Java xws安全(webservices rt)中的GCM加密和解密
我已经使用JDK8在xws安全性(EncryptionProcessor.java)中成功地实现了对GCM加密的支持,并在其他系统上进行了测试。然而,我有一个解密的问题。第一个问题如下 java.security.invalidalgorithParameterException:不支持的参数:javax.crypto.spec.IvParameterSpec。我通过将初始化向量(iv)从IvParameterSpec()更改为GCMParameterSpec()解决了这个问题,如下所示(DecryptionProcessor.java中的代码片段)Java xws安全(webservices rt)中的GCM加密和解密,java,aes-gcm,javax.crypto,Java,Aes Gcm,Javax.crypto,我已经使用JDK8在xws安全性(EncryptionProcessor.java)中成功地实现了对GCM加密的支持,并在其他系统上进行了测试。然而,我有一个解密的问题。第一个问题如下 java.security.invalidalgorithParameterException:不支持的参数:javax.crypto.spec.IvParameterSpec。我通过将初始化向量(iv)从IvParameterSpec()更改为GCMParameterSpec()解决了这个问题,如下所示(Dec
如果您对此有任何建议,我们将不胜感激修复SWA附件的解密问题-感谢dave_thompson_085的提示。代码调整如下
try {
String dataAlgorithm = JCEMapper.translateURItoJCEID(tmp);
decryptor = Cipher.getInstance(dataAlgorithm);
//decryptor = Cipher.getInstance("DESede/CBC/ISO10126Padding");
int ivLen = decryptor.getBlockSize();
byte[] ivBytes = null; // = new byte[ivLen];
if (dataAlgorithm.matches(".*[gG][cC][mM].*$")) { // TK 03/09/2015 - probably needs more places for decrypting body stuff
ivLen = 12; // 12 for GCM - also see wss4j-2.1.2/ws-security-common/src/main/java/org/apache/wss4j/common/util/AttachmentUtils.java
ivBytes = new byte[ivLen];
System.arraycopy(cipherInput, 0, ivBytes, 0, ivLen);
GCMParameterSpec iv = new GCMParameterSpec(16 * Byte.SIZE, ivBytes);
decryptor.init(Cipher.DECRYPT_MODE, symmetricKey, iv);
}
else {
ivBytes = new byte[ivLen];
System.arraycopy(cipherInput, 0, ivBytes, 0, ivLen);
IvParameterSpec iv = new IvParameterSpec(ivBytes);
decryptor.init(Cipher.DECRYPT_MODE, symmetricKey, iv);
}
cipherOutput = decryptor.doFinal(cipherInput, ivLen, cipherInput.length-ivLen);
} catch (Exception e) {
log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", e);
throw new XWSSecurityException(e);
}
现在GCM XML元素解密也有类似的问题。我不知道XWS安全性,但谷歌建议它基于XML安全性(此处为加密),并表示Xlenc使用96位(12字节)IV和128位标记。这可能不是巧合,这些是SP800-38D中的首选尺寸。此标记大小恰好与AES数据块相同,但不是因为这个原因选择的。
javax.crypto.AEADBadTagException: Tag mismatch!
at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:524)
at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1023)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:960)
at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
at javax.crypto.Cipher.doFinal(Cipher.java:2223)
at com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptAttachment(DecryptionProcessor.java:775)
try {
String dataAlgorithm = JCEMapper.translateURItoJCEID(tmp);
decryptor = Cipher.getInstance(dataAlgorithm);
//decryptor = Cipher.getInstance("DESede/CBC/ISO10126Padding");
int ivLen = decryptor.getBlockSize();
byte[] ivBytes = null; // = new byte[ivLen];
if (dataAlgorithm.matches(".*[gG][cC][mM].*$")) { // TK 03/09/2015 - probably needs more places for decrypting body stuff
ivLen = 12; // 12 for GCM - also see wss4j-2.1.2/ws-security-common/src/main/java/org/apache/wss4j/common/util/AttachmentUtils.java
ivBytes = new byte[ivLen];
System.arraycopy(cipherInput, 0, ivBytes, 0, ivLen);
GCMParameterSpec iv = new GCMParameterSpec(16 * Byte.SIZE, ivBytes);
decryptor.init(Cipher.DECRYPT_MODE, symmetricKey, iv);
}
else {
ivBytes = new byte[ivLen];
System.arraycopy(cipherInput, 0, ivBytes, 0, ivLen);
IvParameterSpec iv = new IvParameterSpec(ivBytes);
decryptor.init(Cipher.DECRYPT_MODE, symmetricKey, iv);
}
cipherOutput = decryptor.doFinal(cipherInput, ivLen, cipherInput.length-ivLen);
} catch (Exception e) {
log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", e);
throw new XWSSecurityException(e);
}