【发布时间】:2016-09-13 15:52:17
【问题描述】:
我找到了这个关于 java bouncy castle https://www.bouncycastle.org/fips/BCUserGuide.pdf的指南
我尝试使用 CBC 和 PKCS5/7Padding 运行以下示例 3.3.1 AES 加密:
static byte[] encryptBytes(FipsOutputEncryptor outputEncryptor, byte[] plainText) throws IOException
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
CipherOutputStream encOut = outputEncryptor.getEncryptingStream(bOut);
encOut.update(plainText);
encOut.close();
return bOut.toByteArray();
}
static byte[] decryptBytes(FipsInputDecryptor inputDecryptor,
byte[] cipherText) throws IOException
{
ByteArrayOutputStream bOut = new ByteArrayOutputStream();
InputStream encIn = inputDecryptor.getDecryptingStream(
new ByteArrayInputStream(cipherText));
int ch;
while ((ch = encIn.read()) >= 0)
{
bOut.write(ch);
}
return bOut.toByteArray();
}
// 3.3.1 AES Encryption using CBC and PKCS5/7Padding
// ensure a FIPS DRBG in use.
CryptoServicesRegistrar.setSecureRandom(
FipsDRBG.SHA512_HMAC.fromEntropySource(
new BasicEntropySourceProvider(new SecureRandom(), true))
.build(null, true));
byte[] iv = new byte[16];
CryptoServicesRegistrar.getSecureRandom().nextBytes(iv);
FipsSymmetricKeyGenerator<SymmetricSecretKey> keyGen =
new FipsAES.KeyGenerator(128,
CryptoServicesRegistrar.getSecureRandom());
SymmetricSecretKey key = keyGen.generateKey();
FipsSymmetricOperatorFactory<FipsAES.Parameters> fipsSymmetricFactory =
new FipsAES.OperatorFactory();
FipsOutputEncryptor<FipsAES.Parameters> outputEncryptor =
fipsSymmetricFactory.createOutputEncryptor(key,
FipsAES.CBCwithPKCS7.withIV(iv));
byte[] output = encryptBytes(outputEncryptor, new byte[16]);
FipsInputDecryptor<FipsAES.Parameters> inputDecryptor =
fipsSymmetricFactory.createInputDecryptor(key,
FipsAES.CBCwithPKCS7.withIV(iv));
byte[] plain = decryptBytes(inputDecryptor, output);
并且代码无法编译。
我在类路径中添加了以下库
bcprov-jdk15on-155.jar
bcmail-jdk15on-155.jar
bcpg-jdk15on-155.jar
bcpkix-jdk15on-155.jar
我使用该库的原因是将 AesCbcPkcs7 与我的 android 应用程序集成。您能给我一些提示以编译上述示例吗?
最好的问候, 奥勒良
【问题讨论】:
-
这些都不是 bc-fips jar。你为什么还要使用 FIPS api?无论如何,从网站上:“现在也可以提前访问我们的 FIPS 强化版本的 Java API,请通过 office@bouncycastle.org 联系我们以获取更多信息。”
标签: java android bouncycastle