我有一个名为user.net的表,它有一个名为varchar(25)的列。
使用aes算法插入时,im加密名字值。(aes/cbc/pkcs5padding)
但是每次我加密firstname值时,都不会得到相同长度的输出值(加密的)。当firstname值字符串长度变化时,加密的输出长度不适合为列定义的varchar lenth。
string input=“测试”//加密值:978fbfa24962827da56b1f00896a4f2cbfc25b744e836c2a22d4292fb16dd53a
string input=“这是测试”//加密值:978fbfa24962827da56b1f00896a4f2cbfc25b744e836c22a22d4292fb16dd53aa22d4292fb16dd53a
我得到以下例外。
数据截断:列的数据太长
我在这里添加了代码。
public String encrypt(String plainText) {
byte[] cipherBytes = null;
log.info("Started encryption...");
if (plainText != null && !plainText.isEmpty()) {
if (cipher != null && key != null) {
try {
byte[] ivByte = new byte[cipher.getBlockSize()];
IvParameterSpec ivParamsSpec = new IvParameterSpec(ivByte);
cipher.init(Cipher.ENCRYPT_MODE, key, ivParamsSpec);
cipherBytes = cipher.doFinal(plainText.getBytes());
plainText = Hex.encodeHexString(cipherBytes);
log.info("Completed encryption.");
log.info("Encrypted data : "
+ new String(cipherBytes, "UTF8"));
} catch (BadPaddingException | IllegalBlockSizeException
| InvalidKeyException
| InvalidAlgorithmParameterException
| UnsupportedEncodingException e) {
log.error("Encryption failed : " + e.getMessage());
e.printStackTrace();
throw new RuntimeException("Encryption failed : "
+ e.getMessage());
}
} else {
log.error("Encryption failed, cipher, key is null.");
throw new RuntimeException(
"Encryption failed, cipher, key is null.");
}
} else {
return plainText;
}
return plainText;
}
public String decrypt(String cipherHexString) throws AuthorizationException {
log.info("Started decryption...");
byte[] plainTextBytes = null;
String resource = "kk";
String resourceCatagory = "kk tables";
String accessType = "write";
try {
if (decryptionAuthorizer.authorize(resource, resourceCatagory,
accessType)) {
if (cipherHexString != null && !cipherHexString.isEmpty()) {
if (cipher != null && key != null) {
try {
byte[] ivByte = new byte[cipher.getBlockSize()];
IvParameterSpec ivParamsSpec = new IvParameterSpec(
ivByte);
cipher.init(Cipher.DECRYPT_MODE, key, ivParamsSpec);
plainTextBytes = cipher.doFinal(Hex
.decodeHex(cipherHexString.toCharArray()));
cipherHexString = new String(plainTextBytes);
log.info("Completed decryption.");
} catch (InvalidKeyException
| InvalidAlgorithmParameterException
| IllegalBlockSizeException
| BadPaddingException | DecoderException e) {
log.error("Decryption failed : " + e.getMessage());
e.printStackTrace();
throw new RuntimeException("Decryption failed : "
+ e.getMessage());
}
} else {
log.error("Decryption failed, cipher, key is null.");
throw new RuntimeException(
"Decryption failed, cipher, key is null.");
}
} else {
return cipherHexString;
}
}
} catch (AuthorizationException e) {
throw new AuthorizationException(
"User not authorized to decrypt data.");
}
return cipherHexString;
}
/**
* This method is used to manually override max key length permission, as an
* application level solution instead of configuration changes in
* security.policy.
*/
private void fixKeyLength() {
String errorString = "Failed manually overriding key-length permissions.";
int newMaxKeyLength;
try {
newMaxKeyLength = javax.crypto.Cipher.getMaxAllowedKeyLength("AES");
log.info("Initial max key size for AES : " + newMaxKeyLength);
if (newMaxKeyLength < 256) {
Class c = Class
.forName("javax.crypto.CryptoAllPermissionCollection");
Constructor con = c.getDeclaredConstructor();
con.setAccessible(true);
Object allPermissionCollection = con.newInstance();
Field f = c.getDeclaredField("all_allowed");
f.setAccessible(true);
f.setBoolean(allPermissionCollection, true);
c = Class.forName("javax.crypto.CryptoPermissions");
con = c.getDeclaredConstructor();
con.setAccessible(true);
Object allPermissions = con.newInstance();
f = c.getDeclaredField("perms");
f.setAccessible(true);
((Map) f.get(allPermissions)).put("*", allPermissionCollection);
c = Class.forName("javax.crypto.JceSecurityManager");
f = c.getDeclaredField("defaultPolicy");
f.setAccessible(true);
Field mf = Field.class.getDeclaredField("modifiers");
mf.setAccessible(true);
mf.setInt(f, f.getModifiers() & ~Modifier.FINAL);
f.set(null, allPermissions);
newMaxKeyLength = Cipher.getMaxAllowedKeyLength("AES");
log.info("Max key size permission changed, new max key size for AES : "
+ newMaxKeyLength);
}
} catch (Exception e) {
throw new RuntimeException(errorString, e);
}
if (newMaxKeyLength < 256)
throw new RuntimeException(errorString);
}
public String getAlgo() {
return algo;
}
public void setAlgo(String algo) {
this.algo = algo;
}
public String getKeyAlias() {
return keyAlias;
}
有没有一种方法可以加密输出相同的长度,即使输入字符串值的长度是不同的
数据截断:列的数据太长
1条答案
按热度按时间dba5bblo1#
很明显,您不会得到相同长度的结果,因为对称加密的结果是加密算法块大小的倍数(对于非流模式,例如
ECB
以及CBC
).在你的情况下,你有一个
varchar(25)
,因此最大大小为50字节长(每个varchar
是2字节)。那么加密结果的最大长度是32字节,因为您正在使用AES
具有16字节长块大小的算法。如果必须具有相同的大小,则需要使用流模式,例如
CTR
. 但我建议保留足够长的列,以便在CBC
模式。不管怎样,你的加密结果太长了。我猜(只是一个猜测,因为没有足够的代码)从数据库中获取字符串后,将其编码为十六进制字符串,然后将其交给加密函数。这就是为什么会得到一个很长的加密结果: