问题描述
|
我正在使用以下代码片段对应用数据库中的数据进行加密/解密:
http://www.androidsnippets.com/encryptdecrypt-strings
看来javax.crypto.KeyGenerator.generateKey()操作在Android 2.3.3 OS中的工作方式不同于其他版本(以前的版本)。自然,这对我的用户来说是一个大问题,当他们的设备从2.2升级到2.3.3,并且该应用开始引发解密数据库的错误时。
这是一个已知的问题?我是否使用了错误的密码库?有人对如何解决这个问题有任何建议,以便可以在2.3.3中解密在2.2中加密的数据吗?
我构建了一个测试应用程序,该应用程序通过加密功能提供值。当我在2.2 AVD上运行它时,我得到一个结果。当我在2.3.3 AVD上运行它时,会得到不同的结果。
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import android.app.Activity;
import android.os.Bundle;
import android.widget.TextView;
public class main extends Activity {
TextView tvOutput;
static String out;
String TEST_STRING = \"abcdefghijklmnopqrstuvwxyz\";
String PASSKEY = \"ThePasswordisPassord\";
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
tvOutput = (TextView) findViewById(R.id.tvOutput);
}
@Override
public void onResume() {
super.onResume();
out = \"\";
runtest();
tvOutput.setText(out);
}
private void runtest() {
out = \"Test string: \" + TEST_STRING + \"\\n\";
out += \"Passkey: \" + PASSKEY + \"\\n\";
try {
out += \"Encrypted: \" + encrypt(PASSKEY,TEST_STRING) + \"\\n\";
} catch (Exception e) {
out += \"Error: \" + e.getMessage() + \"\\n\";
e.@R_404_1612@();
}
}
public static String encrypt(String seed,String cleartext)
throws Exception {
byte[] rawKey = getRawKey(seed.getBytes());
byte[] result = encrypt(rawKey,cleartext.getBytes());
return toHex(result) + \"\\n\" + \"Raw Key: \" + String.valueOf(rawKey)
+ \"\\n\";
}
private static byte[] getRawKey(byte[] seed) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance(\"AES\");
SecureRandom sr = SecureRandom.getInstance(\"SHA1PRNG\");
sr.setSeed(seed);
kgen.init(128,sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
return raw;
}
private static byte[] encrypt(byte[] raw,byte[] clear) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw,\"AES\");
Cipher cipher = Cipher.getInstance(\"AES\");
cipher.init(Cipher.ENCRYPT_MODE,skeySpec);
byte[] encrypted = cipher.doFinal(clear);
return encrypted;
}
public static String toHex(String txt) {
return toHex(txt.getBytes());
}
public static String fromHex(String hex) {
return new String(toByte(hex));
}
public static byte[] toByte(String hexString) {
int len = hexString.length() / 2;
byte[] result = new byte[len];
for (int i = 0; i < len; i++)
result[i] = Integer.valueOf(hexString.substring(2 * i,2 * i + 2),16).byteValue();
return result;
}
public static String toHex(byte[] buf) {
if (buf == null)
return \"\";
StringBuffer result = new StringBuffer(2 * buf.length);
for (int i = 0; i < buf.length; i++) {
appendHex(result,buf[i]);
}
return result.toString();
}
private final static String HEX = \"0123456789ABCDEF\";
private static void appendHex(StringBuffer sb,byte b) {
sb.append(HEX.charat((b >> 4) & 0x0f)).append(HEX.charat(b & 0x0f));
}
}
<?xml version=\"1.0\" encoding=\"utf-8\"?>
<LinearLayout xmlns:android=\"http://schemas.android.com/apk/res/android\"
android:orientation=\"vertical\" android:layout_width=\"fill_parent\"
android:layout_height=\"fill_parent\">
<TextView android:layout_width=\"fill_parent\"
android:layout_height=\"wrap_content\" android:id=\"@+id/tvOutput\" />
</LinearLayout>
解决方法
您正在滥用一个伪随机数生成器,并将它的种子用作密钥派生函数-这确实是一种很糟糕的样式。伪随机数生成器\“ SHA1PRNG \”不是像AES这样的标准-因此,您永远都不知道所得到的实现。
另请参见是否有SHA1PRNG标准?
这使我难怪您会得到不同的结果。根据给定种子获得确定性结果不是您可以从伪随机数函数中获得的属性。
如果要从密码派生加密密钥,请使用诸如PKCS#5 / PBKDF2之类的密钥派生功能。
Bouncy Castle中包含了AFAIR的PBKDF2实现。
, 答案是这样的问题:升级到1.45时BouncyCastle AES错误
, 我要感谢对这个问题做出贡献的每个人。
这是我最终想出的示例,说明如何使用密码进行加密/解密,这在Android 2.2和2.3.3之间似乎是一致的。
主要活动:
package cc.ndl.testencryption;
import android.app.Activity;
import android.os.Bundle;
import android.widget.TextView;
public class main extends Activity {
TextView tvOutput;
static String out;
String TEST_STRING = \"abcdefghijklmnopqrstuvwxyz\";
static String PASSKEY = \"ThePasswordIsPassord\";
static byte[] SALT = { 1,2,4,5 };
static int ITERATIONS = 1979;
/** Called when the activity is first created. */
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
tvOutput = (TextView) findViewById(R.id.tvOutput);
}
@Override
public void onResume() {
super.onResume();
out = \"\";
runTest();
tvOutput.setText(out);
}
private void runTest() {
out = \"Test string: \" + TEST_STRING + \"\\n\";
out += \"Passkey: \" + PASSKEY + \"\\n\";
try {
Crypto crypto = new Crypto(PASSKEY);
String encryptedData = crypto.encrypt(TEST_STRING);
out += \"Encrypted: \" + encryptedData + \"\\n\";
out += \"Decrypted: \" + crypto.decrypt(encryptedData);
} catch (Exception e) {
out += \"Error: \" + e.getMessage() + \"\\n\";
e.printStackTrace();
}
}
}
<?xml version=\"1.0\" encoding=\"utf-8\"?>
<LinearLayout xmlns:android=\"http://schemas.android.com/apk/res/android\"
android:orientation=\"vertical\" android:layout_width=\"fill_parent\"
android:layout_height=\"fill_parent\">
<TextView android:layout_width=\"fill_parent\"
android:layout_height=\"wrap_content\" android:id=\"@+id/tvOutput\" />
</LinearLayout>
package cc.ndl.testencryption;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
public class Crypto {
Cipher ecipher;
Cipher dcipher;
// 8-byte Salt
byte[] salt = { 1,5,7,8,3,6 };
// Iteration count
int iterationCount = 1979;
Crypto(String passPhrase) {
try {
// Create the key
KeySpec keySpec = new PBEKeySpec(passPhrase.toCharArray(),salt,iterationCount);
SecretKey key = SecretKeyFactory.getInstance(
\"PBEWITHSHA256AND128BITAES-CBC-BC\").generateSecret(keySpec);
ecipher = Cipher.getInstance(key.getAlgorithm());
dcipher = Cipher.getInstance(key.getAlgorithm());
// Prepare the parameter to the ciphers
AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt,iterationCount);
// Create the ciphers
ecipher.init(Cipher.ENCRYPT_MODE,key,paramSpec);
dcipher.init(Cipher.DECRYPT_MODE,paramSpec);
} catch (Exception e) {
}
}
public String encrypt(String str) {
String rVal;
try {
// Encode the string into bytes using utf-8
byte[] utf8 = str.getBytes(\"UTF8\");
// Encrypt
byte[] enc = ecipher.doFinal(utf8);
// Encode bytes to base64 to get a string
rVal = toHex(enc);
} catch (Exception e) {
rVal = \"Error encrypting: \" + e.getMessage();
}
return rVal;
}
public String decrypt(String str) {
String rVal;
try {
// Decode base64 to get bytes
byte[] dec = toByte(str);
// Decrypt
byte[] utf8 = dcipher.doFinal(dec);
// Decode using utf-8
rVal = new String(utf8,\"UTF8\");
} catch (Exception e) {
rVal = \"Error encrypting: \" + e.getMessage();
}
return rVal;
}
private static byte[] toByte(String hexString) {
int len = hexString.length() / 2;
byte[] result = new byte[len];
for (int i = 0; i < len; i++)
result[i] = Integer.valueOf(hexString.substring(2 * i,2 * i + 2),16).byteValue();
return result;
}
private static String toHex(byte[] buf) {
if (buf == null)
return \"\";
StringBuffer result = new StringBuffer(2 * buf.length);
for (int i = 0; i < buf.length; i++) {
appendHex(result,buf[i]);
}
return result.toString();
}
private final static String HEX = \"0123456789ABCDEF\";
private static void appendHex(StringBuffer sb,byte b) {
sb.append(HEX.charAt((b >> 4) & 0x0f)).append(HEX.charAt(b & 0x0f));
}
}