Decrypt ( with PHP ) a Java encryption ( PBEWithMD5AndDES )(解密(使用 PHP)Java 加密(PBEWithMD5AndDES))
问题描述
有人让我用 PHP 解密一个用以下 Java 类加密的字符串.
Someone asked me to decrypt with PHP a string encrypted with the following Java Class.
public class CryptoLibrary {
private Cipher encryptCipher;
private sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
public CryptoLibrary() throws SecurityException{
java.security.Security.addProvider(new com.sun.crypto.provider.SunJCE());
char[] pass = "NNSHHETJKKSNKH".toCharArray();
byte[] salt = {
(byte) 0xa3, (byte) 0x21, (byte) 0x24, (byte) 0x2c,
(byte) 0xf2, (byte) 0xd2, (byte) 0x3e, (byte) 0x19 };
init(pass, salt, iterations);
}
public void init(char[] pass, byte[] salt, int iterations)throws SecurityException{
PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt, 20);
SecretKeyFactory kf = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey k = kf.generateSecret(new javax.crypto.spec.PBEKeySpec(pass));
encryptCipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding");
encryptCipher.init(Cipher.ENCRYPT_MODE, k, ps);
}
}
public synchronized String encrypt(String str) throws SecurityException{
if(str!=null){
byte[] utf8 = str.getBytes("UTF8");
byte[] enc = encryptCipher.doFinal(utf8);
return encoder.encode(enc);
}
else {
return null;
}
}
}
我不懂任何 Java,所以我需要一些帮助来理解这种加密.
I don't know any Java so I need some help to understand this encryption.
1) 这条线是什么意思?PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt,20);
1) what is the meaning of this line?
PBEParameterSpec ps = new javax.crypto.spec.PBEParameterSpec(salt,20);
2) 我应该为第一个参数使用什么值string mcrypt_encrypt(string $cipher, string $key, string $data, string $mode [, string $iv])
2) what value should I use for the first parameter of
string mcrypt_encrypt ( string $cipher , string $key , string $data , string $mode [, string $iv ] )
3) 我什么时候应该在我的 php 脚本中使用 MD5?
3) When should I use MD5 in my php script?
推荐答案
1) 创建基于密码的加密的参数,包含在哈希计算中的盐,以及哈希方法执行的迭代次数(在它自己的输出上).它用于击败彩虹表攻击,基本上攻击者必须经过相同次数的迭代来检查密码是否正确,并且他不能使用预先计算的表,因为每个密码的盐都会不同(所以你看不到如果某人与另一个用户的密码相同).
1) It creates the parameters for Password Based Encryption, the salt, which is included in the hash calculations, and the number of iterations that the hash method is executed (on it's own output). It is used to defeat rainbow table attacks, basically an attacker has to go through the same number of iterations to check if the password is correct, and he cannot use a precalculated table because the salt will be different for each password (so you cannot see if somebody has the same password as another user).
2) MCRYPT_DES,你需要 MCRYPT_MODE_CBC 作为模式,当然还有 PKCS#5 填充.
2) MCRYPT_DES, and you will need MCRYPT_MODE_CBC for the mode, and PKCS#5 padding of course.
3) 仅当您绝对确定其弱点未暴露或绝对需要兼容性时.幸运的是,它对于密钥派生功能相对安全.下载 PHP 的 pbkdf1 方法并将其放入其中 - 如果尚未包含.
3) Only when you are absolutely sure that its weaknesses are not exposed or when absolutely required for compatibility. Fortunately, it is relatively secure for key derivation functions. Download a pbkdf1 method for PHP and put it in there - if not already included.
这篇关于解密(使用 PHP)Java 加密(PBEWithMD5AndDES)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:解密(使用 PHP)Java 加密(PBEWithMD5AndDES)
- Java包名称中单词分隔符的约定是什么? 2022-01-01
- Safepoint+stats 日志,输出 JDK12 中没有 vmop 操作 2022-01-01
- 如何使用WebFilter实现授权头检查 2022-01-01
- Spring Boot连接到使用仲裁器运行的MongoDB副本集 2022-01-01
- Jersey REST 客户端:发布多部分数据 2022-01-01
- C++ 和 Java 进程之间的共享内存 2022-01-01
- Eclipse 插件更新错误日志在哪里? 2022-01-01
- value & 是什么意思?0xff 在 Java 中做什么? 2022-01-01
- 将log4j 1.2配置转换为log4j 2配置 2022-01-01
- 从 finally 块返回时 Java 的奇怪行为 2022-01-01