logo标签列表

Android密码AES/GCM/NoPadding "iv==null"

androidencryptioninitialization-vectoraes-gcm
3

我正在尝试在Marshmallow上加密和解密一些数据。加密很好,但是当尝试解密时,我会收到一个 RuntimeException 错误,指出 "iv == null"。

基本上,cipher.getIV() 和 cipher.getParameters() 返回 null。我有什么遗漏吗?

  private static final String ALGORITHM_NAME = "AES/GCM/NoPadding";
  private static final int IV_SIZE = 128;
  private static final int ALGORITHM_SIZE = 256;

  private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
  private static final String SYMMETRIC_ALIAS = "secret_key";

  private static SecretKey getSymmetricKey()
      throws NoSuchProviderException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, IOException,
      CertificateException, KeyStoreException, UnrecoverableEntryException {

    KeyStore ks = KeyStore.getInstance(KEYSTORE_PROVIDER);
    ks.load(null);

    return (SecretKey) ks.getKey(SYMMETRIC_ALIAS, null);
  }

  private static SecretKey createSecretKey()
      throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {

    KeyGenerator keyGenerator = KeyGenerator.getInstance(
        KeyProperties.KEY_ALGORITHM_AES, KEYSTORE_PROVIDER);

    keyGenerator.init(new KeyGenParameterSpec.Builder(SYMMETRIC_ALIAS,
        KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
        .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
        .setKeySize(ALGORITHM_SIZE)
        .setRandomizedEncryptionRequired(true)
        .setUserAuthenticationRequired(false)
        .build());

    return keyGenerator.generateKey();
  }

  public static byte[] encrypt(byte[] data)
      throws CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException,
      KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException, NoSuchPaddingException,
      InvalidKeyException, BadPaddingException, IllegalBlockSizeException {

    SecretKey secretKey = getSymmetricKey();
    if (secretKey == null) {
      secretKey = createSecretKey();
    }

    Cipher cipher = Cipher.getInstance(ALGORITHM_NAME);
    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
    return cipher.doFinal(data);
  }

  public static byte[] decrypt(byte[] data)
      throws CertificateException, NoSuchAlgorithmException, IOException, UnrecoverableEntryException,
      KeyStoreException, NoSuchProviderException, InvalidAlgorithmParameterException, NoSuchPaddingException,
      InvalidKeyException, BadPaddingException, IllegalBlockSizeException {

    SecretKey secretKey = getSymmetricKey();

    Cipher cipher = Cipher.getInstance(ALGORITHM_NAME);
    GCMParameterSpec spec = new GCMParameterSpec(IV_SIZE, cipher.getIV());
    cipher.init(Cipher.DECRYPT_MODE, secretKey, spec);
    return cipher.doFinal(data.getBytes());
  }
我遇到了类似的问题,你能帮我解决一下吗? - KomalG
1个回答
4

在解密时,您必须为AES/GCM/NoPadding的Cipher.init提供一个非空IV。然而,您的代码提供了一个空的IV,这是通过在未初始化的Cipher实例上调用Cipher.getIV()获得的。

解决方法是保存加密时使用的IV,然后在解密时使用相同的已保存IV。

3
IV不需要保密,但在GCM中必须是唯一的。由于它的长度始终相同,您只需将其前置到密文中,然后在解密之前将其切掉即可。 - Artjom B.
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接