什么是openssl的“aes-256-cfb”的Java名称?
我正在使用openssl的aes-256-cfbalgorithm(来自NodeJS的encryption模块)。
虽然NodeJS和Java代码都能成功地对数据进行encryption和解密,但密文是不同的,即使iv,密钥和明文都是相同的。
openssl/NodeJS cipherText: 05c2aad7bac42ed0846e9a52ce73df9ff9d7ff914feea49fed27d55ad690782a43107914c1b307ec92753227728c95b8e59c546d Java cipherText: 05C2AAD7BAC42ED084739340D47CEC9F03D8E94AC7B1E11A56A6654F76AD2C8076BCA162303E39B44D043732E98FDD28C52D 我猜测openssl的aes-256-cfb转换为Java的AES/CFB/NoPadding 。
密文共享相同的最初的9个字节,这是奇怪的 – 我会期望他们共享前16个字节,如果在使用的共同模式有所不同。 (我希望“共同模式”是CFB / CBC / CTR /等的统称)。
- Java的
AES/CFB/NoPadding是OpenSSL的aes-256-cfb的正确翻译吗? - 是否存在共同的前九个字节意味着Java的
AES/CFB/NoPadding至less使用AES256,而不是AES128? - 如果是这样,还有什么可能解释不同的密文?
testing用例如下:
OpenSSL的/的NodeJS:
var assert = require('assert'); var crypto = require('crypto'); describe('crypto', function() { it('should work', function () { var plainText = new Buffer('a secret plainText which has more than sixteen bytes'); var key = new Buffer('fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210', 'hex'); var iv = new Buffer('0123456789abcdef0123456789abcdef', 'hex'); var cipher = crypto.createCipheriv('aes-256-cfb', key, iv); var decipher = crypto.createDecipheriv('aes-256-cfb', key, iv); var cipherText = cipher.update(plainText); cipher.final(); // no need to use this value with cfb, it seems to always be empty? assert.equal(plainText.length, cipherText.length); assert.equal('05c2aad7bac42ed0846e9a52ce73df9ff9d7ff914feea49fed27d55ad690782a43107914c1b307ec92753227728c95b8e59c546d', cipherText.toString('hex')); var deciphered = decipher.update(cipherText); decipher.final(); // no need to use value this with cfb, it seems to always be empty? assert.equal(plainText, deciphered.toString('utf8')); }); });
的Java / Android的:
import android.test.InstrumentationTestCase; import com.google.protobuf.ByteString; import bit.Twiddling; import java.security.AlgorithmParameters; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; public class CryptoTest extends InstrumentationTestCase { public void test_encrypt_and_decrypt() throws Exception { byte[] plainText = "a secret message which has more than sixteen bytes".getBytes(); byte[] key = Twiddling.hexStringBEToBytes("fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210"); byte[] iv = Twiddling.hexStringBEToBytes("0123456789abcdef0123456789abcdef");//0123456789abcdef0123456789abcdef"); SecretKeySpec aesSecret = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance("AES/CFB/NoPadding"); Cipher decipher = Cipher.getInstance("AES/CFB/NoPadding"); IvParameterSpec ivps = new IvParameterSpec(iv); assertEquals(16, iv.length); cipher.init(Cipher.ENCRYPT_MODE, aesSecret, ivps); byte[] cipherText = cipher.doFinal(plainText); assertEquals(plainText.length, cipherText.length); assertEquals("05C2AAD7BAC42ED084739340D47CEC9F03D8E94AC7B1E11A56A6654F76AD2C8076BCA162303E39B44D043732E98FDD28C52D", Twiddling.bytesToHexStringBE(cipherText)); decipher.init(Cipher.DECRYPT_MODE, aesSecret, ivps); byte[] deciphered = decipher.doFinal(cipherText); assertEquals(new String(plainText), new String(deciphered)); } }
这是一个查找/replace错误 – 两个plainTexts在前九个字节后有所不同。
OpenSSL的aes-256-cfb Java名称是 AES/CFB/NoPadding 。