwithPKCS7.withIV(iv));
     byte[] plain = decryptBytes(inputDecryptor, output);

并且代码无法编译。

我在类路径中添加了以下库

bcprov-jdk15on-155.jar
bcmail-jdk15on-155.jar
bcpg-jdk15on-155.jar
bcpkix-jdk15on-155.jar

我使用该库的原因是将 AesCbcPkcs7 与我的 android 应用程序集成。您能给我一些提示以编译上述示例吗？

最好的问候，奥勒良

【问题讨论】：

这些都不是 bc-fips jar。你为什么还要使用 FIPS api？无论如何，从网站上：“现在也可以提前访问我们的 FIPS 强化版本的 Java API，请通过 office@bouncycastle.org 联系我们以获取更多信息。”

标签： java android bouncycastle

【解决方案1】：

我使用以下代码进行了测试 - 没有充气城堡 - 并且效果很好：

import android.util.Base64;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.NoSuchAlgorithmException;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/**
 * Created by aurelian.rosca.
 */
public class EncryptionProvider2 {
    private final String characterEncoding = "UTF-8";
    private final String cipherTransformation = "AES/CBC/PKCS5Padding";
    private final String aesEncryptionAlgorithm = "AES";

    public  byte[] decrypt(byte[] cipherText, byte[] key, byte [] initialVector) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
    {
        Cipher cipher = Cipher.getInstance(cipherTransformation);
        SecretKeySpec secretKeySpecy = new SecretKeySpec(key, aesEncryptionAlgorithm);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(initialVector);
        cipher.init(Cipher.DECRYPT_MODE, secretKeySpecy, ivParameterSpec);
        cipherText = cipher.doFinal(cipherText);
        return cipherText;
    }

    public byte[] encrypt(byte[] plainText, byte[] key, byte [] initialVector) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException
    {
        Cipher cipher = Cipher.getInstance(cipherTransformation);
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, aesEncryptionAlgorithm);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(initialVector);
        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec);
        plainText = cipher.doFinal(plainText);
        return plainText;
    }

    private byte[] getKeyBytes(String key) throws UnsupportedEncodingException {
        byte[] keyBytes= new byte[16];
        byte[] parameterKeyBytes= key.getBytes(characterEncoding);
        System.arraycopy(parameterKeyBytes, 0, keyBytes, 0, Math.min(parameterKeyBytes.length, keyBytes.length));
        return keyBytes;
    }


    public String encrypt(String plainText, String key) throws UnsupportedEncodingException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException{
        byte[] plainTextbytes = plainText.getBytes(characterEncoding);
        byte[] keyBytes = getKeyBytes(key);
        return Base64.encodeToString(encrypt(plainTextbytes,keyBytes, keyBytes), Base64.NO_WRAP);
    }


    public String decrypt(String encryptedText, String key) throws KeyException, GeneralSecurityException, GeneralSecurityException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, IOException {
        byte[] cipheredBytes = Base64.decode(encryptedText, Base64.NO_WRAP);
        byte[] keyBytes = getKeyBytes(key);
        return new String(decrypt(cipheredBytes, keyBytes, keyBytes), characterEncoding);
    }
}

【讨论】：