Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/security/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 如何使用Shiro创建基于密码的密码?_Java_Security_Shiro - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 如何使用Shiro创建基于密码的密码?

Java 如何使用Shiro创建基于密码的密码?

java security

Java 如何使用Shiro创建基于密码的密码?,java,security,shiro,Java,Security,Shiro,我创建了一个方法,可以用密码加密和解密对象。然而,我使用的是Java的本机加密库,但这些库并不十分安全。(对于我尝试序列化的对象中的小更改,我从总共243个加密字节中获得208个相同的字节。)我认为有其他选择,但我似乎找不到它们(至少在1.1.0中,对于基于密码的加密)。这是我加密的代码。我将密码值注入到类中,并省略任何异常处理,以简化操作: public String encryptToString(Serializable object) { SecretKeyFactory key

我创建了一个方法,可以用密码加密和解密对象。然而,我使用的是Java的本机加密库,但这些库并不十分安全。(对于我尝试序列化的对象中的小更改,我从总共243个加密字节中获得208个相同的字节。)我认为有其他选择,但我似乎找不到它们(至少在1.1.0中,对于基于密码的加密)。这是我加密的代码。我将密码值注入到类中,并省略任何异常处理,以简化操作:

public String encryptToString(Serializable object) {
    SecretKeyFactory keyFactory =
            SecretKeyFactory.getInstance(ALGORITHM);
    KeySpec keySpec = new PBEKeySpec(password.toCharArray());
    SecretKey secretKey = keyFactory.generateSecret(keySpec);
    PBEParameterSpec paramSpec = new PBEParameterSpec(SALT, ITERATIONS);

    Cipher cipher = Cipher.getInstance(ALGORITHM);
    cipher.init(Cipher.ENCRYPT_MODE, secretKey, paramSpec);
    // Serialize map
    final ByteArrayOutputStream byteArrayOutputStream =
            new ByteArrayOutputStream();
    CipherOutputStream cout =
            new CipherOutputStream(byteArrayOutputStream, cipher);
    ObjectOutputStream out = new ObjectOutputStream(cout);
    out.writeObject(object);
    out.close();
    cout.close();
    byteArrayOutputStream.close();
    return new String(
            Base64.encode(byteArrayOutputStream.toByteArray()));
}
以及我的解密代码:

public Object decryptToObject(String encodedString) {
    SecretKeyFactory keyFactory =
            SecretKeyFactory.getInstance(ALGORITHM);
    KeySpec keySpec = new PBEKeySpec(password.toCharArray());
    SecretKey secretKey = keyFactory.generateSecret(keySpec);
    PBEParameterSpec paramSpec = new PBEParameterSpec(SALT, ITERATIONS);
    Cipher decipher = Cipher.getInstance(ALGORITHM);
    decipher.init(Cipher.DECRYPT_MODE, secretKey, paramSpec);
    final ByteArrayInputStream byteArrayInputStream =
            new ByteArrayInputStream(Base64.decode(encodedString
                    .getBytes()));
    CipherInputStream cin =
            new CipherInputStream(byteArrayInputStream, decipher);
    ObjectInputStream in = new ObjectInputStream(cin);
    Object result = in.readObject();
    in.close();
    cin.close();
    byteArrayInputStream.close();
    return result;
}