我正在测试ESAPI中的基本内容,遇到了this symmetric encryption tutorial并复制并粘贴了代码(以及在Eclipse的'src'目录中导入ESAPI 2.1.0 jar文件,ESAPI.properties和validation.properties的信息)
教程中修改的代码:
import org.owasp.esapi.crypto.CipherText;
import org.owasp.esapi.crypto.PlainText;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.reference.crypto.JavaEncryptor;
public class ESAPIsymEncTester {
public static void main(String[] args) throws EncryptionException{
String myplaintext = "My plaintext";
CipherText ciphertext =
JavaEncryptor.getInstance().encrypt( new PlainText(myplaintext) );
PlainText recoveredPlaintext = JavaEncryptor.getInstance().decrypt(ciphertext);
assert myplaintext.equals( recoveredPlaintext.toString() );
System.out.println("recovered plaintext: " + recoveredPlaintext.toString());
}
}
但是,当我使用Java 1.8在Eclipse Luna中运行此代码时,会得到以下堆栈跟踪:
Exception in thread "main" org.owasp.esapi.errors.EncryptionException: Encryption failure: Invalid key exception.
at org.owasp.esapi.reference.crypto.JavaEncryptor.encrypt(JavaEncryptor.java:526)
at org.owasp.esapi.reference.crypto.JavaEncryptor.encrypt(JavaEncryptor.java:338)
at com.fate.engine.test.ESAPIsymEncTester.main(ESAPIsymEncTester.java:15)
Caused by: java.security.InvalidKeyException: Invalid AES key length: 96 bytes
at com.sun.crypto.provider.AESCipher.engineGetKeySize(AESCipher.java:495)
at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1062)
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1033)
at javax.crypto.Cipher.init(Cipher.java:1367)
at javax.crypto.Cipher.init(Cipher.java:1301)
at org.owasp.esapi.reference.crypto.JavaEncryptor.encrypt(JavaEncryptor.java:504)
... 2 more
我不确定这是否是JavaEncryptor.java代码中的错误,还是我从ESAPI.properties文件中提取了配置错误的内容。
我通过运行JavaEncryptor并复制/粘贴生成的密钥/盐来替换主密钥和盐。
如果是错误,我将通过电子邮件发送给ESAPI的人员,以阐明如何解决该错误,因为我查看了JavaEncryptor代码,但不清楚所有内容的来源。
Encryptor.MasterKey = WppLubGgsc / p6HhvcPf2LA ==
Encryptor.MasterSalt = YokRN9mjMUTZspEbzBY90NA6EC8 =
Encryptor.PreferredJCEProvider =
Encryptor.EncryptionAlgorithm = AES
Encryptor.CipherTransformation = AES / CBC / PKCS5Padding
Encryptor.cipher_modes.combined_modes = GCM,CCM,IAPM,EAX,OCB,CWC
Encryptor.cipher_modes.additional_allowed = CBC
Encryptor.EncryptionKeyLength = 128
Encryptor.ChooseIVMethod =随机
Encryptor.fixedIV = 0x000102030405060708090a0b0c0d0e0f
Encryptor.CipherText.useMAC = true
Encryptor.PlainText.overwrite = true
Encryptor.HashAlgorithm = SHA-512 *****
Encryptor.HashIterations = 1024
Encryptor.DigitalSignatureAlgorithm = SHA1withDSA
Encryptor.DigitalSignatureKeyLength = 1024
Encryptor.RandomAlgorithm = SHA1PRNG
Encryptor.CharacterEncoding = UTF-8
Encryptor.KDF.PRF = HmacSHA1 *****
最佳答案
您忘记将日志中最重要的部分放入问题中:
Dec 11, 2015 8:05:24 AM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log
WARNING: [SECURITY FAILURE Anonymous:null@unknown -> /JavaEncryptor] Encryption key length mismatch. ESAPI.EncryptionKeyLength is 128 bits, but length of actual encryption key is 24 bits. Did you remember to regenerate your master key (if that is what you are using)???
这是图书馆希望您执行的某些操作的线索。
在我看来,您可能在
esapi.properties中设置了默认的加密器属性:Encryptor.MasterKey=owasp1
Encryptor.MasterSalt=testtest
类
JavaEncryptor有一个main方法,它将为您生成有效的属性。在Eclipse中或通过命令行运行它。它将为您提供替换在esapi.properties中的值,如下所示:Dec 11, 2015 8:10:25 AM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log
OFF: [SECURITY AUDIT Anonymous:null@unknown -> /SecurityProviderLoader] No Encryptor.PreferredJCEProvider specified.
SecurityConfiguration for Encryptor.EncryptionKeyLength not an integer in ESAPI.properties. Using default: 128
Generating a new secret master key
use '-print' to also show available crypto algorithms from all the security providers
SecurityConfiguration for Encryptor.EncryptionKeyLength not an integer in ESAPI.properties. Using default: 128
Copy and paste these lines into your ESAPI.properties
#==============================================================
Encryptor.MasterKey=qW0Qw+8eb1Zu1MBv5djwqA==
Encryptor.MasterSalt=b0VappFU1Hd6LjIt+TGYqQlfrdU=
#==============================================================
一旦做到这一点,您的代码示例就可以正常运行。
关于java - 使用JavaEncryptor的ESAPI对称加密,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/34209139/