java 避免在加密和编码的 URL 字符串中换行
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10282566/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Avoiding line breaks in encrypted and encoded URL string
提问by milletron
I am trying to implement a simple string encoder to obfuscates some parts of a URL string (to prevent them from getting mucked with by a user). I'm using code nearly identical to the sample in the JCA guide, except:
我正在尝试实现一个简单的字符串编码器来混淆 URL 字符串的某些部分(以防止它们被用户混淆)。我使用的代码与JCA 指南中的示例几乎相同,除了:
- using DES (assuming it's a little faster than AES, and requires a smaller key) and
- Base64 en/decoding the string to make sure it stays safe for a URL.
- 使用 DES(假设它比 AES 快一点,并且需要更小的密钥)和
- Base64 编码/解码字符串以确保它对 URL 保持安全。
For reasons I can't understand, the output string ends up with linebreaks, which I presume won't work. I can't figure out what's causing this. Suggestions on something similar that's easier or pointers to some other resources to read? I'm finding all the cryptography references a bit over my head (and overkill), but a simple ROT13 implementation won't work since I want to deal with a larger character set (and don't want to waste time implementing something likely to have issues with obscure characters i didn't think of).
由于我无法理解的原因,输出字符串以换行符结尾,我认为这行不通。我无法弄清楚是什么原因造成的。关于更容易的类似内容的建议或指向其他一些阅读资源的指针?我发现所有的密码学参考都有些过头(而且矫枉过正),但是一个简单的 ROT13 实现将不起作用,因为我想处理更大的字符集(并且不想浪费时间实现一些可能有我没有想到的晦涩字符的问题)。
Sample input (no line break):
示例输入(无换行符):
http://maps.google.com/maps?q=kansas&hl=en&sll=42.358431,-71.059773&sspn=0.415552,0.718918&hnear=Kansas&t=m&z=7
Sample Output (line breaks as shown below):
示例输出(换行符如下所示):
GstikIiULcJSGEU2NWNTpyucSWUFENptYk4m5lD8RJl8l1CuspiuXiE9a07fUEAGM/tC7h0Vzus+
jAH6cT4Wtz2RUlBdGf8WtQxVDKZVOzKwi84eQh2kZT9T3KomlnPOu2owJ/2RAEvG+QuGem5UGw==
my encode snippet:
我的编码片段:
final Key key = new SecretKeySpec(seed.getBytes(), "DES");
final Cipher c = Cipher.getInstance("DES");
c.init(Cipher.ENCRYPT_MODE, key);
final byte[] encVal = c.doFinal(s.getBytes());
return new BASE64Encoder().encode(encVal);
回答by PatlaDJ
Simply perform base64Str = base64Str.replaceAll("(?:\\r\\n|\\n\\r|\\n|\\r)", "")on the encoded string.
只需base64Str = base64Str.replaceAll("(?:\\r\\n|\\n\\r|\\n|\\r)", "")对编码的字符串执行。
It works fine when you try do decode it back to bytes. I did test it several times with random generated byte arrays. Obviously decoding process just ignores the newlines either they are present or not.
I tested this "confirmed working" by using com.sun.org.apache.xml.internal.security.utils.Base64Other encoders not tested.
当您尝试将其解码回字节时,它工作正常。我确实使用随机生成的字节数组对其进行了多次测试。显然,解码过程只会忽略换行符,无论它们是否存在。我使用com.sun.org.apache.xml.internal.security.utils.Base64其他未测试的编码器测试了这个“确认工作” 。
回答by leonbloy
Base64 encoders usually impose some maximum line (chunk) length, and adds newlines when necessary. You can normally configure that, but that depends on the particular coder implementation.
For example, the class from Apache Commonshas a linelengthattribute, setting it to zero (or negative) disables the line separation.
Base64 编码器通常会施加一些最大行(块)长度,并在必要时添加换行符。您通常可以配置它,但这取决于特定的编码器实现。例如,来自Apache Commons的类 有一个linelength属性,将其设置为零(或负数)将禁用行分隔。
BTW: I agree with the other answer in that DES is hardly advisable today. Further, are you just "obfuscating" or really encrypting? Who has the key? The whole thing does not smell very well to me.
顺便说一句:我同意另一个答案,即今天几乎不建议使用 DES。此外,您是在“混淆”还是真的在加密?谁有钥匙?整件事对我来说闻起来不太好。
回答by user2955935
import android.util.Base64;
导入 android.util.Base64;
...
...
return new BASE64.encodeToString(encVal, Base64.NO_WRAP);
返回新的 BASE64.encodeToString(encVal, Base64.NO_WRAP);
回答by Jerry Coffin
Though it's unrelated to your actual question, DES is generally slowerthan AES (at least in software), so unless you reallyneed to keep the key small, AES is almost certainly a better choice.
尽管它与您的实际问题无关,但 DES 通常比 AES慢(至少在软件中),因此除非您确实需要保持密钥较小,否则AES 几乎肯定是更好的选择。
Second, it's perfectly normal that encryption (DES or AES) would/will produce new-line characters in its output. Producing output without them will be entirely up to the base-64 encoder, so that's where you clearly need to look.
其次,加密(DES 或 AES)会/将在其输出中产生换行符是完全正常的。在没有它们的情况下生成输出将完全取决于 base-64 编码器,因此这显然是您需要查看的地方。
It's not particularly surprising to see a base-64 insert new-line characters at regular intervals in its output though. The most common use for base-64 encoding is putting raw data into something like the body of an email, where a really long line would cause a problem. To prevent that, the data is broken up into pieces, typically no more than 80 columns (and usually a bit less). In this case, the new-lines should be ignored, however, so you should be able to just delete them, if memory serves.
不过,看到 base-64 在其输出中以固定间隔插入换行符并不特别令人惊讶。base-64 编码最常见的用途是将原始数据放入电子邮件正文之类的内容中,其中很长的一行会导致问题。为了防止这种情况发生,数据被分成几部分,通常不超过 80 列(通常少一点)。在这种情况下,应该忽略换行符,但是,如果没有记错的话,您应该能够删除它们。
