wzyxidian AES加密跨平台出现的问题

2020-09-28

https://www.cnblogs.com/wzyxidian/p/4383363.html

javax.crypto.BadPaddingException: Given final block not properly padded

at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
   at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
   at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
   at javax.crypto.Cipher.doFinal(DashoA13*..)
   at chb.test.crypto.AESUtils.crypt(AESUtils.java:386)
   at chb.test.crypto.AESUtils.AesDecrypt(AESUtils.java:254)
   at chb.test.crypto.AESUtils.main(AESUtils.java:40)

解决方法：

经过检查之后，定位在生成KEY的方法上，如下：

public static SecretKey getKey (String strKey) {
         try {       
            KeyGenerator _generator = KeyGenerator.getInstance( "AES" );
            _generator.init(128, new SecureRandom(strKey.getBytes()));
                return _generator.generateKey();
        }  catch (Exception e) {
             throw new RuntimeException( " 初始化密钥出现异常 " );
        }
      }

修改到如下方式，问题解决：

public static SecretKey getKey(String strKey) {
         try {       
            KeyGenerator _generator = KeyGenerator.getInstance( "AES" );
             SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG" );
            secureRandom.setSeed(strKey.getBytes());
            _generator.init(128,secureRandom);
                return _generator.generateKey();
        }  catch (Exception e) {
             throw new RuntimeException( " 初始化密钥出现异常 " );
        }
      }

原因分析

SecureRandom 实现完全隨操作系统本身的內部狀態，除非調用方在調用 getInstance 方法之後又調用了 setSeed 方法；该实现在 windows 上每次生成的 key 都相同，但是在 solaris 或部分 linux 系统上则不同。

package com.acuilab.bc.main.util;

import com.google.common.base.Charsets;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/**
 *
 * @author admin
 * 
 * @see https://www.jianshu.com/p/ee3487daca34
 */
public class AESUtil {
    private static final Logger LOG = Logger.getLogger(AESUtil.class.getName());
    
    private static final String KEY_ALGORITHM = "AES";
    private static final String DEFAULT_CIPHER_ALGORITHM = "AES/ECB/PKCS5Padding";//默认的加密算法
  
    /**
     * AES 加密操作
     *
     * @param content 待加密内容
     * @param key 加密密钥
     * @return 返回Base64转码后的加密数据
     * @throws java.security.NoSuchAlgorithmException
     * @throws javax.crypto.NoSuchPaddingException
     * @throws java.io.UnsupportedEncodingException
     * @throws java.security.InvalidKeyException
     * @throws javax.crypto.IllegalBlockSizeException
     * @throws javax.crypto.BadPaddingException
     */
    public static String encrypt(String content, String key) throws NoSuchAlgorithmException, NoSuchPaddingException, UnsupportedEncodingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
        Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);// 创建密码器

        byte[] byteContent = content.getBytes("utf-8");

        cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(key));// 初始化为加密模式的密码器

        return Base64.getEncoder().encodeToString(cipher.doFinal(byteContent));//通过Base64转码返回
    }
  
    /**
     * AES 解密操作
     *
     * @param content
     * @param key
     * @return
     * @throws java.security.InvalidKeyException
     * @throws javax.crypto.IllegalBlockSizeException
     * @throws javax.crypto.BadPaddingException
     * @throws javax.crypto.NoSuchPaddingException
     * @throws java.security.NoSuchAlgorithmException
     */
    public static String decrypt(String content, String key) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, NoSuchAlgorithmException {
        //实例化
        Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);

        //使用密钥初始化，设置为解密模式
        cipher.init(Cipher.DECRYPT_MODE, getSecretKey(key));

        //执行操作
        return new String(cipher.doFinal(Base64.getDecoder().decode(content)), Charsets.UTF_8);
    }
  
    /**
     * 生成加密秘钥
     *
     * @return
     */
    private static SecretKeySpec getSecretKey(final String key) {
        //返回生成指定算法密钥生成器的 KeyGenerator 对象
        KeyGenerator kg = null;
  
        try {
            kg = KeyGenerator.getInstance(KEY_ALGORITHM);
  
            //AES 要求密钥长度为 128
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
            secureRandom.setSeed(key.getBytes());
            kg.init(128, secureRandom);
  
            //生成一个密钥
            SecretKey secretKey = kg.generateKey();
  
            return new SecretKeySpec(secretKey.getEncoded(), KEY_ALGORITHM);// 转换为AES专用密钥
        } catch (NoSuchAlgorithmException ex) {
            LOG.log(Level.SEVERE, null, ex);
        }
  
        return null;
    }
  
    public static void main(String[] args) {
        try {
            String content = "hello,您好";
            String key = "sde@5f98H*^hsff%dfs$r344&df8543*er";
            System.out.println("content:" + content);
            String s1 = AESUtil.encrypt(content, key);
            System.out.println("s1:" + s1);
            System.out.println("s2:"+AESUtil.decrypt(s1, key));
        } catch (NoSuchAlgorithmException | NoSuchPaddingException | UnsupportedEncodingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException ex) {
            ex.printStackTrace();
        }
    }
}