Java 3DES 解密错误密钥长度无效
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20835808/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
3DES Decryption Error Invalid Key Length
提问by Shaggy
I am using 3DESC to decrypt data but i am getting following exception
我正在使用 3DESC 解密数据,但出现以下异常
java.security.InvalidKeyException: Invalid key length: 16 bytes
My Code:
我的代码:
public static byte[] decrypt3DESCBC(byte[] keyBytes, byte[] ivBytes,
byte[] dataBytes) {
try {
AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivBytes);
SecretKeySpec newKey = new SecretKeySpec(keyBytes, "DESede");
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, newKey, ivSpec); // Causes Exception
return cipher.doFinal(dataBytes);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
Printed all the byte array above used
打印上面使用的所有字节数组
keyBytes : FC15780BB4B0**********0876482C1B // Masked 10 Characters
ivBytes : 0000000000000000
dataBytes : AF53C90F7FAD977E**********69DB5A2BF3080F9F07F4BFEA3EDB4DE96887BE7D40A5A590C0911A // Masked 10 Characters
采纳答案by Jcs
DES-EDE cipher can be used with 3 different subkeys therefore the key size should be 24 bytes (3 times 8 bytes). If you want to use only 2 keys (i.e. in this mode first key == last key) then you just have to duplicate the first 8 bytes of the key array.
DES-EDE 密码可用于 3 个不同的子密钥,因此密钥大小应为 24 字节(8 字节的 3 倍)。如果您只想使用 2 个键(即在此模式下第一个键 == 最后一个键),那么您只需复制键数组的前 8 个字节。
byte[] key;
if (keyBytes.length == 16) {
key = new byte[24];
System.arraycopy(keyBytes, 0, key, 0, 16);
System.arraycopy(keyBytes, 0, key, 16, 8);
} else {
key = keyBytes;
}
回答by Maarten Bodewes
You are using an older Java version that does not handle 128 bit key lengths. In principle, 3DES always uses three keys - keys ABC - which are 64 bit each when we include the parity bits into the count (for a single DES encrypt with A, then decrypt with B, then encrypt again with C). 128 bit (dual) key however uses A = C. So to create a valid 24 byte key, you need to copy and concatenate the first 8 bytes to the tail of the array. Or you could upgrade to a newer JRE, or use a provider that does accept 16 byte 3DES keys.
您使用的是不能处理 128 位密钥长度的旧 Java 版本。原则上,3DES 总是使用三个密钥 - 密钥 ABC - 当我们将奇偶校验位包含在计数中时,每个密钥都是 64 位(对于单个 DES 用 A 加密,然后用 B 解密,然后用 C 再次加密)。然而,128 位(双)密钥使用 A = C。因此,要创建有效的 24 字节密钥,您需要复制前 8 个字节并将其连接到数组的尾部。或者您可以升级到更新的 JRE,或使用接受 16 字节 3DES 密钥的提供程序。
Note that 192 bit (168 bit effective) 3DES keys are quite a bit more secure than 128 (112 bit effective) bit keys; 128 bit 3DES is not accepted by NIST (which handles US government standardization of cryptography) anymore. You should try and switch to AES if possible; AES doesn't have these kind of shenanigans and is much more secure.
请注意,192 位(有效 168 位)3DES 密钥比 128 位(有效 112 位)密钥更安全;128 位 3DES 不再被 NIST(处理美国政府的密码学标准化)接受。如果可能,您应该尝试切换到 AES;AES 没有这些恶作剧,而且更安全。
