0

Excuse my poor English, this is the AES encryption I use in JAVA

import javax.crypto.*;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;


/*
 * AES对称加密和解密
 */
public class AESUtil {
    public static byte[] encrypt(String content, String password) {
        try {
            KeyGenerator kgen = KeyGenerator.getInstance( "AES" );
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG" );
            secureRandom.setSeed(password.getBytes());
            kgen.init(128,secureRandom);
            SecretKey secretKey = kgen.generateKey();
            byte[] enCodeFormat = secretKey.getEncoded();
            SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES");
            Cipher cipher = Cipher.getInstance("AES");
            byte[] byteContent = content.getBytes("utf-8");
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] result = cipher.doFinal(byteContent);
            return result;

        } catch (NoSuchPaddingException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        } catch (BadPaddingException e) {
            e.printStackTrace();
        }
        return null;
    }

    /**
     * 解密AES加密过的字符串
     *
     * @param content
     *            AES加密过过的内容
     * @param password
     *            加密时的密码
     * @return 明文
     */
    public static byte[] decrypt(byte[] content, String password) {
        try {
            KeyGenerator kgen = KeyGenerator.getInstance( "AES" );
            SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG" );
            secureRandom.setSeed(password.getBytes());
            kgen.init(128,secureRandom);
            SecretKey secretKey = kgen.generateKey();
            byte[] enCodeFormat = secretKey.getEncoded();
            SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES");
            Cipher cipher = Cipher.getInstance("AES");
            cipher.init(Cipher.DECRYPT_MODE, key);
            byte[] result = cipher.doFinal(content);
            return result;

        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (NoSuchPaddingException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (IllegalBlockSizeException e) {
            e.printStackTrace();
        } catch (BadPaddingException e) {
            e.printStackTrace();
        }
        return null;
    }
    /**将二进制转换成16进制
     * @param buf
     * @return
     */
    public static String parseByte2HexStr(byte buf[]) {
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < buf.length; i++) {
            String hex = Integer.toHexString(buf[i] & 0xFF);
            if (hex.length() == 1) {
                hex = '0' + hex;
            }
            sb.append(hex.toUpperCase());
        }
        return sb.toString();
    }

    /**将16进制转换为二进制
     * @param hexStr
     * @return
     */
    public static byte[] parseHexStr2Byte(String hexStr) {
        if (hexStr.length() < 1) {
            return null;
        }
        byte[] result = new byte[hexStr.length()/2];
        for (int i = 0;i< hexStr.length()/2; i++) {
            int high = Integer.parseInt(hexStr.substring(i*2, i*2+1), 16);
            int low = Integer.parseInt(hexStr.substring(i*2+1, i*2+2), 16);
            result[i] = (byte) (high * 16 + low);
        }
        return result;
    }

    public static String AesEncryption(String data, String password){
        byte[] shellEncrypt = encrypt(data, password);
        return parseByte2HexStr(shellEncrypt);
    }
    public static String AesDecrypt(String data, String password){
        byte[] twoStrResult = parseHexStr2Byte(data);
        byte[] decrypt = decrypt(twoStrResult, password);
        return new String(decrypt);
    }


    public static void main(String[] args) throws Exception {

        String password = "27c8fa1a46baabda88d2b977de272c1f";
        String s = AesEncryption("sdasdasd", password);

        System.out.println(s);

    }

}

The result is the same every time

Now to Android each time the result is different, without changing the JAVA platform side of the encryption on the premise of what should I do

Because the JAVA side involves other applications, it cannot be modified. Is there any way to solve it on the Android side

nabi
  • 1
  • 1
    The code uses a pseudorandom number generator (PRNG), namely `SHA1PRNG` as key derivation function (KDF). The algorithm of the PRNG can change across versions, providers and platforms, so that even with the same seed different values result, as is the case in your example (for Android even a different one each time). See [here](https://stackoverflow.com/a/20134336/9014097) for more details. Fix: Use a KDF, e.g. PBKDF2 (i.e. you probably won't get around a change on the Java side either). – Topaco Mar 30 '23 at 07:16
  • 1
    Another problem may arise due to `Cipher.getInstance("AES")`. Here, mode and padding should also be specified, otherwise provider-dependent default values are used, which can also cause problems across platforms. The SunJCE Provioder applies ECB mode and PKCS#7 Padding (which corresponds to `Cipher.getInstance("AES/ECB/PKCS5Padding")`. Other vulnerabilities are the insecure ECB mode and missing encoding specifications in `getBytes()` and `new String()`. – Topaco Mar 30 '23 at 07:19

0 Answers0