执行 PBKDF2WithHmacSHA256 + AES/GCM/NoPadding throwing: javax.crypto.AEADBadTagException: mac check in GCM failed 的最小示例
Minimal example of doing PBKDF2WithHmacSHA256 + AES/GCM/NoPadding throwing: javax.crypto.AEADBadTagException: mac check in GCM failed
我在 Java 中写了这个加密和解密的最小示例,使用 Bouncy Castle,PBKDF2WithHmacSHA256 从密码和 AES/GCM/NoPadding 到 encrypt/verify 有效载荷派生密钥:
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import tech.dashman.dashman.crypto.Util;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Arrays;
public class Scratch {
public static void main(String[] args) throws Exception {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
String password = "password";
String payload = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean in tincidunt metus. Nam nec diam sed velit blandit porta quis et augue. Praesent imperdiet, nulla vel aliquam porta, dui nisi dictum justo, pellentesque elementum purus orci at leo. Duis scelerisque, urna sit amet fringilla interdum, mauris felis sagittis eros, eleifend tincidunt risus nulla ut erat. Aliquam id sapien non neque rutrum lacinia at vitae lorem. Vivamus quis ligula nunc. Aenean facilisis pretium leo, vitae gravida quam ultrices et. Ut venenatis eros in justo semper fermentum. Pellentesque convallis lectus urna, fringilla rhoncus metus faucibus quis. Sed eu rhoncus tortor. Donec lacinia tempor elementum.";
int keyLength = 256;
int saltLength = keyLength / 8; // It's bytes, not bits.
int iterations = 65536;
byte[] salt = new SecureRandom().generateSeed(saltLength);
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations, keyLength);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256", "BC");
SecretKey passwordKey = secretKeyFactory.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, passwordKey);
byte[] iv = cipher.getIV();
System.out.println(Arrays.toString(cipher.getIV()));
byte[] cipherText = cipher.doFinal(payload.getBytes());
System.out.println(Base64.toBase64String(cipherText));
keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations, keyLength);
secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256", "BC");
passwordKey = secretKeyFactory.generateSecret(keySpec);
cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
cipher.init(Cipher.DECRYPT_MODE, passwordKey, new IvParameterSpec(iv));
System.out.println(Arrays.toString(cipher.getIV()));
byte[] plainText = cipher.doFinal(payload.getBytes());
System.out.println(new String(plainText));
}
}
但它不起作用。我收到此异常:
Exception in thread "main" javax.crypto.AEADBadTagException: mac check in GCM failed
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.doFinal(Unknown Source)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Cipher.java:2165)
at tech.dashman.dashman.Scratch.main(Scratch.java:51)
为了以防万一,我已经验证了两种密码的初始向量相同。我还缺少什么?
您正在尝试解密明文而不是密文。倒数第二行:
byte[] plainText = cipher.doFinal(payload.getBytes());
应该是:
byte[] plainText = cipher.doFinal(cipherText);
我在 Java 中写了这个加密和解密的最小示例,使用 Bouncy Castle,PBKDF2WithHmacSHA256 从密码和 AES/GCM/NoPadding 到 encrypt/verify 有效载荷派生密钥:
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import tech.dashman.dashman.crypto.Util;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Arrays;
public class Scratch {
public static void main(String[] args) throws Exception {
Security.insertProviderAt(new BouncyCastleProvider(), 1);
String password = "password";
String payload = "Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean in tincidunt metus. Nam nec diam sed velit blandit porta quis et augue. Praesent imperdiet, nulla vel aliquam porta, dui nisi dictum justo, pellentesque elementum purus orci at leo. Duis scelerisque, urna sit amet fringilla interdum, mauris felis sagittis eros, eleifend tincidunt risus nulla ut erat. Aliquam id sapien non neque rutrum lacinia at vitae lorem. Vivamus quis ligula nunc. Aenean facilisis pretium leo, vitae gravida quam ultrices et. Ut venenatis eros in justo semper fermentum. Pellentesque convallis lectus urna, fringilla rhoncus metus faucibus quis. Sed eu rhoncus tortor. Donec lacinia tempor elementum.";
int keyLength = 256;
int saltLength = keyLength / 8; // It's bytes, not bits.
int iterations = 65536;
byte[] salt = new SecureRandom().generateSeed(saltLength);
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations, keyLength);
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256", "BC");
SecretKey passwordKey = secretKeyFactory.generateSecret(keySpec);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, passwordKey);
byte[] iv = cipher.getIV();
System.out.println(Arrays.toString(cipher.getIV()));
byte[] cipherText = cipher.doFinal(payload.getBytes());
System.out.println(Base64.toBase64String(cipherText));
keySpec = new PBEKeySpec(password.toCharArray(), salt, iterations, keyLength);
secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256", "BC");
passwordKey = secretKeyFactory.generateSecret(keySpec);
cipher = Cipher.getInstance("AES/GCM/NoPadding", "BC");
cipher.init(Cipher.DECRYPT_MODE, passwordKey, new IvParameterSpec(iv));
System.out.println(Arrays.toString(cipher.getIV()));
byte[] plainText = cipher.doFinal(payload.getBytes());
System.out.println(new String(plainText));
}
}
但它不起作用。我收到此异常:
Exception in thread "main" javax.crypto.AEADBadTagException: mac check in GCM failed
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.doFinal(Unknown Source)
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Cipher.java:2165)
at tech.dashman.dashman.Scratch.main(Scratch.java:51)
为了以防万一,我已经验证了两种密码的初始向量相同。我还缺少什么?
您正在尝试解密明文而不是密文。倒数第二行:
byte[] plainText = cipher.doFinal(payload.getBytes());
应该是:
byte[] plainText = cipher.doFinal(cipherText);