版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/fyq201749/article/details/81504251
众所周知,java填充方式没有PKCS7Padding,而且java使用PKCS5Padding填充最后加密的结果也跟Python等语言加密的结果不太一样,往往只有前半段相同,后半段不同,像openresty默认的填充方式是PKCS7Padding,那么java的加密结果跟lua的加密结果就更对不上了,对于两者交互产生了很大的问题。本文为了解决这个问题,使用java的NoPadding和自己实现的PKCS7Padding来完成AES/CBC/PKCS7Padding填充加密。下面上代码:
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import Decoder.BASE64Encoder;
import Decoder.BASE64Decoder;
import com.alibaba.fastjson.JSONObject;
public class Test {
private String ALGO = "AES";
private String ALGO_MODE = "AES/CBC/NoPadding";
private String akey = "11111111111111111111111111111111";
private String aiv = "22222222222222222222222222222222";
public static void main(String[] args) throws Exception {
Test aes = new Test();//创建AES
JSONObject data = new JSONObject();//创建Json的加密对象
data.put("haha", "hehe");
System.out.println("原始数据:"+data.toJSONString());
String rstData = pkcs7padding(data.toJSONString());//进行PKCS7Padding填充
String passwordEnc = aes.encrypt(rstData);//进行java的AES/CBC/NoPadding加密
String passwordDec = aes.decrypt(passwordEnc);//解密
System.out.println("加密之后的字符串:"+passwordEnc);
System.out.println("解密后的数据:"+passwordDec);
}
public String encrypt(String Data) throws Exception {
try {
byte[] iv = toByteArray(aiv);//因为要求IV为16byte,而此处aiv串为32位字符串,所以将32位字符串转为16byte
Cipher cipher = Cipher.getInstance(ALGO_MODE);
int blockSize = cipher.getBlockSize();
byte[] dataBytes = Data.getBytes();
int plaintextLength = dataBytes.length;
if (plaintextLength % blockSize != 0) {
plaintextLength = plaintextLength + (blockSize - (plaintextLength % blockSize));
}
byte[] plaintext = new byte[plaintextLength];
System.arraycopy(dataBytes, 0, plaintext, 0, dataBytes.length);
SecretKeySpec keyspec = new SecretKeySpec(akey.getBytes("utf-8"), ALGO);
IvParameterSpec ivspec = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, keyspec, ivspec);
byte[] encrypted = cipher.doFinal(plaintext);
String EncStr = (new BASE64Encoder()).encode(encrypted);//将cipher加密后的byte数组用base64加密生成字符串
return EncStr ;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
public String decrypt(String encryptedData) throws Exception {
try {
byte[] encrypted1 = (new BASE64Decoder()).decodeBuffer(encryptedData);
byte[] iv = toByteArray(aiv);
Cipher cipher = Cipher.getInstance(ALGO_MODE);
SecretKeySpec keyspec = new SecretKeySpec(akey.getBytes("utf-8"), ALGO);
IvParameterSpec ivspec = new IvParameterSpec(iv);
cipher.init(Cipher.DECRYPT_MODE, keyspec, ivspec);
byte[] original = cipher.doFinal(encrypted1);
String originalString = new String(original);
return originalString.trim();//此处添加trim()是为了去除多余的填充字符,就不用去填充了,具体有什么问题我还没有遇到,有强迫症的同学可以自己写一个PKCS7UnPadding函数
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
//此函数是将字符串每两个字符合并生成byte数组
public static byte[] toByteArray(String hexString) {
hexString = hexString.toLowerCase();
final byte[] byteArray = new byte[hexString.length() >> 1];
int index = 0;
for (int i = 0; i < hexString.length(); i++) {
if (index > hexString.length() - 1)
return byteArray;
byte highDit = (byte) (Character.digit(hexString.charAt(index), 16) & 0xFF);
byte lowDit = (byte) (Character.digit(hexString.charAt(index + 1), 16) & 0xFF);
byteArray[i] = (byte) (highDit << 4 | lowDit);
index += 2;
}
System.out.println(byteArray.length);
return byteArray;
}
//此函数是pkcs7padding填充函数
public static String pkcs7padding(String data) {
int bs = 16;
int padding = bs - (data.length() % bs);
String padding_text = "";
for (int i = 0; i < padding; i++) {
padding_text += (char)padding;
}
return data+padding_text;
}
}
下面是java测试结果:
下面上python代码:
from Crypto.Cipher import AES
import base64
import os
BLOCK_SIZE = 16
key = '11111111111111111111111111111111'
iv = "22222222222222222222222222222222"
def pkcs7padding(data):
bs = AES.block_size
padding = bs - len(data) % bs
padding_text = chr(padding) * padding
return data + padding_text
def pkcs7unpadding(data):
lengt = len(data)
unpadding = data[lengt - 1]
return data[0 : lengt - unpadding]
def convert_hex_to_string(hex_string):
string = ''
for pos in range(0, len(hex_string), 2):
string += str(chr(int(hex_string[pos:pos+2], 16)))
return string
def encrypt_aes(sourceStr, iv):
generator = AES.new(key, AES.MODE_CBC, iv)
crypt = generator.encrypt(pkcs7padding(sourceStr))
cryptedStr = base64.b64encode(crypt)
return cryptedStr
def decrypt_aes(cryptedStr, iv):
generator = AES.new(key, AES.MODE_CBC, iv)
cryptedStr = base64.b64decode(cryptedStr)
recovery = generator.decrypt(cryptedStr)
decryptedStr = pkcs7unpadding(recovery)
return decryptedStr
sourceStr = '{"haha":"hehe"}'
print("原始数据:", sourceStr)
rstiv = convert_hex_to_string(iv)
print("加密后的字符串:", encrypt_aes(sourceStr, rstiv))
print("解密后的数据:", decrypt_aes(encrypt_aes(sourceStr, rstiv), rstiv))
下面是python测试结果:
可以看到java和python统一了加密结果。