最近和其它系统联调接口,用到了Java的AES加解密。
由其它系统AES加密,本人的系统获取到加密报文后,AES解密,获取到内容。
本来是比较简单的,可是其它系统只提供了秘钥,没有提供解密方法,解密方法需要我们自己写……
正常应该是加密方提供解密方法的吧,我觉得……
结果,只能自己找解密方法,解密过程中就报了2个错:
java.security.InvalidKeyException: Invalid AES key length: 14 bytes
javax.crypto.BadPaddingException: Given final block not properly padded
还好最后都解决了,在此记录下。
出现这个错误,是秘钥长度不符合要求导致的。
例如,本人系统的代码如下:
private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding"; private static final String KEY = "1234567890abcd"; private static final String AES = "AES"; public static String decrypt(String encryptStr) { try { Cipher cipher = Cipher.getInstance(ALGORITHMSTR); //这里用的秘钥KEY就是 1234567890abcd,然后就报错了:Invalid AES key length: 14 bytes cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(KEY.getBytes(), AES)); //采用base64算法进行转码,避免出现中文乱码 byte[] encryptBytes = Base64.decodeBase64(encryptStr); byte[] decryptBytes = cipher.doFinal(encryptBytes); return new String(decryptBytes); }catch (Exception e){ log.error("decrypt({} , {})解密异常", encryptStr, decryptKey, e); } return null; }
这段会报错:cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(KEY.getBytes(), AES));
因为KEY
的值是1234567890abcd
,长度是14
,所以报错:
java.security.InvalidKeyException: Invalid AES key length: 14 bytes
如果把秘钥改为1234567890abcdef
,长度16
,就没有问题了;
但是对面系统说他们就是用的长度14的秘钥加密的,所以不能这样解决。
虽然对面系统没有给解密方法,但是还好加密方法给截图发过来了。
分析了一波,发现对面系统先对秘钥进行了处理,转为了16位的,然后才加密;
所以解密方法需要这样写:
public static String decryptTxx(String decryptStr) { try { KeyGenerator kgen = KeyGenerator.getInstance(AES); SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); //这里,KEY="1234567890abcd",长度14 secureRandom.setSeed(KEY.getBytes()); kgen.init(128, secureRandom); SecretKey secretKey = kgen.generateKey(); Cipher cipher = Cipher.getInstance(ALGORITHMSTR); //这里,用转换后的秘钥,就没有问题了 cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secretKey.getEncoded(), AES)); //采用base64算法进行转码,避免出现中文乱码 byte[] encryptBytes = Base64.decodeBase64(decryptStr); byte[] decryptBytes = cipher.doFinal(encryptBytes); return new String(decryptBytes); }catch (Exception e){ log.error("decryptTxx({} , {})解密异常", decryptStr, decryptKey, e); } return null; }
这样,用SecureRandom把长度14的秘钥转为了长度16的,然后解密,就没有问题了。
报这个错误,可能是秘钥错误、解密失败导致的。
如上,使用秘钥1234567890abcdef
解密、就会报这个错误;
需要使用秘钥1234567890abcd
解密才行。
报错Invalid AES key length: xx bytes
,是秘钥长度不符合要求导致的(例如长度不是16),需要对秘钥进行转换,或者更换秘钥、使用符合长度的秘钥。
报错Given final block not properly padded
,可能是秘钥错误、解密失败导致的,需要确认秘钥是否正确。
AES加解密完整代码如下:
import org.apache.commons.codec.binary.Base64;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import javax.crypto.Cipher;import javax.crypto.KeyGenerator;import javax.crypto.SecretKey;import javax.crypto.spec.SecretKeySpec;import java.security.SecureRandom;public class AesEncryptUtils { private static Logger log = LoggerFactory.getLogger(AesEncryptUtils.class); private static final String ALGORITHMSTR = "AES/ECB/PKCS5Padding"; private static final String KEY = "1234567890abcdef"; //private static final String KEY = "1234567890abcd"; private static final String AES = "AES"; public static String encrypt(String content, String encryptKey){ try { KeyGenerator kgen = KeyGenerator.getInstance(AES); kgen.init(128); Cipher cipher = Cipher.getInstance(ALGORITHMSTR); cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), AES)); byte[] b = cipher.doFinal(content.getBytes("utf-8")); //采用base64算法进行转码,避免出现中文乱码 return Base64.encodeBase64String(b); }catch (Exception e){ log.error("encrypt({} , {})加密异常", content, encryptKey, e); } return null; } public static String decrypt(String encryptStr, String decryptKey) { try { Cipher cipher = Cipher.getInstance(ALGORITHMSTR); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(KEY.getBytes(), AES)); //采用base64算法进行转码,避免出现中文乱码 byte[] encryptBytes = Base64.decodeBase64(encryptStr); byte[] decryptBytes = cipher.doFinal(encryptBytes); return new String(decryptBytes); }catch (Exception e){ log.error("decrypt({} , {})解密异常", encryptStr, decryptKey, e); } return null; } public static String decryptNew(String decryptStr, String decryptKey) { try { KeyGenerator kgen = KeyGenerator.getInstance(AES); SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); secureRandom.setSeed(decryptKey.getBytes()); kgen.init(128, secureRandom); SecretKey secretKey = kgen.generateKey(); Cipher cipher = Cipher.getInstance(ALGORITHMSTR); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(secretKey.getEncoded(), AES)); //采用base64算法进行转码,避免出现中文乱码 byte[] encryptBytes = Base64.decodeBase64(decryptStr); byte[] decryptBytes = cipher.doFinal(encryptBytes); return new String(decryptBytes); }catch (Exception e){ log.error("decryptNew({} , {})解密异常", decryptStr, decryptKey, e); } return null; } public static String encryptNew(String encryptStr, String encryptKey) { try { KeyGenerator kgen = KeyGenerator.getInstance(AES); SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG"); secureRandom.setSeed(encryptKey.getBytes()); kgen.init(128,secureRandom); SecretKey secretKey = kgen.generateKey(); Cipher cipher = Cipher.getInstance(ALGORITHMSTR); cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(secretKey.getEncoded(), AES)); byte[] b = cipher.doFinal(encryptStr.getBytes("utf-8")); //采用base64算法进行转码,避免出现中文乱码 return Base64.encodeBase64String(b); }catch (Exception e){ log.error("encryptNew({} , {})加密异常", encryptStr, encryptKey, e); } return null; } public static void main (String[] args) throws Exception{ String str = "123"; String encrypt = encrypt(str , KEY); System.out.println("加密后:" + encrypt); String decrypt = decrypt(encrypt , KEY); System.out.println("解密后:" + decrypt); String encrypt1 = encryptNew(str , KEY); System.out.println("加密后:" + encrypt1); String decrypt1 = decryptNew(encrypt1 , KEY); System.out.println("解密后:" + decrypt1); }}