Java AES算法安全吗?
下面是我在为我的android项目研究AES后整理的一个算法,我想知道的是,它是否安全,是否可以改进?我问这个问题的原因是因为我见过很多不同的方法,只需要一点帮助 提前谢谢,我真的很感谢你的帮助Java AES算法安全吗?,java,android,algorithm,encryption,aes,Java,Android,Algorithm,Encryption,Aes,下面是我在为我的android项目研究AES后整理的一个算法,我想知道的是,它是否安全,是否可以改进?我问这个问题的原因是因为我见过很多不同的方法,只需要一点帮助 提前谢谢,我真的很感谢你的帮助 private static final int pswdIterations = 1000; private static final int keySize = 256; private static final int saltlength = keySize / 8; private stat
private static final int pswdIterations = 1000;
private static final int keySize = 256;
private static final int saltlength = keySize / 8;
private static final String ENCODING = "UTF-8";
private static final String PBK = "PBKDF2WithHmacSHA1";
private static final String AES = "AES";
private static final String CIPHER = "AES/CBC/PKCS5Padding";
public String encrypt(String plainText) throws Exception {
//get text from password field
final String pass = password.getText().toString();
//get salt from generateSalt() method (see below)
String salt = generateSalt();
//convert salt to bytes
byte[] saltBytes = salt.getBytes(ENCODING);
// Derive the key from
SecretKeyFactory factory = SecretKeyFactory.getInstance(PBK);
PBEKeySpec spec = new PBEKeySpec(
pass.toCharArray(),
saltBytes,
pswdIterations,
keySize
);
//encode key
SecretKey secretKey = factory.generateSecret(spec);
SecretKeySpec secret = new SecretKeySpec(secretKey.getEncoded(), AES);
//encrypt the message
Cipher cipher = Cipher.getInstance(CIPHER);
cipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = cipher.getParameters();
byte[] ivBytes = params.getParameterSpec(IvParameterSpec.class).getIV();
byte[] encryptedTextBytes = cipher.doFinal(plainText.getBytes(ENCODING));
//encode text and output final encrypted text
String encodedText = Base64.encodeToString(encryptedTextBytes, Base64.DEFAULT);
String encodedIV = Base64.encodeToString(ivBytes, Base64.DEFAULT);
String encodedSalt = Base64.encodeToString(saltBytes, Base64.DEFAULT);
return encodedSalt + encodedText + encodedIV;
}
public static String generateSalt() {
SecureRandom random = new SecureRandom();
byte bytes[] = new byte[saltlength];
random.nextBytes(bytes);
return new String(bytes);
}
本质上,该方案看起来是安全的,但不包括身份验证 改进:
考虑使用
请看一个将各种物品打包在一起的示例。考虑将此问题移至:或如果您主要关心的是安全问题。