Fatal编程技术网
  • encryption/
  • Encryption 可能是客户端-服务器加密不匹配

Encryption 可能是客户端-服务器加密不匹配

encryption

Encryption 可能是客户端-服务器加密不匹配,encryption,aes,Encryption,Aes,服务器使用以下条件加密密码: AES.HashAlgorithm.MD5, password = "dynamicweb", salt="dwapac2015", iteration=2, Key size=AES.KeySize.Key192, Initial Vector="dwdevelopmentsmm"); 服务器语言是

服务器使用以下条件加密密码:

AES.HashAlgorithm.MD5,
password = "dynamicweb",                   
salt="dwapac2015",                   
iteration=2,                              
Key size=AES.KeySize.Key192,             
Initial Vector="dwdevelopmentsmm");
服务器语言是C#

在客户端,同样的加密操作如下所示:

public class Aes {
    private static final String KEY_FACTORY_ALGORITHM = "PBKDF2WithHmacSHA1";
    private static final String KEY_SPEC_ALGORITHM = "AES";
    private static final int KEY_LENGTH = 192;
    private static final int KEY_ITERATION_COUNT = 2;

    public static String key  = "dynamicweb";
    public static String salt = "dwapac2015";
    public static String cipherTransformation = "AES/CBC/PKCS5Padding";
    public static String initializationVector = "dwdevelopmentsmm";

    public static String encrypt(String payload) throws Exception {
        SecretKeyFactory factory = SecretKeyFactory.getInstance(KEY_FACTORY_ALGORITHM);
        KeySpec spec = new PBEKeySpec(key.toCharArray(), salt.getBytes(), KEY_ITERATION_COUNT, KEY_LENGTH);
        SecretKeySpec secret = new SecretKeySpec(factory.generateSecret(spec).getEncoded(), KEY_SPEC_ALGORITHM);

        Cipher cipher = Cipher.getInstance(cipherTransformation);

        cipher.init(Cipher.ENCRYPT_MODE, secret, new IvParameterSpec(initializationVector.getBytes()));

        byte[] encrypted = cipher.doFinal(payload.getBytes());
        return new String(Base64.encodeBase64(encrypted));
    }
}
客户端语言是Java

服务器返回以下错误:

[Authenticate: 11/4/2015 6:42:09 AM]: [REQUEST: {UserName:BPlMi6RfvvWjntEW9Aw5Rw==,Password:BPlMi6RfvvWjntEW9Aw5Rw==}] System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed. at RestService.ServiceInterface.Helpers.DWCredentialsAuthProvider.CheckInDW(String userName, String password, Int32& currentUserID) at RestService.ServiceInterface.Helpers.DWCredentialsAuthProvider.TryAuthenticate(IServiceBase authService, String userName, String password) at ServiceStack.Auth.CredentialsAuthProvider.Authenticate(IServiceBase authService, IAuthSession session, String userName, String password, String referrerUrl) at ServiceStack.Auth.CredentialsAuthProvider.Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) at ServiceStack.Auth.AuthenticateService.Authenticate(Authenticate request, String provider, IAuthSession session, IAuthProvider oAuthConfig) at ServiceStack.Auth.AuthenticateService.Post(Authenticate request) at lambda_method(Closure , Object , Object ) at ServiceStack.Host.ServiceRunner`1.Execute(IRequest request, Object instance, TRequest requestDto)"
他们想让我用这种方式加密数据。不是我的主意。然后询问服务器的功能规格。我还想指出的是,这与ROT13一样安全。他们可能稍后会切换到TLS,但他们仍然希望我加密数据。问题是,他们可以给我服务器代码,但如果我不理解C#如何处理PBE,我仍然会有问题。