問題描述

談javax.crypto.Cipher

我嘗試使用 Cipher.getInstance("RSA/None/NoPadding", "BC") 加密數(shù)據(jù)，但出現(xiàn)異常:

I was trying to encrypt data using Cipher.getInstance("RSA/None/NoPadding", "BC") but I got the exception:

ArrayIndexOutOfBoundsException: too much data for RSA block

看起來(lái)與NoPadding"有關(guān)，因此，閱讀有關(guān)填充的內(nèi)容，看起來(lái) CBC 是在這里使用的最佳方法.

Looks like is something related to the "NoPadding", so, reading about padding, looks like CBC is the best approach to use here.

我在谷歌上找到了一些關(guān)于RSA/CBC/PKCS#7"的東西，這個(gè)PKCS#7"是什么?以及為什么它沒有列在 sun 的標(biāo)準(zhǔn)算法名稱?

I found at google something about "RSA/CBC/PKCS#7", what is this "PKCS#7"? And why its not listed on sun's standard algorithm names?

更新:

我想知道，如果是填充問題，為什么這個(gè)例子運(yùn)行得很好?

I'm wondering, if is a padding problem, why this example run just fine?

import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;

import javax.crypto.Cipher;

/**
 * Basic RSA example.
 */
public class BaseRSAExample
{
    public static void main(
        String[]    args)
        throws Exception
    {
        byte[]           input = new byte[] { (byte)0xbe, (byte)0xef };
        Cipher          cipher = Cipher.getInstance("RSA/None/NoPadding", "BC");
        KeyFactory       keyFactory = KeyFactory.getInstance("RSA", "BC");

        // create the keys

        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(
                new BigInteger("d46f473a2d746537de2056ae3092c451", 16),
                new BigInteger("11", 16));
        RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(
                new BigInteger("d46f473a2d746537de2056ae3092c451", 16),  
                new BigInteger("57791d5430d593164082036ad8b29fb1", 16));

        RSAPublicKey pubKey = (RSAPublicKey)keyFactory.generatePublic(pubKeySpec);
        RSAPrivateKey privKey = (RSAPrivateKey)keyFactory.generatePrivate(privKeySpec);

        // encryption step

        cipher.init(Cipher.ENCRYPT_MODE, pubKey);

        byte[] cipherText = cipher.doFinal(input);

        // decryption step

        cipher.init(Cipher.DECRYPT_MODE, privKey);

        byte[] plainText = cipher.doFinal(cipherText);

    }
}

更新 2:

我意識(shí)到即使我只使用 Cipher.getInstance("RSA", "BC") 也會(huì)引發(fā)相同的異常.

I realized that even if I use just Cipher.getInstance("RSA", "BC") it throws the same exception.

推薦答案

如果你使用分組密碼，你輸入的必須是分組比特長(zhǎng)度的精確倍數(shù).

If you use a block cipher, you input must be an exact multiple of the block bit length.

為了加密任意長(zhǎng)度的數(shù)據(jù)，您首先需要將數(shù)據(jù)填充到塊長(zhǎng)度的倍數(shù).這可以用任何方法完成，但有許多標(biāo)準(zhǔn).PKCS7 是一個(gè)很常見的，你可以在關(guān)于 padding 的維基百科文章中查看 概述.

In order to encipher arbitrary length data, you need first to pad you data to a multiple of the block length. This can be done with any method, but there are a number of standards. PKCS7 is one which is quite common, you can see an overview on the wikipedia article on padding.

由于塊密碼器對(duì)塊進(jìn)行操作，因此您還需要想出一種連接加密塊的方法.這非常重要，因?yàn)橛字傻募夹g(shù)大大降低了加密的強(qiáng)度.還有一篇關(guān)于此的維基百科文章.

Since block cipers operate on blocks, you also need to come up with a way of concatenating the encrypted blocks. This is very important, since naive techniques greatly reduce the strength of the encryption. There is also a wikipedia article on this.

您所做的是嘗試加密(或解密)長(zhǎng)度與密碼的塊長(zhǎng)度不匹配的數(shù)據(jù)，并且您還明確要求不進(jìn)行填充和鏈接操作模式.

What you did was to try to encrypt (or decrypt) data of a length which didn't match the block length of the cipher, and you also explicitly asked for no padding and also no chaining mode of operation.

因此，分組密碼無(wú)法應(yīng)用于您的數(shù)據(jù)，并且您收到了報(bào)告的異常.

Consequently the block cipher could not be applied to your data, and you got the reported exception.

更新:

作為對(duì)您的更新和 GregS 評(píng)論的回應(yīng)，我想承認(rèn) GregS 是對(duì)的(我不知道 RSA)，并詳細(xì)說明一下:

As a response to your update and GregS's remark, I would like to acknowledge that GregS was right (I did not know this about RSA), and elaborate a bit:

RSA 不對(duì)位進(jìn)行操作，而是對(duì)整數(shù)進(jìn)行操作.因此，為了使用 RSA，您需要將您的字符串消息轉(zhuǎn)換為整數(shù) m:0 <米＜n，其中 n 是在生成過程中選擇的兩個(gè)不同素?cái)?shù)的模數(shù).RSA 算法中密鑰的大小通常是指n.有關(guān)這方面的更多詳細(xì)信息，請(qǐng)參閱關(guān)于 RSA 的維基百科文章.

RSA does not operate on bits, it operates on integer numbers. In order to use RSA you therefore need to convert your string message into an integer m: 0 < m < n, where n is the modulus of the two distinct primes chosen in the generation process. The size of a key in the RSA algorithm typically refers to n. More details on this can be found on the wikipedia article on RSA.

將字符串消息轉(zhuǎn)換為整數(shù)而不丟失(例如截?cái)喑跏剂?的過程，通常遵循 PKCS#1 標(biāo)準(zhǔn).此過程還為消息完整性(哈希摘要)、語(yǔ)義安全(IV)等添加了一些其他信息.有了這個(gè)額外的數(shù)據(jù)，可以提供給 RSA/None/PKCS1Padding 的最大字節(jié)數(shù)是 (keylength - 11).我不知道 PKCS#1 如何將輸入數(shù)據(jù)映射到輸出整數(shù)范圍，但是我的印象是它可以輸入小于或等于 keylength - 11 的任何長(zhǎng)度，并為 RSA 加密生成一個(gè)有效的整數(shù).

The process of converting a string message to an integer, without loss (for instance truncating initial zeroes), the PKCS#1 standard is usually followed. This process also adds some other information for message integrity (a hash digest), semantical security (an IV) ed cetera. With this extra data, the maximum number of bytes which can be supplied to the RSA/None/PKCS1Padding is (keylength - 11). I do not know how PKCS#1 maps the input data to the output integer range, but my impression is that it can take any length input less than or equal to keylength - 11 and produce a valid integer for the RSA encryption.

如果您不使用填充，您的輸入將被簡(jiǎn)單地解釋為一個(gè)數(shù)字.您的示例輸入 {0xbe, 0xef} 很可能會(huì)被解釋為 {10111110 +o 11101111} = 1011111011101111_2 = 48879_10 = beef_16(原文如此！).由于 0 <牛肉_16

If you use no padding, your input will simply be interpreted as a number. Your example input, {0xbe, 0xef} will most probably be interpreted as {10111110 +o 11101111} = 1011111011101111_2 = 48879_10 = beef_16 (sic!). Since 0 < beef_16 < d46f473a2d746537de2056ae3092c451_16, your encryption will succeed. It should succeed with any number less than d46f473a2d746537de2056ae3092c451_16.

bouncycastle 常見問題解答中提到了這一點(diǎn).他們還聲明了以下內(nèi)容:

This is mentioned in the bouncycastle FAQ. They also state the following:

附帶的 RSA 實(shí)現(xiàn)充氣城堡只允許加密單個(gè)數(shù)據(jù)塊.RSA算法不適合流數(shù)據(jù)，不應(yīng)使用那樣.在這種情況下你應(yīng)該使用加密數(shù)據(jù)隨機(jī)生成的密鑰和一個(gè)對(duì)稱的密碼，之后你應(yīng)該加密使用 RSA 隨機(jī)生成的密鑰，然后發(fā)送加密數(shù)據(jù)和對(duì)方的加密隨機(jī)密鑰結(jié)束他們可以逆轉(zhuǎn)過程的地方(即使用解密隨機(jī)密鑰他們的 RSA 私鑰，然后解密數(shù)據(jù)).

The RSA implementation that ships with Bouncy Castle only allows the encrypting of a single block of data. The RSA algorithm is not suited to streaming data and should not be used that way. In a situation like this you should encrypt the data using a randomly generated key and a symmetric cipher, after that you should encrypt the randomly generated key using RSA, and then send the encrypted data and the encrypted random key to the other end where they can reverse the process (ie. decrypt the random key using their RSA private key and then decrypt the data).

這篇關(guān)于RSA 塊的數(shù)據(jù)過多失敗.什么是 PKCS#7?的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！