Java default Crypto/AES behavior

2019-01-01 15:49发布

问题:

Does anyone know what the default Java crypto behavior is for:

SecretKeySpec localSecretKeySpec = new SecretKeySpec(arrayOfByte, \"AES\");
Cipher localCipher = Cipher.getInstance(\"AES\");

Specifically I am looking to understand how those classes generate the IV, as well as what is the default encryption mode when just specifying \"AES\". Thanks.

回答1:

For Oracle JDK 7 (tested), the default cipher for AES is AES/ECB/PKCS5Padding. The Java Security documentation doesn\'t mention about this though (http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#algspec), have to do some JUnit testing to find out.



回答2:

Those details are provider specific, and relying on the default mode and padding can be very dangerous. If you are interested in what the values that the default provider currently bundled with Java uses you\'ll have to hunt down the source code for the algorithm in question. For instance, the default values it uses for the RSA algorithm are here. Also, the Java™ Cryptography Architecture (JCA) Reference Guide has quite a bit of information that could answer some of you other questions.



回答3:

The details are provider specific. The JCA Reference Guide says that:

(Creating a Cipher Object) If no mode or padding is specified, provider-specific default values for the mode and padding scheme are used. For example, the SunJCE provider uses ECB as the default mode, and PKCS5Padding as the default padding scheme for DES, DES-EDE and Blowfish ciphers. This means that in the case of the SunJCE provider: Cipher.getInstance(\"DES\") and Cipher.getInstance(\"DES/ECB/PKCS5Padding\") are equivalent statements.

I would always use the full form (algorithm/mode/padding), not only because I think that leaving out such \"details\" to the implementation is bad practice, but also for achieving a ciphertext that is independent of the chosen provider (one usually encrypts for storage/transmission, then one cannot be sure that the same provider will be used later/on the other end).



回答4:

It depends on the Providers. Different providers might have different default parameters. This is the link for Java 8.

https://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SUNProvider

The javax.crypto.Cipher.getInstance(String transformation) factory method generates Ciphers using transformations of the form algorithm/mode/padding. If the mode/padding are omitted, the SunJCE and SunPKCS11 providers use ECB as the default mode and PKCS5Padding as the default padding for many symmetric ciphers.

It is recommended to use transformations that fully specify the algorithm, mode, and padding instead of relying on the defaults.

Note: ECB works well for single blocks of data and can be parallelized, but generally should not be used for multiple blocks of data.

Therefore, you should not just use AES but specify the mode and padding. Furthermore, although the getInstance method could have another parameter for the provider, this is not recommended because

applications are tied to specific providers that may not be available on other Java implementations