有没有关于如何在Android上使用AES加密和解密图像和其他文件的好例子?
使用AES256对称块密码进行图像加密/解密
109
- hardartcore
2
7在Android上进行加密与在任何其他Java SE平台上进行加密没有根本的区别。由于下面的所有答案都不安全,因此您必须在开始实施或借用加密示例之前了解密码学。 - Maarten Bodewes
4你应该尝试这个 https://github.com/facebook/conceal。 - Nhat Dinh
10个回答
132
警告:本答案包含不安全的代码(使用SHA1PRNG进行密钥派生并在ECB模式下使用AES)
相反(自2016年起),请使用PBKDF2WithHmacSHA1进行密钥派生,使用CBC或GCM模式的AES(GCM同时提供隐私和完整性保护)
您可以使用以下函数:
private static byte[] encrypt(byte[] raw, byte[] clear) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(clear);
return encrypted;
}
private static byte[] decrypt(byte[] raw, byte[] encrypted) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(encrypted);
return decrypted;
}
然后像这样调用它们:
ByteArrayOutputStream baos = new ByteArrayOutputStream();
bm.compress(Bitmap.CompressFormat.PNG, 100, baos); // bm is the bitmap object
byte[] b = baos.toByteArray();
byte[] keyStart = "this is a key".getBytes();
KeyGenerator kgen = KeyGenerator.getInstance("AES");
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.setSeed(keyStart);
kgen.init(128, sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] key = skey.getEncoded();
// encrypt
byte[] encryptedData = encrypt(key,b);
// decrypt
byte[] decryptedData = decrypt(key,encryptedData);
这应该会起作用,我现在的一个项目中使用了类似的代码。
- Nacho L.
20
9嗨,对我来说不起作用,我在解密时遇到了Badpadding异常。 - Sanat Pandey
36【警告】此代码使用了来自Android代码片段的已知不良代码进行密钥派生。除非您想要丢失数据,否则不要使用它。一个带有种子的随机数生成器(RNG)不是一个好的密钥派生函数(KDF)。 - Maarten Bodewes
2警告:在Android N中,我们正在废弃SHA1PRNG算法和Crypto提供程序的实现。请访问以下链接获取更多信息:https://android-developers.googleblog.com/2016/06/security-crypto-provider-deprecated-in.html - mavixce
13@Maarten Bodewes 我看到你在很多帖子下都发出了警告。你能否提供一个好的解决方案呢? - Yar
显示剩余15条评论
21
正如Nacho.L所提到的,PBKDF2WithHmacSHA1 推导函数被使用是因为它更加安全。
import android.util.Base64;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class AESEncyption {
private static final int pswdIterations = 10;
private static final int keySize = 128;
private static final String cypherInstance = "AES/CBC/PKCS5Padding";
private static final String secretKeyInstance = "PBKDF2WithHmacSHA1";
private static final String plainText = "sampleText";
private static final String AESSalt = "exampleSalt";
private static final String initializationVector = "8119745113154120";
public static String encrypt(String textToEncrypt) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(getRaw(plainText, AESSalt), "AES");
Cipher cipher = Cipher.getInstance(cypherInstance);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(initializationVector.getBytes()));
byte[] encrypted = cipher.doFinal(textToEncrypt.getBytes());
return Base64.encodeToString(encrypted, Base64.DEFAULT);
}
public static String decrypt(String textToDecrypt) throws Exception {
byte[] encryted_bytes = Base64.decode(textToDecrypt, Base64.DEFAULT);
SecretKeySpec skeySpec = new SecretKeySpec(getRaw(plainText, AESSalt), "AES");
Cipher cipher = Cipher.getInstance(cypherInstance);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, new IvParameterSpec(initializationVector.getBytes()));
byte[] decrypted = cipher.doFinal(encryted_bytes);
return new String(decrypted, "UTF-8");
}
private static byte[] getRaw(String plainText, String salt) {
try {
SecretKeyFactory factory = SecretKeyFactory.getInstance(secretKeyInstance);
KeySpec spec = new PBEKeySpec(plainText.toCharArray(), salt.getBytes(), pswdIterations, keySize);
return factory.generateSecret(spec).getEncoded();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return new byte[0];
}
}
- Abiranjan
1
4这个推导确实好得多。但是现在你正在使用静态IV、静态盐并且迭代次数太低。如果没有警告,结果仍然是不安全的。加密很难做到完全正确... - Maarten Bodewes
12
import java.security.AlgorithmParameters;
import java.security.SecureRandom;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
class SecurityUtils {
private static final byte[] salt = { (byte) 0xA4, (byte) 0x0B, (byte) 0xC8,
(byte) 0x34, (byte) 0xD6, (byte) 0x95, (byte) 0xF3, (byte) 0x13 };
private static int BLOCKS = 128;
public static byte[] encryptAES(String seed, String cleartext)
throws Exception {
byte[] rawKey = getRawKey(seed.getBytes("UTF8"));
SecretKeySpec skeySpec = new SecretKeySpec(rawKey, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
return cipher.doFinal(cleartext.getBytes("UTF8"));
}
public static byte[] decryptAES(String seed, byte[] data) throws Exception {
byte[] rawKey = getRawKey(seed.getBytes("UTF8"));
SecretKeySpec skeySpec = new SecretKeySpec(rawKey, "AES");
Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
return cipher.doFinal(data);
}
private static byte[] getRawKey(byte[] seed) throws Exception {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
sr.setSeed(seed);
kgen.init(BLOCKS, sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] raw = skey.getEncoded();
return raw;
}
private static byte[] pad(byte[] seed) {
byte[] nseed = new byte[BLOCKS / 8];
for (int i = 0; i < BLOCKS / 8; i++)
nseed[i] = 0;
for (int i = 0; i < seed.length; i++)
nseed[i] = seed[i];
return nseed;
}
public static byte[] encryptPBE(String password, String cleartext)
throws Exception {
SecretKeyFactory factory = SecretKeyFactory
.getInstance("PBKDF2WithHmacSHA1");
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1024, 256);
SecretKey tmp = factory.generateSecret(spec);
SecretKey secret = new SecretKeySpec(tmp.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, secret);
AlgorithmParameters params = cipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
return cipher.doFinal(cleartext.getBytes("UTF-8"));
}
public static String decryptPBE(SecretKey secret, String ciphertext,
byte[] iv) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secret, new IvParameterSpec(iv));
return new String(cipher.doFinal(ciphertext.getBytes()), "UTF-8");
}
}
- Ashok Domadiya
7
4以上代码在 Android 4.2 上会抛出 BadPaddingException 异常。 - Brijesh Thakur
14警告 这段代码使用了来自Android Snippets的已知有问题的代码进行密钥派生。除非您想要丢失数据,否则不要使用它。带种子的随机数生成器(RNG)不是一个好的密钥派生函数(KDF)。 - Maarten Bodewes
显示剩余2条评论
11
对于AES/CBC/PKCS7加密/解密,只需复制并粘贴以下代码,并将其中的SecretKey和IV替换为您自己的即可。
import java.io.UnsupportedEncodingException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import android.util.Base64;
public class CryptoHandler {
String SecretKey = "xxxxxxxxxxxxxxxxxxxx";
String IV = "xxxxxxxxxxxxxxxx";
private static CryptoHandler instance = null;
public static CryptoHandler getInstance() {
if (instance == null) {
instance = new CryptoHandler();
}
return instance;
}
public String encrypt(String message) throws NoSuchAlgorithmException,
NoSuchPaddingException, IllegalBlockSizeException,
BadPaddingException, InvalidKeyException,
UnsupportedEncodingException, InvalidAlgorithmParameterException {
byte[] srcBuff = message.getBytes("UTF8");
//here using substring because AES takes only 16 or 24 or 32 byte of key
SecretKeySpec skeySpec = new
SecretKeySpec(SecretKey.substring(0,32).getBytes(), "AES");
IvParameterSpec ivSpec = new
IvParameterSpec(IV.substring(0,16).getBytes());
Cipher ecipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
ecipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivSpec);
byte[] dstBuff = ecipher.doFinal(srcBuff);
String base64 = Base64.encodeToString(dstBuff, Base64.DEFAULT);
return base64;
}
public String decrypt(String encrypted) throws NoSuchAlgorithmException,
NoSuchPaddingException, InvalidKeyException,
InvalidAlgorithmParameterException, IllegalBlockSizeException,
BadPaddingException, UnsupportedEncodingException {
SecretKeySpec skeySpec = new
SecretKeySpec(SecretKey.substring(0,32).getBytes(), "AES");
IvParameterSpec ivSpec = new
IvParameterSpec(IV.substring(0,16).getBytes());
Cipher ecipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
ecipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec);
byte[] raw = Base64.decode(encrypted, Base64.DEFAULT);
byte[] originalBytes = ecipher.doFinal(raw);
String original = new String(originalBytes, "UTF8");
return original;
}
}
- Sujeet
3
你能添加一个可以对文件进行编码的函数吗?返回类型将是byte[]。 - Paritosh
1你只需要通过类名调用这些函数。例如,CryptoHandler.encrypt("YOUR STRING That you want to encrypt"),同样地,你也可以调用decrypt()。两个函数都返回字符串。 - Sujeet
3警告:密钥不是字符串,用户不应该自己选择密钥和IV。为了使CBC模式安全,IV应该是不可预测的(与随机数无法区分)。这是你第10次尝试却依然没有理解密码学,并仍想提供“示例”。这仅仅是一份代码答案,没有解释它提供何种安全性。 - Maarten Bodewes
9
虽然这是一个老问题,但我已经升级了支持Android 4.2及以上版本的答案,并考虑了根据Android开发者博客的所有最新更改。
此外,我在我的github存储库中留下了一个可用的示例。
import java.nio.charset.Charset;
import java.security.AlgorithmParameters;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
/*
* This software is provided 'as-is', without any express or implied
* warranty. In no event will Google be held liable for any damages
* arising from the use of this software.
*
* Permission is granted to anyone to use this software for any purpose,
* including commercial applications, and to alter it and redistribute it
* freely, as long as the origin is not misrepresented.
*
* @author: Ricardo Champa
*
*/
public class MyCipher {
private final static String ALGORITHM = "AES";
private String mySecret;
public MyCipher(String mySecret){
this.mySecret = mySecret;
}
public MyCipherData encryptUTF8(String data){
try{
byte[] bytes = data.toString().getBytes("utf-8");
byte[] bytesBase64 = Base64.encodeBase64(bytes);
return encrypt(bytesBase64);
}
catch(Exception e){
MyLogs.show(e.getMessage());
return null;
}
}
public String decryptUTF8(byte[] encryptedData, IvParameterSpec iv){
try {
byte[] decryptedData = decrypt(encryptedData, iv);
byte[] decodedBytes = Base64.decodeBase64(decryptedData);
String restored_data = new String(decodedBytes, Charset.forName("UTF8"));
return restored_data;
} catch (Exception e) {
MyLogs.show(e.getMessage());;
return null;
}
}
//AES
private MyCipherData encrypt(byte[] raw, byte[] clear) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, ALGORITHM);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
//solved using PRNGFixes class
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] data = cipher.doFinal(clear);
AlgorithmParameters params = cipher.getParameters();
byte[] iv = params.getParameterSpec(IvParameterSpec.class).getIV();
return new MyCipherData(data, iv);
}
private byte[] decrypt(byte[] raw, byte[] encrypted, IvParameterSpec iv) throws Exception {
SecretKeySpec skeySpec = new SecretKeySpec(raw, ALGORITHM);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] decrypted = cipher.doFinal(encrypted);
return decrypted;
}
private byte[] getKey() throws Exception{
byte[] keyStart = this.mySecret.getBytes("utf-8");
KeyGenerator kgen = KeyGenerator.getInstance(ALGORITHM);
SecureRandom sr = SecureRandom.getInstance("SHA1PRNG", "Crypto");
// if (android.os.Build.VERSION.SDK_INT >= 17) {
// sr = SecureRandom.getInstance("SHA1PRNG", "Crypto");
// } else {
// sr = SecureRandom.getInstance("SHA1PRNG");
// }
sr.setSeed(keyStart);
kgen.init(128, sr); // 192 and 256 bits may not be available
SecretKey skey = kgen.generateKey();
byte[] key = skey.getEncoded();
return key;
}
////////////////////////////////////////////////////////////
private MyCipherData encrypt(byte[] data) throws Exception{
return encrypt(getKey(),data);
}
private byte[] decrypt(byte[] encryptedData, IvParameterSpec iv) throws Exception{
return decrypt(getKey(),encryptedData, iv);
}
}
- Ricardo
6
http://codingaffairs.blogspot.com/2016/06/aes-encryption-decryption-in-android.html - Developine
@HammadTariqSahi?¿ - Ricardo
使用
android.util.Base64.encode(bytes, Base64.DEFAULT)和android.util.Base64.decode(decryptedData, Base64.DEFAULT),相比于使用Apache Commons Codec库,是否存在任何劣势? - ban-geoengineering2警告:此代码使用了Android片段中已知的恶意代码进行密钥派生。除非你想丢失数据,否则不要使用它。带种子的随机数生成器不是一个好的密钥派生函数(KDF)。(叹气)。 - Maarten Bodewes
1@MaartenBodewes 我应该做哪些更改? - Ricardo
如果您想使用密码,请使用基于密码的密钥派生函数来派生密钥。 - Maarten Bodewes
7
如果您正在加密文本文件,则以下测试/示例可能会有所帮助。它执行以下操作:
- Create a byte stream,
- wraps that with AES encryption,
- wrap it next with text processing
and lastly buffers it
// AESdemo public class AESdemo extends Activity { boolean encryptionIsOn = true; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_aesdemo); // needs <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" /> String homeDirName = Environment.getExternalStorageDirectory().getAbsolutePath() + "/" + getPackageName(); File file = new File(homeDirName, "test.txt"); byte[] keyBytes = getKey("password"); try { File dir = new File(homeDirName); if (!dir.exists()) dir.mkdirs(); if (!file.exists()) file.createNewFile(); OutputStreamWriter osw; if (encryptionIsOn) { Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES"); IvParameterSpec ivParameterSpec = new IvParameterSpec(keyBytes); cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec); FileOutputStream fos = new FileOutputStream(file); CipherOutputStream cos = new CipherOutputStream(fos, cipher); osw = new OutputStreamWriter(cos, "UTF-8"); } else // not encryptionIsOn osw = new FileWriter(file); BufferedWriter out = new BufferedWriter(osw); out.write("This is a test\n"); out.close(); } catch (Exception e) { System.out.println("Encryption Exception "+e); } /////////////////////////////////// try { InputStreamReader isr; if (encryptionIsOn) { Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES"); IvParameterSpec ivParameterSpec = new IvParameterSpec(keyBytes); cipher.init(Cipher.DECRYPT_MODE, secretKeySpec, ivParameterSpec); FileInputStream fis = new FileInputStream(file); CipherInputStream cis = new CipherInputStream(fis, cipher); isr = new InputStreamReader(cis, "UTF-8"); } else isr = new FileReader(file); BufferedReader in = new BufferedReader(isr); String line = in.readLine(); System.out.println("Text read: <"+line+">"); in.close(); } catch (Exception e) { System.out.println("Decryption Exception "+e); } } private byte[] getKey(String password) throws UnsupportedEncodingException { String key = ""; while (key.length() < 16) key += password; return key.substring(0, 16).getBytes("UTF-8"); } }
- SoloPilot
5
8警告 此代码使用默认字符解码的密钥派生机制。除非你想要在解密数据时遇到问题,否则不要使用它。 - Maarten Bodewes
3@owlstead,你的观察很好,如果你能提出修正意见就更好了。上面的例子现在已经更新,getKey()中指定了字符编码。欢迎进一步纠正... - SoloPilot
9抱歉,我主要在这里提供答案,因为他们使用
SecureRandom 进行密钥派生。如果你想知道如何实例化密码器,请查看 Ericksons 在 此处 的回答。不要使用静态 IV(对于相同的密钥),并使用 PBKDF2 进行密码->密钥转换。请注意,非认证密码只提供机密性,仅当它未用于传输协议时才有效。如果你想帮忙,你也可以烧掉其他的答案(并投票支持我在那里的评论) :) - Maarten Bodewes@MaartenBodewes,您“烧掉”了很多答案,但是您没有提出答案。如果您有正确的答案,为什么不在这里写一个呢? - Dika
@Dika,我认为我在上面指出了一个答案。请记住,我是密码学和加密领域回答最多的人之一,领先很多。同时,请记住,我相当反对通用包装库,因为它们只会让人们复制代码,而不是为特定的用例编写代码。Java加密API非常好,虽然有点繁琐。使用它!图像加密没有什么特别之处;它只是基本的文件加密。 - Maarten Bodewes
4
在Android中进行AES加密/解密
String encData= encrypt("keykey".getBytes("UTF-16LE"), ("0123000000000215").getBytes("UTF-16LE"));
String decData= decrypt("keykey",Base64.decode(encData.getBytes("UTF-16LE"), Base64.DEFAULT));
encrypt function
private static String encrypt(byte[] key, byte[] clear) throws Exception
{
MessageDigest md = MessageDigest.getInstance("md5");
byte[] digestOfPassword = md.digest(key);
SecretKeySpec skeySpec = new SecretKeySpec(digestOfPassword, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
byte[] encrypted = cipher.doFinal(clear);
return Base64.encodeToString(encrypted,Base64.DEFAULT);
}
decrypt function
private static String decrypt(String key, byte[] encrypted) throws Exception
{
MessageDigest md = MessageDigest.getInstance("md5");
byte[] digestOfPassword = md.digest(key.getBytes("UTF-16LE"));
SecretKeySpec skeySpec = new SecretKeySpec(digestOfPassword, "AES");
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding");
cipher.init(Cipher.DECRYPT_MODE, skeySpec);
byte[] decrypted = cipher.doFinal(encrypted);
return new String(decrypted, "UTF-16LE");
}
C#中的AES加密/解密
static void Main(string[] args)
{
string enc = encryptAES("0123000000000215", "keykey");
string dec = decryptAES(enc, "keykey");
Console.ReadKey();
}
加密函数
public static string encryptAES(string input, string key)
{
var plain = Encoding.Unicode.GetBytes(input);
// 128 bits
AesCryptoServiceProvider provider = new AesCryptoServiceProvider();
provider.KeySize = 128;
provider.Mode = CipherMode.ECB;
provider.Padding = PaddingMode.PKCS7;
provider.Key = CalculateMD5Hash(key);
var enc = provider.CreateEncryptor().TransformFinalBlock(plain, 0, plain.Length);
return Convert.ToBase64String(enc);
}
decrypt function
public static string decryptAES(string encryptText, string key)
{
byte[] enc = Convert.FromBase64String(encryptText);
// 128 bits
AesCryptoServiceProvider provider = new AesCryptoServiceProvider();
provider.KeySize = 128;
provider.Mode = CipherMode.ECB;
provider.Padding = PaddingMode.PKCS7;
provider.Key = CalculateMD5Hash(key);
var dec = provider.CreateDecryptor().TransformFinalBlock(enc, 0, enc.Length);
return Encoding.Unicode.GetString(dec);
}
创建 MD5
public static byte[] CalculateMD5Hash(string input)
{
MD5 md5 = MD5.Create();
byte[] inputBytes = Encoding.Unicode.GetBytes(input);
return md5.ComputeHash(inputBytes);
}
- Milad Ahmadi
1
1MD5不是密码哈希或基于密码的密钥派生函数。如果您使用密码,请正确使用它。 - Maarten Bodewes
2
这是一个简单的API,用于在Android上执行AES加密。它是AESCrypt库Ruby和Obj-C的Android对应库(具有相同的默认值):
- Hardip
1
7你能否稍微详细解释一下这个库如何用来解决问题?仅仅复制GitHub上的描述并附上链接并不是很有帮助,如果能加上一些说明会更好。 - Jonas Czech
1
这是一个简单的代码片段,用于AES加密和解密。
import android.util.Base64;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
public class AESEncryptionClass {
private static String INIT_VECTOR_PARAM = "#####";
private static String PASSWORD = "#####";
private static String SALT_KEY = "#####";
private static SecretKeySpec generateAESKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
// Prepare password and salt key.
char[] password = new String(Base64.decode(PASSWORD, Base64.DEFAULT)).toCharArray();
byte[] salt = new String(Base64.decode(SALT_KEY, Base64.DEFAULT)).getBytes(StandardCharsets.UTF_8);
// Create object of [Password Based Encryption Key Specification] with required iteration count and key length.
KeySpec spec = new PBEKeySpec(password, salt, 64, 256);
// Now create AES Key using required hashing algorithm.
SecretKey key = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(spec);
// Get encoded bytes of secret key.
byte[] bytesSecretKey = key.getEncoded();
// Create specification for AES Key.
SecretKeySpec secretKeySpec = new SecretKeySpec(bytesSecretKey, "AES");
return secretKeySpec;
}
/**
* Call this method to encrypt the readable plain text and get Base64 of encrypted bytes.
*/
public static String encryptMessage(String message) throws BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException, NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException {
byte[] initVectorParamBytes = new String(Base64.decode(INIT_VECTOR_PARAM, Base64.DEFAULT)).getBytes(StandardCharsets.UTF_8);
Cipher encryptionCipherBlock = Cipher.getInstance("AES/CBC/PKCS5Padding");
encryptionCipherBlock.init(Cipher.ENCRYPT_MODE, generateAESKey(), new IvParameterSpec(initVectorParamBytes));
byte[] messageBytes = message.getBytes();
byte[] cipherTextBytes = encryptionCipherBlock.doFinal(messageBytes);
String encryptedText = Base64.encodeToString(cipherTextBytes, Base64.DEFAULT);
return encryptedText;
}
/**
* Call this method to decrypt the Base64 of encrypted message and get readable plain text.
*/
public static String decryptMessage(String base64Cipher) throws BadPaddingException, IllegalBlockSizeException, NoSuchPaddingException, NoSuchAlgorithmException, UnsupportedEncodingException, InvalidKeySpecException, InvalidAlgorithmParameterException, InvalidKeyException {
byte[] initVectorParamBytes = new String(Base64.decode(INIT_VECTOR_PARAM, Base64.DEFAULT)).getBytes(StandardCharsets.UTF_8);
Cipher decryptionCipherBlock = Cipher.getInstance("AES/CBC/PKCS5Padding");
decryptionCipherBlock.init(Cipher.DECRYPT_MODE, generateAESKey(), new IvParameterSpec(initVectorParamBytes));
byte[] cipherBytes = Base64.decode(base64Cipher, Base64.DEFAULT);
byte[] messageBytes = decryptionCipherBlock.doFinal(cipherBytes);
String plainText = new String(messageBytes);
return plainText;
}
}
现在,使用所需参数调用
encryptMessage()或decryptMessage()进行所需的AES操作。同时,在
AES操作期间处理异常情况。
希望这有所帮助...
- Rahul Raina
1
1静态盐和IV并不安全。 - Maarten Bodewes
0
如何将Bouncy Castle添加到Android项目中:https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk16/1.45
在您的主Activity中添加以下代码:
static {
Security.addProvider(new BouncyCastleProvider());
}
public class AESHelper {
private static final String TAG = "AESHelper";
public static byte[] encrypt(byte[] data, String initVector, String key) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
Cipher c = Cipher.getInstance("AES/CBC/PKCS5PADDING");
SecretKeySpec k = new SecretKeySpec(Base64.decode(key, Base64.DEFAULT), "AES");
c.init(Cipher.ENCRYPT_MODE, k, iv);
return c.doFinal(data);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static byte[] decrypt(byte[] data, String initVector, String key) {
try {
IvParameterSpec iv = new IvParameterSpec(initVector.getBytes("UTF-8"));
Cipher c = Cipher.getInstance("AES/CBC/PKCS5PADDING");
SecretKeySpec k = new SecretKeySpec(Base64.decode(key, Base64.DEFAULT), "AES");
c.init(Cipher.DECRYPT_MODE, k, iv);
return c.doFinal(data);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static String keyGenerator() throws NoSuchAlgorithmException {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(192);
return Base64.encodeToString(keyGenerator.generateKey().getEncoded(),
Base64.DEFAULT);
}
}
- Matthew Hooker
2
http://blog.dealforest.net/2012/03/ios-android-per-aes-crypt-connection/ - FlipNovid
我认为你不需要使用Bouncy;它只会确保你无法使用硬件加速,并且会降低大文件(如图像)的性能。在base64中编码密钥是一个坏主意;将其存储在密钥库中要好得多。 - Maarten Bodewes
网页内容由stack overflow 提供, 点击上面的可以查看英文原文,
原文链接
原文链接