【问题标题】:AES BadTag Exception when I try to decrypt in android当我尝试在android中解密时出现AES BadTag异常
【发布时间】:2020-12-17 16:50:59
【问题描述】:

我正在尝试使用 AES 加密来加密一个简单的字符串。 目前我正在使用KeyGenerator 生成一个秘密密钥,我正在使用Secure Random 生成一个16字节的随机IV

问题是,当我运行这段代码时:

  @RequiresApi(Build.VERSION_CODES.M)
    override fun onCreate(savedInstanceState: Bundle?) {
        super.onCreate(savedInstanceState)
        setContentView(R.layout.activity_main)

        val random = SecureRandom()
        val iv = ByteArray(12)
        random.nextBytes(iv)
        aesKeystoreAESWrapper = AES_WRAPPER()
        aesKeystoreAESWrapper.createSymmetricKey()
        val teste = aesKeystoreAESWrapper.encrypt("OLA MALTA", iv)
        val result = aesKeystoreAESWrapper.decrypt(teste, iv)


        ola.text = result

    }

我得到一个运行时执行:javax.crypto.AEADBadTagException

我不知道问题出在哪里,我尝试在多个网站中搜索但找不到遮阳篷。

这是我的 AES 代码:

class AES_WRAPPER {

    fun ByteArray.fromBytetoString() = String(this,Charsets.UTF_8)
    companion object{
        const val AES_NOPAD_TRANS = "AES/GCM/NoPadding" //Format - ”Algorithm/Mode/Padding”
        const val ANDROID_KEYSTORE = "AndroidKeyStore"
        const val KEY_ALIAS = "Keyalaisasf"
    }

    private fun createKeyStore(): KeyStore {
        val keyStore = KeyStore.getInstance(ANDROID_KEYSTORE)
        keyStore.load(null)
        return keyStore
    }

    @RequiresApi(23)
    fun createSymmetricKey() : SecretKey {
        try{
            val keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEYSTORE)

            val keyGenParameterSpec = KeyGenParameterSpec.Builder(
                KEY_ALIAS,
                KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
                .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
                .setRandomizedEncryptionRequired(false)
                .build()
            keyGenerator.init(keyGenParameterSpec)
            return keyGenerator.generateKey()
        } catch (e: NoSuchAlgorithmException) {
            throw RuntimeException("Failed to create a symmetric key", e)
        } catch (e: NoSuchProviderException) {
            throw RuntimeException("Failed to create a symmetric key", e)
        } catch (e: InvalidAlgorithmParameterException) {
            throw RuntimeException("Failed to create a symmetric key", e)
        }
    }

    fun encrypt(data: String, initVector: ByteArray) : ByteArray{
        val iv = GCMParameterSpec(128, initVector)

        val cipher = Cipher.getInstance(AES_NOPAD_TRANS)
        cipher.init(Cipher.ENCRYPT_MODE, getSymmetricKey(), iv)

        val encrypted = cipher.doFinal(data.toByteArray())

        return encrypted
    }

    fun decrypt(data: ByteArray, initVector: ByteArray) : String{
        val iv = GCMParameterSpec(128, initVector)

        val cipher = Cipher.getInstance(AES_NOPAD_TRANS)
        cipher.init(Cipher.DECRYPT_MODE, getSymmetricKey(), iv)

        val decrypted = cipher.doFinal(data)

        return decrypted.fromBytetoString()
    }

    @SuppressLint("NewApi")
    fun getSymmetricKey(): SecretKey {
        /*val keysore = keyStore.getEntry(KEY_ALIAS, null) as KeyStore.SecretKeyEntry
        return keysore.secretKey*/

        val keyStore = createKeyStore()

        if(!isKeyExists(keyStore)){
            createSymmetricKey()
        }

        return keyStore.getKey(KEY_ALIAS,null) as SecretKey
    }

    fun isKeyExists(keyStore : KeyStore): Boolean {
        val aliases = keyStore.aliases()
        while (aliases.hasMoreElements()) {
            return (KEY_ALIAS == aliases.nextElement())
        }
        return false
    }

}

更新,LOGCAT:

E/AndroidRuntime: FATAL EXCEPTION: main
    Process: io.github.andre00nogueira.myapplication, PID: 10135
    java.lang.RuntimeException: Unable to start activity ComponentInfo{io.github.andre00nogueira.myapplication/io.github.andre00nogueira.myapplication.MainActivity}: javax.crypto.AEADBadTagException
        at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3270)
        at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3409)
        at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:83)
        at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
        at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2016)
        at android.os.Handler.dispatchMessage(Handler.java:107)
        at android.os.Looper.loop(Looper.java:214)
        at android.app.ActivityThread.main(ActivityThread.java:7356)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:930)
     Caused by: javax.crypto.AEADBadTagException
        at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
        at javax.crypto.Cipher.doFinal(Cipher.java:2055)
        at io.github.andre00nogueira.myapplication.WRAPPER.decrypt(WRAPPER.kt:73)
        at io.github.andre00nogueira.myapplication.MainActivity.onCreate(MainActivity.kt:29)
        at android.app.Activity.performCreate(Activity.java:7802)
        at android.app.Activity.performCreate(Activity.java:7791)
        at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1299)
        at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3245)
        at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3409) 
        at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:83) 
        at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135) 
        at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95) 
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2016) 
        at android.os.Handler.dispatchMessage(Handler.java:107) 
        at android.os.Looper.loop(Looper.java:214) 
        at android.app.ActivityThread.main(ActivityThread.java:7356) 
        at java.lang.reflect.Method.invoke(Native Method) 
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492) 
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:930) 
     Caused by: android.security.KeyStoreException: Signature/MAC verification failed
        at android.security.KeyStore.getKeyStoreException(KeyStore.java:1292)
        at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224)
        at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373)
        at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)

【问题讨论】:

  • 我无法重现该问题。未经修改的代码在我的机器上执行没有任何问题,尤其是解密工作(Android P,API Level 28以及Android O,API Level 27)。
  • 真的吗?这是我的 logcat,在 API 29 上运行,请查看更新版本
  • 您确定没有具有给定别名但具有不同属性的旧密钥吗? (旁注:有一个containsAlias 方法,因此您不必遍历所有别名)。
  • isKeyExists 中的逻辑只有在商店中只有一个别名时才能可靠地工作。如果还有更多,则在第一次迭代后中止,结果由第一个别名确定。而不是第一个return 语句应该有类似if (KEY_ALIAS == aliases.nextElement()) return true 的东西。应该是这样,因为这样会产生不同的加解密密钥对吧?
  • 如果使用Michael的建议,即isKeyExists(keyStore)替换为keyStore.containsAlias(KEY_ALIAS),问题就自行解决了。

标签: android kotlin encryption aes


【解决方案1】:

问题是由isKeyExists() 函数引起的,它应该检查KEY_ALIAS 是否包含在密钥库中。但是,当前实现仅检查 aliases.nextElement() 找到的 first 别名与 KEY_ALIAS 并返回此结果。因此,只有在密钥库中只有一个别名时,此功能才能可靠地工作。如果KEY_ALIAS 在密钥库中但aliases.nextElement() 没有首先找到,则使用多个别名会导致假阴性 结果。因此,为加密和解密创建了不同的密钥,这会在解密期间引发 AEADBadTagException

如果将isKeyExists()中while循环中的return语句替换为

if (KEY_ALIAS == aliases.nextElement()) 返回 true

或者,正如迈克尔评论中所建议的那样,如果 isKeyExists(keyStore)getSymmetricKey() 中被 keyStore.containsAlias(KEY_ALIAS) 替换。

【讨论】:

    猜你喜欢
    • 2019-09-02
    • 2019-06-07
    • 1970-01-01
    • 1970-01-01
    • 2022-06-12
    • 2018-03-06
    • 1970-01-01
    • 2015-08-03
    相关资源
    最近更新 更多