I'm using the Java Cryptography API with AES to encrypt short strings of text for use in user identifying cookies.
我正在使用带有AES的Java Cryptography API来加密短文本字符串,以用于用户识别cookie。
It's my understanding that some encryption algorithms are not secure when used with small amounts of text when compared to the size of the key. What do I need to know in order to make sure that I am not leaving my data insecure? Do I need to ensure that the string to encrypt is longer than the key? Are there other landmines?
我的理解是,与密钥的大小相比,当使用少量文本时,某些加密算法是不安全的。我需要知道什么才能确保我不会让数据不安全?我是否需要确保要加密的字符串比密钥长?还有其他地雷吗?
To generate a key I'm doing the following with encryptionType = "AES" and keySize = 128:
要生成密钥,我正在使用encryptionType =“AES”和keySize = 128执行以下操作:
public SecretKey createKey() throws NoSuchAlgorithmException {
KeyGenerator keyGen = KeyGenerator.getInstance(encryptionType);
keyGen.init(keySize); // 192 and 256 bits may not be available
return keyGen.generateKey();
}
public String encrypt(Key key, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, UnsupportedEncodingException, IllegalBlockSizeException, BadPaddingException {
Cipher ecipher = Cipher.getInstance(encryptionType);
ecipher.init(Cipher.ENCRYPT_MODE, key);
byte[] utf8 = str.getBytes("UTF8");
byte[] enc = ecipher.doFinal(utf8);
return new BASE64Encoder().encode(enc);
}
public String decrypt(Key key, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException, IllegalBlockSizeException, BadPaddingException {
Cipher dcipher = Cipher.getInstance(encryptionType);
dcipher.init(Cipher.DECRYPT_MODE, key);
byte[] dec = new BASE64Decoder().decodeBuffer(str);
byte[] utf8 = dcipher.doFinal(dec);
return new String(utf8, "UTF8");
}
3 个解决方案
#1
You will need to familiarise yourself with the principles of designing a secure system, which goes beyond picking a particular encryption algorithm.
您需要熟悉设计安全系统的原则,这不仅仅是选择特定的加密算法。
In principle AES is designed to be secure encrypting packets in their smallest size (16 bytes). But you need to pay attention to its usage in the overall security scheme. Pay attention to your overall protocol design.
原则上,AES被设计为以最小尺寸(16字节)安全加密数据包。但是你需要注意它在整体安全方案中的用法。注意您的整体协议设计。
For example I've heard of some online game in the past (can't locate a reference sorry), which encrypted all its data. The problem was, it didn't include any "seed". So the command to do something in particular, such as give the player an extra life, was the same sequence of (encrypted) bytes every time. So a player could just duplicate that packet, and resend it to the server many times, without ever having to know what unencrypted data was contained in the packet.
例如,我以前听说过一些在线游戏(找不到引用抱歉),它加密了所有数据。问题是,它不包括任何“种子”。因此,特别是做某事的命令,例如给予玩家额外的生命,每次都是相同的(加密)字节序列。因此,玩家可以复制该数据包,并将其重新发送到服务器多次,而无需知道数据包中包含的未加密数据。
#2
While short messages will require padding, the question says nothing about the padding to be used. The choice of padding could affect the security of some ciphers.
虽然短消息需要填充,但问题并未说明要使用的填充。填充的选择可能会影响某些密码的安全性。
Also, no cipher mode is specified in the question. For short, random "messages", such as randomly selected user identifiers, ECB mode is secure, and has the advantage that no initialization vector is needed for the cipher. For messages greater than 16 bytes, however, using ECB mode can reveal patterns in the plaintext, and is vulnerable to replay attacks.
此外,问题中未指定密码模式。简而言之,随机“消息”,例如随机选择的用户标识符,ECB模式是安全的,并且具有密码不需要初始化向量的优点。但是,对于大于16字节的消息,使用ECB模式可以显示明文中的模式,并且易受重放攻击。
Using other modes (CBC is common) will require a different initialization vector for each message. Obviously, decryption will require the IV, and that usually leads to it being passed around along with the ciphertext.
使用其他模式(CBC是常见的)将需要为每个消息使用不同的初始化向量。显然,解密将需要IV,这通常会导致它与密文一起传递。
#3
You might start with this list of the Top 25 Most Dangerous Software Errors, which refers specifically to security errors.
您可以从此25个最危险软件错误列表开始,该错误专门针对安全错误。
#1
You will need to familiarise yourself with the principles of designing a secure system, which goes beyond picking a particular encryption algorithm.
您需要熟悉设计安全系统的原则,这不仅仅是选择特定的加密算法。
In principle AES is designed to be secure encrypting packets in their smallest size (16 bytes). But you need to pay attention to its usage in the overall security scheme. Pay attention to your overall protocol design.
原则上,AES被设计为以最小尺寸(16字节)安全加密数据包。但是你需要注意它在整体安全方案中的用法。注意您的整体协议设计。
For example I've heard of some online game in the past (can't locate a reference sorry), which encrypted all its data. The problem was, it didn't include any "seed". So the command to do something in particular, such as give the player an extra life, was the same sequence of (encrypted) bytes every time. So a player could just duplicate that packet, and resend it to the server many times, without ever having to know what unencrypted data was contained in the packet.
例如,我以前听说过一些在线游戏(找不到引用抱歉),它加密了所有数据。问题是,它不包括任何“种子”。因此,特别是做某事的命令,例如给予玩家额外的生命,每次都是相同的(加密)字节序列。因此,玩家可以复制该数据包,并将其重新发送到服务器多次,而无需知道数据包中包含的未加密数据。
#2
While short messages will require padding, the question says nothing about the padding to be used. The choice of padding could affect the security of some ciphers.
虽然短消息需要填充,但问题并未说明要使用的填充。填充的选择可能会影响某些密码的安全性。
Also, no cipher mode is specified in the question. For short, random "messages", such as randomly selected user identifiers, ECB mode is secure, and has the advantage that no initialization vector is needed for the cipher. For messages greater than 16 bytes, however, using ECB mode can reveal patterns in the plaintext, and is vulnerable to replay attacks.
此外,问题中未指定密码模式。简而言之,随机“消息”,例如随机选择的用户标识符,ECB模式是安全的,并且具有密码不需要初始化向量的优点。但是,对于大于16字节的消息,使用ECB模式可以显示明文中的模式,并且易受重放攻击。
Using other modes (CBC is common) will require a different initialization vector for each message. Obviously, decryption will require the IV, and that usually leads to it being passed around along with the ciphertext.
使用其他模式(CBC是常见的)将需要为每个消息使用不同的初始化向量。显然,解密将需要IV,这通常会导致它与密文一起传递。
#3
You might start with this list of the Top 25 Most Dangerous Software Errors, which refers specifically to security errors.
您可以从此25个最危险软件错误列表开始,该错误专门针对安全错误。