logo标签列表

BadPaddingException: 解密错误

javaencryptioncryptographyrsa
15

我正在编写一个程序,从控制台输入zip文件的名称,要生成的包含(解密/加密)后文件的zip文件名以及包含公钥的文件名。解密时出现了异常:

exception Exception in thread "main" javax.crypto.BadPaddingException:     Decryption error
at sun.security.rsa.RSAPadding.unpadV15(RSAPadding.java:380)
at sun.security.rsa.RSAPadding.unpad(RSAPadding.java:291) 
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363) 
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:389) 
at javax.crypto.Cipher.doFinal(Cipher.java:2165) 
at com.Main.decrypt(Main.java:67) 
at com.Main.main(Main.java:201)

为什么我会遇到这个异常无法弄清楚呢?

公钥:

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCE3pA746UfpC8sFk8ZJp0yupyJqj5jy6cjdxUYoP7mCm7c0mqQDeCcDNBYW2eSozCioPrH/9L+CDQEPLYakoem+jFnUKDH5+pru/0PJTJJF8Xh/ZT9eJlvsYBr1/qSfICf6RTs7kzwq9IuSZBw7/tfNEF9i0A8FVox6HOopXod1QIDAQAB

私钥:

MIICXQIBAAKBgQCE3pA746UfpC8sFk8ZJp0yupyJqj5jy6cjdxUYoP7mCm7c0mqQDeCcDNBYW2eSozCioPrH/9L+CDQEPLYakoem+jFnUKDH5+pru/0PJTJJF8Xh/ZT9eJlvsYBr1/qSfICf6RTs7kzwq9IuSZBw7/tfNEF9i0A8FVox6HOopXod1QIDAQABAoGANOFrYBqK5lvu1koOswDWQZFZqcSSzh8IZyoGwGWa7S0r0EECXlDXmuPSq8e9IfRG8ALHrH+ZlrbnFOSgyVSWHfpj3aH+qknoSX5TW2rMQHih8865xuqheMQ+RTZ7+BRDqNsYkzxB/Z8mqzpoJQSYf+H7nWxdDCgAJVYZzxl3DmUCQQD32iEjnwiwUjii8slcmvCEZl+z84DWNdvJOg6Z38sI4AvrfpKc1WAcDg1rNZCKrRgokh54wpLt08cpFcrD04c3AkEAiTzDmc0bdgfg5wj6xHFZpYlBwiGm/bjOR2PS57P0GNU5PsDllRbFqIuzArITutO5lvZZImzuYz7Lf+cQ73pxUwJBAOdEwmdaneDo17A0m2+to3/nhqWDMVSwLMU3RyiNigZeCMFU+bkd4PBMrHi9IoJDwacZsRU9eZwxYEUV8H2Jg0ECQEEkOqRSm2pXKwX/WSjNtQPCNxhy6NUeV6vDUmTxIjh3XYjP/ynZeVEbnoj1BjB0N2/U11Jj6nPpZqb7gyppMEkCQQCoGdVYDipU+hMMnvxa0zOIyQc/a+HE0lESqn+2ZPafYi9Z1RldRMvUXhP8U7s+OuhRwprdw2ivvOFrnWyz9lL2

程序代码如下。欢迎任何帮助 :)

package com;

import java.io.BufferedReader;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Enumeration;
import java.util.Scanner;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;

import javax.crypto.Cipher;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERNull;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;

public class Main {

    public final static int BUFFER_SIZE = 117;

    public static void decrypt(String originalZipFileName, String newZipFileName, String privateKeyFileName) throws Exception {
        byte[] buffer = new byte[128];  

        ZipFile originalZipFile = new ZipFile(originalZipFileName); 
        ZipOutputStream newZipFile = new ZipOutputStream(new FileOutputStream(newZipFileName));

        Enumeration<? extends ZipEntry> zipEntries = originalZipFile.entries();

        String privateKey = getKeyString(privateKeyFileName);
        PrivateKey key = makePrivateKey(privateKey);

        Cipher cipher = Cipher.getInstance("RSA");

        cipher.init(Cipher.DECRYPT_MODE, key);


        while(zipEntries.hasMoreElements()){

            ZipEntry entry = zipEntries.nextElement();          

            ZipEntry copy = new ZipEntry(entry.getName());      
            newZipFile.putNextEntry(copy);          

            InputStream inputEntry = originalZipFile.getInputStream(entry);         

            while(inputEntry.read(buffer) != -1){   
                newZipFile.write(cipher.doFinal(buffer));
            }

            newZipFile.closeEntry();
            inputEntry.close();
        }
        newZipFile.close();
        originalZipFile.close();
    }

    public static void encrypt(String originalZipFileName, String newZipFileName, String publicKeyFileName) throws Exception{

        byte[] buffer = new byte[BUFFER_SIZE];  

        ZipFile originalZipFile = new ZipFile(originalZipFileName); 
        ZipOutputStream newZipFile = new ZipOutputStream(new FileOutputStream(newZipFileName));

        Enumeration<? extends ZipEntry> zipEntries = originalZipFile.entries();

        String publicKey = getKeyString(publicKeyFileName);
        PublicKey key = makePublicKey(publicKey);

        Cipher cipher = Cipher.getInstance("RSA");

        cipher.init(Cipher.ENCRYPT_MODE, key);


        while(zipEntries.hasMoreElements()){

            ZipEntry entry = zipEntries.nextElement();          

            ZipEntry copy = new ZipEntry(entry.getName());      
            newZipFile.putNextEntry(copy);          

            InputStream inputEntry = originalZipFile.getInputStream(entry);         

            while(inputEntry.read(buffer) != -1){               
                newZipFile.write(cipher.doFinal(buffer));
            }

            newZipFile.closeEntry();
            inputEntry.close();
        }
        newZipFile.close();
        originalZipFile.close();
    }   

    public static String getKeyString(String fileName){

        String key = new String();
        try {
            BufferedReader buf = new BufferedReader(new FileReader(fileName));
            key = buf.readLine();       
        } catch ( IOException e) {
            e.printStackTrace();
        }   

        return key.trim();
    }

    public static PublicKey makePublicKey(String stored) throws GeneralSecurityException {
        byte[] data = Base64.getDecoder().decode(stored);
        X509EncodedKeySpec spec = new  X509EncodedKeySpec(data);
        KeyFactory fact = KeyFactory.getInstance("RSA");
        return fact.generatePublic(spec);
    }

    public static PrivateKey makePrivateKey(String stored) throws GeneralSecurityException, Exception {
        /*byte[] data = Base64.getDecoder().decode(stored);
        PKCS8EncodedKeySpec spec = new  PKCS8EncodedKeySpec(data);
        KeyFactory fact = KeyFactory.getInstance("RSA");
        return fact.generatePrivate(spec);*/

        byte[] data = Base64.getDecoder().decode(stored);

        ASN1EncodableVector v = new ASN1EncodableVector();
        v.add(new ASN1Integer(0));
        ASN1EncodableVector v2 = new ASN1EncodableVector();
        v2.add(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.rsaEncryption.getId()));
        v2.add(DERNull.INSTANCE);
        v.add(new DERSequence(v2));
        v.add(new DEROctetString(data));
        ASN1Sequence seq = new DERSequence(v);
        byte[] privKey = seq.getEncoded("DER");

        PKCS8EncodedKeySpec spec = new  PKCS8EncodedKeySpec(privKey);
        KeyFactory fact = KeyFactory.getInstance("RSA");
        PrivateKey key = fact.generatePrivate(spec);

        return key; 

    }

    public static void main(String[] args) throws Exception {

        Scanner scan = new Scanner(System.in);

        System.out.println("Enter type of operation:");
        String line = scan.nextLine();

        if(line.equals("encrypt")){
            System.out.println("Enter name of original ZIP file:");
            String originalZipFileName = scan.nextLine();

            System.out.println("Enter name of new ZIP file:");
            String newZipFileName = scan.nextLine();

            System.out.println("Enter name of file containg public key:");
            String publicKeyFileName = scan.nextLine();

            encrypt(originalZipFileName, newZipFileName, publicKeyFileName);        
        }

        if(line.equals("decrypt")){
            System.out.println("Enter name of original ZIP file:");
            String originalZipFileName = scan.nextLine();

            System.out.println("Enter name of new ZIP file:");
            String newZipFileName = scan.nextLine();

            System.out.println("Enter name of file containg private key:");
            String privateKeyFileName = scan.nextLine();

            decrypt(originalZipFileName, newZipFileName, privateKeyFileName);       
        }       

    }

}

PS:已更新decrypt方法。仍然出现相同的错误。

public static void decrypt(String originalZipFileName, String newZipFileName, String privateKeyFileName) throws Exception {
    byte[] buffer = new byte[128];  

    ZipFile originalZipFile = new ZipFile(originalZipFileName); 
    ZipOutputStream newZipFile = new ZipOutputStream(new FileOutputStream(newZipFileName));

    Enumeration<? extends ZipEntry> zipEntries = originalZipFile.entries();

    String privateKey = getKeyString(privateKeyFileName);
    PrivateKey key = makePrivateKey(privateKey);

    Cipher cipher = Cipher.getInstance("RSA");

    cipher.init(Cipher.DECRYPT_MODE, key);


    while(zipEntries.hasMoreElements()){

        ZipEntry entry = zipEntries.nextElement();          

        ZipEntry copy = new ZipEntry(entry.getName());      
        newZipFile.putNextEntry(copy);


        InputStream inputEntry = originalZipFile.getInputStream(entry);


        while(inputEntry.read(buffer) != -1){
            newZipFile.write(cipher.doFinal(buffer));
        }

        newZipFile.closeEntry();
        inputEntry.close();
    }
    newZipFile.close();
    originalZipFile.close();
}
1
可能是重复的问题,参考链接:https://dev59.com/N2zXa4cB1Zd3GeqPVp9Q - Jozef Chocholacek
@divanov 你具体是什么意思? - user3719857
在你使用了ZipEntry的InputStream周围的BufferedInputStream后,解密错误是否得到解决? - divanov
@divanov 只是想知道为什么会出现这个错误。背后的逻辑是什么? - user3719857
谢谢!当你从文件中读取数据时,有时会很慢,此时InputStream将读取的数据量可能少于缓冲区所包含的数据量。通过使用BufferedInputStream,可以确保在读取调用返回之前有足够的数据。然而,对于解密来说,拥有完整的块是至关重要的。请注意,你还需要处理每个文件的最后一个块的加密问题。 - divanov
显示剩余3条评论
3个回答
11

Jozef是正确的。

当您使用默认参数创建密码时,它默认为"RSA/ECB/PKCS1Padding"。如果您不想遇到讨厌的意外情况,应明确指定填充方式,因为其他安全提供商可能具有不同的默认参数。并且您永远不会预先知道每个特定JRE具有哪些安全设置。

因此,PKCS1填充将向您的原始数据添加11个字节,从而将其从117个字节增加到128个字节。您应该考虑到这些数字是特定于1024位RSA密钥(略微安全)的,并且对于更长的密钥将有所不同。由于您正在从文件中加载密钥,请考虑检查其长度。

@Test
public void testPadding() throws Exception {
    SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

    KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
    keyGen.initialize(1024, random);
    KeyPair keyPair = keyGen.generateKeyPair();

    /* constant 117 is a public key size - 11 */
    byte[] plaintext = new byte[117];
    random.nextBytes(plaintext);

    Cipher cipher = Cipher.getInstance("RSA");
    cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
    byte[] ciphertext = cipher.doFinal(plaintext);
    System.out.println(plaintext.length + " becomes " + ciphertext.length);
}

这会打印出来

117 becomes 128

最后,考虑使用AES而不是RSA进行文件加密。

因此,要解决问题,您需要在加密时使用大小为公钥长度-11(117)的缓冲区,并在解密时使用公钥大小(128)。

更改

outputFile.write(cipher.doFinal(buffer), 0, read);


outputFile.write(cipher.doFinal(buffer));

由于缓冲区读取长度为117字节,而doFinal结果的大小为128字节。

另外,您需要对输入流进行缓冲。当您从文件中读取数据时,有时可能会很慢,此时InputStream将读取比缓冲区容量小的数据。使用BufferedInputStream可以确保在读取调用返回之前有足够的数据。但是,对于解密而言,拥有完整的数据块至关重要。

InputStream inputEntry = new BufferedInputStream(originalZipFile.getInputStream(entry));
1
问题可以追溯到加密过程中的 outputFile.write(cipher.doFinal(buffer), 0, read); 这一行代码,因为 doFinal() 方法的返回结果(填充)比 read 更大,这意味着密文的一部分丢失了,从而导致无法解密。 - Artjom B.
@ArtjomB。我应该如何准确地解决这个问题? - user3719857
1
@divanov 它包含了明文的长度。 - user207421
我尝试了你说的,但仍然出现相同的错误。 - user3719857
1
我使用以下代码解决了这个问题:Cipher cipher1 = Cipher.getInstance("RSA/ECB/NOPADDING"); - Rahul kumar
1
while((read = inputEntry.read(buffer)) != -1){              
        outputFile.write(cipher.doFinal(buffer), 0, read);
    }

你有一个问题。`read` 是已读取明文的大小,而不是密文的大小。你应该完全删除第二个和第三个参数。
将密文写入中间文件也是浪费时间和空间。直接将其写入 zip 流即可。
我刚刚按照你告诉我的方法更新了代码,但仍然出现相同的错误。 - user3719857
0

解密方法的字节数组应该是256个字节长,因为这是算法的默认输出大小(额外的字节导致了这个长度)。将byte[] buffer = new byte[128];改为byte[] buffer = new byte[256];

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接