问题描述
我的应用程序在Windows中工作,但在Linux中失败,配置:
- JDK版本:1.6
- Windows:版本7
- Linux:CentOS 5.8 64bit
我的代码如下:
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class SecurityKey {
private static Key key = null;
private static String encode =UTF-8;
private static String cipherKey =DES / ECB / PKCS5Padding;
static {
try {
KeyGenerator generator = KeyGenerator.getInstance(DES);
String seedStr =test;
generator.init(new SecureRandom(seedStr.getBytes()));
key = generator.generateKey();
} catch(Exception e){
}
}
// SecurityKey.decodeKey(password)
public static String decodeKey(String str )throws Exception {
if(str == null)
return str;
密码加密= null;
byte [] raw = null;
BASE64Decoder decoder = new BASE64Decoder();
String result = null;
cipher = Cipher.getInstance(cipherKey);
cipher.init(Cipher.DECRYPT_MODE,key);
raw = decoder.decodeBuffer(str);
byte [] stringBytes = null;
stringBytes = cipher.doFinal(raw); //异常!!!!
result = new String(stringBytes,encode);
返回结果;
}
}
在行:
ciper.doFilnal(raw);
抛出以下异常:
javax.crypto.BadPaddingException:给定最终块未正确填充
如何解决这个问题?
答案在于 SecureRandom
播种可能因特定的运行时间而异。大多数时候你会得到SHA1PRNG
,不会立即播种。相反,您可以在请求任何随机之前调用 setSeed()
,在这种情况下,种子仅用作熵源。在这种情况下,您的密钥将永远是一样的。
问题是没有定义哪个 SecureRandom
是回。你可能会得到一个完全不同的平台特定的实现,上述不是真的。如果另一个提供商优先,您可能不会得到Sun提供商的一个。
然后,种子存在问题。在调用 getBytes()
期间,种子使用 seedStr
变量的平台默认编码。由于编码可能不同,种子可能不同,因此结果也会有所不同。
尝试使用诸如PBKDF2之类的函数进行键推导;有关如何处理的stackoverflow有足够的。
My application works in windows, but fails in Linux with Given final block not properly padded
exception.
Configuration:
- JDK Version: 1.6
- Windows : version 7
- Linux : CentOS 5.8 64bit
My code is below:
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class SecurityKey {
private static Key key = null;
private static String encode = "UTF-8";
private static String cipherKey = "DES/ECB/PKCS5Padding";
static {
try {
KeyGenerator generator = KeyGenerator.getInstance("DES");
String seedStr = "test";
generator.init(new SecureRandom(seedStr.getBytes()));
key = generator.generateKey();
} catch(Exception e) {
}
}
// SecurityKey.decodeKey("password")
public static String decodeKey(String str) throws Exception {
if(str == null)
return str;
Cipher cipher = null;
byte[] raw = null;
BASE64Decoder decoder = new BASE64Decoder();
String result = null;
cipher = Cipher.getInstance(cipherKey);
cipher.init(Cipher.DECRYPT_MODE, key);
raw = decoder.decodeBuffer(str);
byte[] stringBytes = null;
stringBytes = cipher.doFinal(raw); // Exception!!!!
result = new String(stringBytes, encode);
return result;
}
}
At the line:
ciper.doFilnal(raw);
the following exception is thrown:
javax.crypto.BadPaddingException: Given final block not properly padded
How can I fix this issue?
The answer lies in the fact that SecureRandom
seeding may be different for specific runtimes. Most of the time you will get "SHA1PRNG"
, which won't get seeded immediately. Instead, you can call setSeed()
before requesting any random, and in that case that seed is used as only source of entropy. In this case your key will always be the same.
The problem is that it is not defined which SecureRandom
is returned. You may get an entirely different, platform specific implementation for which the above is not true. You may not get the one of the Sun provider, if another provider takes precedence.
Then there is the issue with the seed. The seed used the platform default encoding for the seedStr
variable during the call to getBytes()
. As the encodings may differ, the seeds may differ and thus the result will differ as well.
Try to use a function such as PBKDF2 instead for key derivation; there is enough on stackoverflow on how to procede.
这篇关于例外:“给定最终块未正确填充”在Linux中,但它在Windows中起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!