1.JAVA ï¼ javax.net.ssl.SSLProtocolException: handshake alert: handshake_failure
2.JAVAå.NET使ç¨DES对称å å¯çåºå«
JAVA ï¼ javax.net.ssl.SSLProtocolException: handshake alert: handshake_failure
1ãå¨æå¡å¨ç«¯ä¿è¯jdkçæ¬æ¯1.6å以ä¸
2ãå¦ææ¯Tomcatè¿ç¨ï¼å¨catalina.shå ä¸JAVA_OPTS="$JAVA_OPTS -Djsse.enableSNIExtension=false"
3ãå¦ææ¯Javaç¬ç«è¿ç¨ï¼å ä¸ä»£ç System.setProperty("jsse.enableSNIExtension",源码连招源码 "false");
JAVAå.NET使ç¨DES对称å å¯çåºå«
JAVAå.NETçç³»ç»ç±»åºéé½æå°è£ DES对称å å¯çå®ç°æ¹å¼ï¼ä½æ¯å¯¹å¤æ´é²çæ¥å£å´åä¸ç¸åï¼çè³ææ¶ä¼è®©èªå·±é¾ä»¥è§£å³å ¶ä¸çé®é¢ï¼æ¯å¦JAVAå å¯åçç»æå¨.NETä¸è§£å¯ä¸åºæ¥çï¼ç±äºæè¿é¡¹ç®æè·¨JAVAå.NETçå 解å¯ï¼ç»è¿æçåæè°è¯ï¼ç»äºè®©å®ä»¬å¯ä»¥äºç¸å å¯è§£å¯äºã
DESå å¯
DESæ¯ä¸ç§å¯¹ç§°å å¯(Data Encryption Standard)ç®æ³ï¼ä»¥åæåè¿ä¸ç¯æç« ï¼.NETä¸å å¯è§£å¯ç¸å ³ç¥è¯ï¼æè¿ç®åæè¿°ã
DESç®æ³ä¸è¬æä¸¤ä¸ªå ³é®ç¹ï¼ç¬¬ä¸ä¸ªæ¯å å¯ç®æ³ï¼ç¬¬äºä¸ªæ¯æ°æ®è¡¥ä½ã
å å¯ç®æ³å¸¸è§çæECB模å¼åCBC模å¼ï¼
ECB模å¼ï¼çµåå¯æ¬æ¹å¼ï¼è¿æ¯JAVAå°è£ çDESç®æ³çé»è®¤æ¨¡å¼ï¼å°±æ¯å°æ°æ®æç §8个åèä¸æ®µè¿è¡DESå å¯æ解å¯å¾å°ä¸æ®µ8个åèçå¯ææè ææï¼æåä¸æ®µä¸è¶³8个åèï¼å补足8个åèï¼æ³¨æï¼è¿éå°±æ¶åå°æ°æ®è¡¥ä½äºï¼è¿è¡è®¡ç®ï¼ä¹åæç §é¡ºåºå°è®¡ç®æå¾çæ°æ®è¿å¨ä¸èµ·å³å¯ï¼å段æ°æ®ä¹é´äºä¸å½±åã
CBC模å¼ï¼å¯æåç»é¾æ¥æ¹å¼ï¼è¿æ¯.NETå°è£ çDESç®æ³çé»è®¤æ¨¡å¼ï¼å®æ¯è¾éº»ç¦ï¼å å¯æ¥éª¤å¦ä¸ï¼
1ãé¦å å°æ°æ®æç §8个åèä¸ç»è¿è¡åç»å¾å°D1D2......Dnï¼è¥æ°æ®ä¸æ¯8çæ´æ°åï¼å°±æ¶åå°æ°æ®è¡¥ä½äºï¼
2ã第ä¸ç»æ°æ®D1ä¸åéIå¼æåçç»æè¿è¡DESå å¯å¾å°ç¬¬ä¸ç»å¯æC1ï¼æ³¨æï¼è¿éæåéIç说æ³ï¼ECB模å¼ä¸æ²¡æ使ç¨åéIï¼
3ã第äºç»æ°æ®D2ä¸ç¬¬ä¸ç»çå å¯ç»æC1å¼æ以åçç»æè¿è¡DESå å¯ï¼å¾å°ç¬¬äºç»å¯æC2
4ãä¹åçæ°æ®ä»¥æ¤ç±»æ¨ï¼å¾å°Cn
5ãæ顺åºè¿ä¸ºC1C2C3......Cnå³ä¸ºå å¯ç»æã
æ°æ®è¡¥ä½ä¸è¬æNoPaddingåPKCS7Padding(JAVAä¸æ¯PKCS5Padding)å¡«å æ¹å¼ï¼PKCS7PaddingåPKCS5Paddingå®é åªæ¯åè®®ä¸ä¸æ ·ï¼æ ¹æ®ç¸å ³èµæ说æï¼PKCS5Paddingæç¡®å®ä¹äºå å¯åæ¯8åèï¼PKCS7Paddingå å¯å¿«å¯ä»¥æ¯1-ä¹é´ãä½æ¯å°è£ çDESç®æ³é»è®¤é½æ¯8åèï¼æ以å¯ä»¥è®¤ä¸ºä»ä»¬ä¸æ ·ãæ°æ®è¡¥ä½å®é æ¯å¨æ°æ®ä¸æ»¡8åèçåæ°ï¼æè¡¥å å°8åèçåæ°çå¡«å è¿ç¨ã
NoPaddingå¡«å æ¹å¼ï¼ç®æ³æ¬èº«ä¸å¡«å ï¼æ¯å¦.NETçpaddingæä¾äºæNoneï¼Zerosæ¹å¼ï¼åå«ä¸ºä¸å¡«å åå¡«å 0çæ¹å¼ã
PKCS7Paddingï¼PKCS5Paddingï¼å¡«å æ¹å¼ï¼ä¸º.NETåJAVAçé»è®¤å¡«å æ¹å¼ï¼å¯¹å å¯æ°æ®åèé¿åº¦å¯¹8åä½ä¸ºrï¼å¦r大äº0ï¼åè¡¥8-r个åèï¼åè为8-rçå¼ï¼å¦ærçäº0ï¼åè¡¥8个åè8ãæ¯å¦ï¼
å å¯å符串为为AAAï¼åè¡¥ä½ä¸ºAAA;å å¯å符串为BBBBBBï¼åè¡¥ä½ä¸ºBBBBBBï¼å å¯å符串为CCCCCCCCï¼åè¡¥ä½ä¸ºCCCCCCCCã
.NETä¸çDESå å¯
对äº.NETï¼æ¡æ¶å¨System.Security.Cryptographyå½å空é´ä¸æä¾äºDESCryptoServiceProviderä½ä¸ºSystem.Security.Cryptography.DESå å¯è§£å¯çå è£ æ¥å£ï¼å®æä¾äºå¦ä¸ç4个æ¹æ³ï¼
public override ICryptoTransform CreateDecryptor(byte[] rgbKey, byte[] rgbIV)
public override ICryptoTransform CreateEncryptor(byte[] rgbKey, byte[] rgbIV)
public override void GenerateIV()
public override void GenerateKey()
ä».NETç±»åºå°è£ æ åµï¼å 解å¯éè¦ä¼ å ¥ä¸ä¸ªKeyåIVåéãèä¸Keyå¿ é¡»ä¸º8åèçæ°æ®ï¼å¦åä¼ç´æ¥æå¼å¸¸åºæ¥ï¼å½ä½¿ç¨ECB模å¼ä¸ï¼ä¸ç®¡ä¼ å ¥ä»ä¹IVåéï¼å å¯ç»æé½ä¸æ ·ã示ä¾ä»£ç å¦ä¸ï¼
public static string EncryptWithJava(string key, string str)
{
if (key.Length < 8 || string.IsNullOrEmpty(str))
{
throw new Exception("å å¯keyå°äº8æè å å¯å符串为空ï¼");
}
byte[] bKey = Encoding.UTF8.GetBytes(key.Substring(0, 8));
byte[] bIV = IV;
byte[] bStr = Encoding.UTF8.GetBytes(str);
try
{
DESCryptoServiceProvider desc = new DESCryptoServiceProvider();
desc.Padding = PaddingMode.PKCS7;//è¡¥ä½
desc.Mode = CipherMode.ECB;//CipherMode.CBC
using (MemoryStream mStream = new MemoryStream())
{
using (CryptoStream cStream = new CryptoStream(mStream, desc.CreateEncryptor(bKey, bIV), CryptoStreamMode.Write))
{
cStream.Write(bStr, 0, bStr.Length);
cStream.FlushFinalBlock();
StringBuilder ret = new StringBuilder();
byte[] res = mStream.ToArray();
foreach (byte b in res)
{
ret.AppendFormat("{ 0:x2}", b);
}
return ret.ToString();
}
}
}
catch
{
return string.Empty;
}
}
ç±äºä¸ºECB模å¼ï¼å æ¤IVè¿é设置ä»ä¹å¼é½æ¯å¯ä»¥çï¼å½ä¸ºCBC模å¼ä¸ï¼åéè¦è®¾ç½®ä¸ºå ¶ä»å¼ï¼æ¯å¦ï¼public static byte[] IV = { 0x, 0x, 0x, 0x, 0x, 0x, 0x, 0x }ï¼æè½æ£å¸¸å å¯è§£å¯ã
JAVAä¸çDESå å¯
JAVAçjavax.crypto.Cipherå ä¸ï¼æä¾äºå å¯è§£å¯çåè½ï¼å®çéægetInstanceæ¹æ³ï¼å¯ä»¥è¿åä¸ä¸ªCipher对象ï¼ä¸è¬æpublic static final Cipher getInstance(String transformation)æ¹æ³ï¼transformation为ï¼algorithm/mode/paddingï¼åå«è¡¨ç¤ºç®æ³å称ï¼æ¯å¦DESï¼ä¹å¯ä»¥å¨åé¢å å«ç®æ³æ¨¡å¼åå¡«å æ¹å¼ï¼ä½ä¹å¯ä»¥åªæ¯ç®æ³å称ï¼å¦ä¸ºï¼"DES/CBC/PKCS5Padding"ï¼"DES"çãJAVAä¸é»è®¤çç®æ³ä¸ºECBï¼é»è®¤å¡«å æ¹å¼ä¸ºPKCS5PaddingãCipherçInitæ¹æ³ç¨æ¥åå§åå å¯å¯¹è±¡ï¼å¸¸è§çæï¼
public final void init(int opmode, Key key, AlgorithmParameterSpec params) ï¼
public final void init(int opmode,Key key, SecureRandom random)ï¼ç¨SecureRandomæ¶ï¼ä¸è¬ç¨äºä¸éè¦IVçç®æ³æ¨¡å¼ï¼ç¤ºä¾ä»£ç å¦ä¸ï¼
public static String encrypt2(String src) throws Exception {
SecureRandom sr = new SecureRandom();
DESKeySpec ks = new DESKeySpec(KEY.getBytes("UTF-8"));
SecretKeyFactory skf = SecretKeyFactory.getInstance("DES");
SecretKey sk = skf.generateSecret(ks);
Cipher cip = Cipher.getInstance("DES/CBC/PKCS5Padding");//Cipher.getInstance("DES");
IvParameterSpec iv2 = new IvParameterSpec(IV);
cip.init(Cipher.ENCRYPT_MODE, sk, iv2);//IVçæ¹å¼
//cip.init(Cipher.ENCRYPT_MODE, sk, sr);//没æä¼ éIV
String dest = byteToHex(cip.doFinal(src.getBytes("UTF-8")));
return dest;
}
å½é»è®¤ç¨DESï¼JAVAä¼ç¨ECB模å¼ï¼å æ¤è¿éIVåé没æä½ç¨ï¼è¿éï¼ä½å½ç¨CBC模å¼ä¸ï¼å¦æè¿æ¯ç¨SecureRandomï¼åæ¯æ¬¡å å¯çç»æé½ä¼ä¸ä¸æ ·ï¼å 为JAVAå é¨ä¼ç¨éæºçIVæ¥åå§åCipher对象ï¼å¦ç¤ºä¾ä»£ç ï¼ç±äºCipher.getInstance("DES/CBC/PKCS5Padding")使ç¨äºCBCï¼å æ¤æè¿éç¨çjavax.crypto.spec.IvParameterSpecå ä¸çIvParameterSpecæ¥åå§ååéIVï¼
Private final static byte[] IV = new byte[] { 0x, 0x, 0x, 0x, 0x, 0x, 0x, 0x};
æ»ç»
对äº.NETåJAVAå¨ä½¿ç¨DES对称å å¯æ¶ï¼éè¦å¤§å®¶æå®ä¸æ ·çç®æ³åå¡«å 模å¼ï¼å¹¶ä¸JAVAå¨åDESå 解å¯ç®æ³æ¶ï¼è¿éè¦æ ¹æ®å建Cipher对象çä¸åï¼æ£ç¡®ä½¿ç¨IVåéãå¨ä¸åç³»ç»éè¦äºç¸æ°æ®æ¶ï¼å¿ é¡»è¦æç¡®çæ¯å å¯ç®æ³ï¼Keyåç®æ³æ¨¡å¼ï¼åæ ¹æ®ä¸å模å¼æ¯å¦éè¦IVåéï¼æåæ¯å¡«å 模å¼ã
æ¬ææ¯ç»è¿èªå·±ç¿»é èµæååå¤è°è¯ä»£ç èåºæ¥çï¼å¦æé®é¢ï¼è¯·ææ£ã