java.security.InvalidKeyException:缺少参数
我需要将加密密码存储在DB中,而不存储任何密钥或salt。我想确保它更安全,即使是双向加密。所以在谷歌搜索了一下之后,我创建了一个示例程序来测试它。我的想法是创建一个定制的JPA AttributeConverter类来管理它 以下是程序:java.security.InvalidKeyException:缺少参数,java,encryption,Java,Encryption,我需要将加密密码存储在DB中,而不存储任何密钥或salt。我想确保它更安全,即使是双向加密。所以在谷歌搜索了一下之后,我创建了一个示例程序来测试它。我的想法是创建一个定制的JPA AttributeConverter类来管理它 以下是程序: import java.security.Key; import java.security.spec.KeySpec; import java.util.Base64; import javax.crypto.Cipher; import javax.c
import java.security.Key;
import java.security.spec.KeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class Crypto {
private static final String _algorithm = "AES";
private static final String _password = "_pasword*";
private static final String _salt = "_salt*";
private static final String _keygen_spec = "PBKDF2WithHmacSHA1";
private static final String _cipher_spec = "AES/CBC/PKCS5Padding";
public static String encrypt(String data) throws Exception {
Key key = getKey();
System.out.println(key.toString());
Cipher cipher = Cipher.getInstance(_cipher_spec);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = cipher.doFinal(data.getBytes());
String encryptedValue = Base64.getEncoder().encodeToString(encVal);
System.out.println("Encrypted value of "+data+": "+encryptedValue);
return encryptedValue;
}
public static void decrypt(String encryptedData) throws Exception {
Key key = getKey();
System.out.println(key.toString());
Cipher cipher = Cipher.getInstance(_cipher_spec);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] decordedValue = Base64.getDecoder().decode(encryptedData);
byte[] decValue = cipher.doFinal(decordedValue);
String decryptedValue = new String(decValue);
System.out.println("Decrypted value of "+encryptedData+": "+decryptedValue);
}
private static Key getKey() throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance(_keygen_spec);
KeySpec spec = new PBEKeySpec(_password.toCharArray(), _salt.getBytes(), 65536, 128);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), _algorithm);
return secret;
}
public static void main(String []str) throws Exception {
String value = encrypt("India@123");
decrypt(value);
}
}
import java.security.Key;
import java.security.spec.KeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
@Converter(autoApply=true)
public class CryptoJPAConverter implements AttributeConverter<String, String> {
private static final String _algorithm = "AES";
private static final String _password = "_pasword*";
private static final String _salt = "_salt*";
private static final String _keygen_spec = "PBKDF2WithHmacSHA1";
private static final String _cipher_spec = "AES/ECB/PKCS5Padding";
@Override
public String convertToDatabaseColumn(String clearText) {
Key key;
Cipher cipher;
try {
key = getKey();
cipher = Cipher.getInstance(_cipher_spec);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = cipher.doFinal(clearText.getBytes());
String encryptedValue = Base64.getEncoder().encodeToString(encVal);
return encryptedValue;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Override
public String convertToEntityAttribute(String encryptedText) {
Key key;
try {
key = getKey();
Cipher cipher = Cipher.getInstance(_cipher_spec);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] decordedValue = Base64.getDecoder().decode(encryptedText);
byte[] decValue = cipher.doFinal(decordedValue);
String decryptedValue = new String(decValue);
return decryptedValue;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private static Key getKey() throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance(_keygen_spec);
KeySpec spec = new PBEKeySpec(_password.toCharArray(), _salt.getBytes(), 65536, 128);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), _algorithm);
return secret;
}
}
但它引发了以下例外:
javax.crypto.spec.SecretKeySpec@17111
Encrypted value of India@123: iAv1fvjMnJqilg90rGztXA==
javax.crypto.spec.SecretKeySpec@17111
Exception in thread "main" java.security.InvalidKeyException: Parameters missing
at com.sun.crypto.provider.CipherCore.init(CipherCore.java:469)
at com.sun.crypto.provider.AESCipher.engineInit(AESCipher.java:313)
at javax.crypto.Cipher.implInit(Cipher.java:802)
at javax.crypto.Cipher.chooseProvider(Cipher.java:864)
at javax.crypto.Cipher.init(Cipher.java:1249)
at javax.crypto.Cipher.init(Cipher.java:1186)
at org.lp.test.Crypto.decrypt(Crypto.java:37)
at org.lp.test.Crypto.main(Crypto.java:54)
我想不出这一点
我已经根据@Luke Park的回答纠正了异常,我创建了一个JPA AttributeConverter,如下所示:
import java.security.Key;
import java.security.spec.KeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class Crypto {
private static final String _algorithm = "AES";
private static final String _password = "_pasword*";
private static final String _salt = "_salt*";
private static final String _keygen_spec = "PBKDF2WithHmacSHA1";
private static final String _cipher_spec = "AES/CBC/PKCS5Padding";
public static String encrypt(String data) throws Exception {
Key key = getKey();
System.out.println(key.toString());
Cipher cipher = Cipher.getInstance(_cipher_spec);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = cipher.doFinal(data.getBytes());
String encryptedValue = Base64.getEncoder().encodeToString(encVal);
System.out.println("Encrypted value of "+data+": "+encryptedValue);
return encryptedValue;
}
public static void decrypt(String encryptedData) throws Exception {
Key key = getKey();
System.out.println(key.toString());
Cipher cipher = Cipher.getInstance(_cipher_spec);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] decordedValue = Base64.getDecoder().decode(encryptedData);
byte[] decValue = cipher.doFinal(decordedValue);
String decryptedValue = new String(decValue);
System.out.println("Decrypted value of "+encryptedData+": "+decryptedValue);
}
private static Key getKey() throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance(_keygen_spec);
KeySpec spec = new PBEKeySpec(_password.toCharArray(), _salt.getBytes(), 65536, 128);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), _algorithm);
return secret;
}
public static void main(String []str) throws Exception {
String value = encrypt("India@123");
decrypt(value);
}
}
import java.security.Key;
import java.security.spec.KeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
@Converter(autoApply=true)
public class CryptoJPAConverter implements AttributeConverter<String, String> {
private static final String _algorithm = "AES";
private static final String _password = "_pasword*";
private static final String _salt = "_salt*";
private static final String _keygen_spec = "PBKDF2WithHmacSHA1";
private static final String _cipher_spec = "AES/ECB/PKCS5Padding";
@Override
public String convertToDatabaseColumn(String clearText) {
Key key;
Cipher cipher;
try {
key = getKey();
cipher = Cipher.getInstance(_cipher_spec);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encVal = cipher.doFinal(clearText.getBytes());
String encryptedValue = Base64.getEncoder().encodeToString(encVal);
return encryptedValue;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Override
public String convertToEntityAttribute(String encryptedText) {
Key key;
try {
key = getKey();
Cipher cipher = Cipher.getInstance(_cipher_spec);
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] decordedValue = Base64.getDecoder().decode(encryptedText);
byte[] decValue = cipher.doFinal(decordedValue);
String decryptedValue = new String(decValue);
return decryptedValue;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private static Key getKey() throws Exception {
SecretKeyFactory factory = SecretKeyFactory.getInstance(_keygen_spec);
KeySpec spec = new PBEKeySpec(_password.toCharArray(), _salt.getBytes(), 65536, 128);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), _algorithm);
return secret;
}
}
导入java.security.Key;
导入java.security.spec.KeySpec;
导入java.util.Base64;
导入javax.crypto.Cipher;
导入javax.crypto.SecretKey;
导入javax.crypto.SecretKeyFactory;
导入javax.crypto.spec.PBEKeySpec;
导入javax.crypto.spec.SecretKeySpec;
导入javax.persistence.AttributeConverter;
导入javax.persistence.Converter;
@转换器(自动应用=真)
公共类CryptoJPAConverter实现AttributeConverter{
私有静态最终字符串_algorithm=“AES”;
私有静态最终字符串_password=“_pasword*”;
私有静态最终字符串_salt=“_salt*”;
私有静态最终字符串_keygen_spec=“PBKDF2WithHmacSHA1”;
私有静态最终字符串\u cipher\u spec=“AES/ECB/PKCS5Padding”;
@凌驾
公共字符串convertToDatabaseColumn(字符串明文){
钥匙;
密码;
试一试{
key=getKey();
cipher=cipher.getInstance(\u cipher\u spec);
cipher.init(cipher.ENCRYPT_模式,密钥);
byte[]encVal=cipher.doFinal(clearText.getBytes());
字符串encryptedValue=Base64.getEncoder().encodeToString(encVal);
返回encryptedValue;
}捕获(例外e){
抛出新的运行时异常(e);
}
}
@凌驾
公共字符串convertToEntityAttribute(字符串加密文本){
钥匙;
试一试{
key=getKey();
Cipher Cipher=Cipher.getInstance(\u Cipher\u spec);
cipher.init(cipher.DECRYPT_模式,密钥);
字节[]decordedValue=Base64.getDecoder().decode(encryptedText);
字节[]decValue=cipher.doFinal(decordeValue);
String decryptedValue=新字符串(decValue);
返回解密值;
}捕获(例外e){
抛出新的运行时异常(e);
}
}
私有静态密钥getKey()引发异常{
SecretKeyFactory=SecretKeyFactory.getInstance(\u keygen\u spec);
KeySpec spec=new-PBEKeySpec(_password.tocharray(),_salt.getBytes(),65536128);
SecretKey tmp=工厂生成信任(规范);
SecretKey secret=新的SecretKeySpec(tmp.getEncoded(),_算法);
归还秘密;
}
}
我使用了双向加密,因为我需要将密码以明文形式传递给Java邮件客户端
欢迎您提出建议和意见您正在使用的是
AES/CBC/PKCS5Padding
,但您没有向cipher.init
调用传递IV
CBC模式要求每个加密操作使用随机IV,每次加密时应使用SecureRandom
生成该值,并将该值作为IvParameterSpec
传递。你需要同样的IV来解密。通常将IV前置到密文,并在需要时检索
另一方面,加密密码确实是一个非常糟糕的主意。您必须问这个问题的事实在某种程度上证明了您没有能力做出与安全相关的决策。帮你自己和你的项目一个忙,改为散列你的密码。PBKDF2和bcrypt都是不错的方法。感谢您指出这个问题。我必须解密密码并将其传递给另一个系统。所以我需要双向加密。我将根据您指出的问题,使用我应用的解决方案更新我的问题