用Jasypt通过PBKDF2WithHmacSHA1密钥进行基

用Jasypt通过PBKDF2WithHmacSHA1密钥进行基

本文介绍了使用Jasypt通过PBKDF2WithHmacSHA1密钥进行基于密码的AES加密的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在实现一种工作的加密机制,安全人员的要求如下:

I'm implementing an encryption mechanism where I work, and the security guy's demands are as follows:


  1. 创建256位密钥

  2. 应使用SecureRandom.getInstance( SHA1PRNG);

  3. 加密来生成盐

我正在尝试使用Jasypt的 StandardPBEStringEncryptor

I'm trying to use Jasypt's StandardPBEStringEncryptor class

encryptor.setPassword(PASSWORD);
encryptor.setAlgorithm("AES/CBC/PKCS5Padding");
encryptor.setKeyObtentionIterations(20000);
encryptor.setSaltGenerator(new RandomSaltGenerator());
encryptor.encrypt("something");

执行此操作时,出现以下异常:

When I do this I get the following exception:

我错误地使用Jasypt?我在这里想念什么?

Am I using Jasypt incorrectly? What am I missing here?

谢谢

推荐答案

我结束了请联系Jasypt的首席程序员DanielFernández和他的答案:

I ended up contacting Daniel Fernández who is Jasypt's lead programmer and his answer:

我使用了这段Java代码来执行此操作(没有Jasypt):

I used this bit of java code for doing this (Without Jasypt):

public String encrypt(final String message) {
  final byte[] salt = generateSalt();
  final Key key = createKey(salt);

  final Cipher encryptingCipher = createCipher(Cipher.ENCRYPT_MODE, key, salt);
  final byte[] messageBytes = message.getBytes(StandardCharsets.UTF_8);
  final byte[] encryptedBytes = doFinal(encryptingCipher, messageBytes);
  final byte[] data = ArrayUtils.addAll(salt, encryptedBytes);
  return BaseEncoding.base64().encode(data);
}

private byte[] generateSalt() {
  final SecureRandom secureRandom = new SecureRandom();
  final byte[] salt = new byte[SALT_LENGTH];
  secureRandom.nextBytes(salt);
  return salt;
}

private Key createKey(final byte[] salt) {
  final PBEKeySpec spec = new PBEKeySpec(PASSWORD,
                                       salt,
                                       ITERATIONS,
                                       KEY_LENGTH);
  final SecretKey secretKey;
  try {
    secretKey = keyFactory.generateSecret(spec);
  } catch (final InvalidKeySpecException e) {
    throw new RuntimeException("Error creating SecretKey", e);
  }
  final SecretKeySpec result = new SecretKeySpec(secretKey.getEncoded(), ALGORITHM);
  spec.clearPassword();
  return result;
}

这篇关于使用Jasypt通过PBKDF2WithHmacSHA1密钥进行基于密码的AES加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-30 18:29