Java 无效的 AES 密钥长度错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1760785/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
invalid AES key length error
提问by silverkid
this code give invalid AES key length error. how can i correct it ? ( i want 128 bit key AES encryption )
此代码给出无效的 AES 密钥长度错误。我该如何纠正?(我想要 128 位密钥 AES 加密)
package org.temp2.cod1;
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;
public class Code1 {
public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
String s = "9882623867";
byte[] plaintext = s.getBytes("UTF-16");
String s2 = "supernova";
byte[] key = s2.getBytes("UTF-16");
Cipher c = Cipher.getInstance("AES");
SecretKeySpec k = new SecretKeySpec(key, "AES");
c.init(Cipher.ENCRYPT_MODE, k);
byte[] encryptedData = c.doFinal(plaintext);
System.out.println(encryptedData);
}
}
any help appreciated
任何帮助表示赞赏
采纳答案by erickson
Use a SecretKeyFactoryto derive key bytes from a password.You can see a detailed example here.Note that you'll need to specify a key length of 128 bits key instead of 256 bits as shown in that example.
使用 aSecretKeyFactory从密码派生密钥字节。您可以在此处查看详细示例。请注意,您需要指定 128 位密钥的密钥长度,而不是该示例中所示的 256 位。
The next problem that you will run into is that you have not specified a padding scheme. Unless your messages are a multiple of 16 bytes (the AES block size), that will raise an error. Use PKCS5Padding as shown in the example.
您将遇到的下一个问题是您尚未指定填充方案。除非您的消息是 16 字节(AES 块大小)的倍数,否则会引发错误。使用 PKCS5Padding,如示例中所示。
Use of CBC mode on the cipher will require a new initialization vector to be chosen for each message. This unique IV must be sent along with the encrypted message to the recipient.
在密码上使用 CBC 模式将需要为每个消息选择一个新的初始化向量。这个唯一的 IV 必须与加密消息一起发送给接收者。
Trying to perform cryptography without a thorough understanding of the concepts raised here (and a lot more) is likely to result in an insecure system.
在没有彻底理解此处(以及更多)概念的情况下尝试执行密码学可能会导致系统不安全。
回答by DarkSquid
You can't typically use any arbitrary key length (such as you're doing here with "supernova") for a block cipher like AES. You must use a supported key length (128, 192, 256, etc) appropriate for your algorithm of choice.
对于像 AES 这样的分组密码,您通常不能使用任何任意的密钥长度(例如您在此处使用“超新星”进行操作)。您必须使用适合您选择的算法的受支持的密钥长度(128、192、256 等)。
One common way to do this is to hash your passphrase (e.g., via SHA) and extract the first N bytes. This is better anyhow, as it allows you to "salt" your password with an initialization value such that no two users' "keys" are identical even if their passphrases are the same. If you're really interested in this stuff, the seminal work is Applied Cryptography by Bruce Schneier.
执行此操作的一种常见方法是散列您的密码(例如,通过 SHA)并提取前 N 个字节。无论如何,这更好,因为它允许您使用初始化值“加盐”您的密码,这样即使他们的密码相同,也没有两个用户的“密钥”是相同的。如果您真的对这些东西感兴趣,那么开创性的工作是Bruce Schneier 的 Applied Cryptography。
For practical implementation details, see
有关实际实现细节,请参阅
回答by Brad Parks
You can get this error when the key you're trying to use isn't the right length.
当您尝试使用的密钥长度不正确时,您可能会收到此错误。
So in psuedocode, you're trying something like this:
所以在伪代码中,你正在尝试这样的事情:
String key = "123";
SecretKeySpec k = new SecretKeySpec(key, "AES");
but the key is too short - it needs to be something like, say 31 characters long.
但是密钥太短了 - 它需要像 31 个字符一样长。
So check your key value -> it's probably stored somewhere incorrectly.
因此,请检查您的键值 -> 它可能存储在不正确的地方。
回答by samuel owino
Use a key Value string with 16 bytes for Smooth encryption e.g. The key "thebestsecretkey" will work on base64
使用 16 字节的密钥值字符串进行平滑加密,例如密钥“thebestsecretkey”将适用于 base64
