To use AES with 256 bits in inbuild java 1.4 api

2020-08-04 10:32发布

问题:

I am able to encrypt with AES 128 but with more key length it fails.

code using AES 128 is as below.

import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;

/** * This program generates a AES key, retrieves its raw bytes, and * then reinstantiates a AES key from the key bytes. * The reinstantiated key is used to initialize a AES cipher for * encryption and decryption. */

public class AES {

 /**
 * Turns array of bytes into string
 *
 * @param buf   Array of bytes to convert to hex string
 * @return  Generated hex string
 */
 public static String asHex (byte buf[]) {
  StringBuffer strbuf = new StringBuffer(buf.length * 2);
  int i;

  for (i = 0; i < buf.length; i++) {
   if (((int) buf[i] & 0xff) < 0x10)
    strbuf.append("0");

   strbuf.append(Long.toString((int) buf[i] & 0xff, 16));
  }

  return strbuf.toString();
 }

 public static void main(String[] args) throws Exception {

   String message="This is just an example";

   // Get the KeyGenerator

   KeyGenerator kgen = KeyGenerator.getInstance("AES");
   kgen.init(128); // 192 and 256 bits may not be available


   // Generate the secret key specs.
   SecretKey skey = kgen.generateKey();
   byte[] raw = skey.getEncoded();

   SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");


   // Instantiate the cipher

   Cipher cipher = Cipher.getInstance("AES");

   cipher.init(Cipher.ENCRYPT_MODE, skeySpec);

   byte[] encrypted =cipher.doFinal("welcome".getBytes());
   System.out.println("encrypted string: " + asHex(encrypted));

   cipher.init(Cipher.DECRYPT_MODE, skeySpec);
   byte[] original =
     cipher.doFinal(encrypted);
   String originalString = new String(original);
   System.out.println("Original string: " +
     originalString + " " + asHex(original));
  }
}

回答1:

Java 1.4 ships with a Strong JCE policy file. You need to install the Unlimited Strength policy to use AES key length beyond 128.

See this,

http://java.sun.com/developer/technicalArticles/Security/AES/AES_v1.html



回答2:

It may be just that you need to upgrade/change your Java version. Some versions of Java come pre-packaged without 192/256 bit AES encryption because of laws around export of crypto products from US.

Nevertheless, 128 bits here is just enough for most cases. Also instead of using this code directly look into using higher level libraries, like Keyczar. For a variety of reasons (i.e ECB encoding) the code above is unsafe, I wouldn't trust it.