【发布时间】:2020-12-17 16:50:59
【问题描述】:
我正在尝试使用 AES 加密来加密一个简单的字符串。
目前我正在使用KeyGenerator 生成一个秘密密钥,我正在使用Secure Random 生成一个16字节的随机IV
问题是,当我运行这段代码时:
@RequiresApi(Build.VERSION_CODES.M)
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
val random = SecureRandom()
val iv = ByteArray(12)
random.nextBytes(iv)
aesKeystoreAESWrapper = AES_WRAPPER()
aesKeystoreAESWrapper.createSymmetricKey()
val teste = aesKeystoreAESWrapper.encrypt("OLA MALTA", iv)
val result = aesKeystoreAESWrapper.decrypt(teste, iv)
ola.text = result
}
我得到一个运行时执行:javax.crypto.AEADBadTagException
我不知道问题出在哪里,我尝试在多个网站中搜索但找不到遮阳篷。
这是我的 AES 代码:
class AES_WRAPPER {
fun ByteArray.fromBytetoString() = String(this,Charsets.UTF_8)
companion object{
const val AES_NOPAD_TRANS = "AES/GCM/NoPadding" //Format - ”Algorithm/Mode/Padding”
const val ANDROID_KEYSTORE = "AndroidKeyStore"
const val KEY_ALIAS = "Keyalaisasf"
}
private fun createKeyStore(): KeyStore {
val keyStore = KeyStore.getInstance(ANDROID_KEYSTORE)
keyStore.load(null)
return keyStore
}
@RequiresApi(23)
fun createSymmetricKey() : SecretKey {
try{
val keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEYSTORE)
val keyGenParameterSpec = KeyGenParameterSpec.Builder(
KEY_ALIAS,
KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.setRandomizedEncryptionRequired(false)
.build()
keyGenerator.init(keyGenParameterSpec)
return keyGenerator.generateKey()
} catch (e: NoSuchAlgorithmException) {
throw RuntimeException("Failed to create a symmetric key", e)
} catch (e: NoSuchProviderException) {
throw RuntimeException("Failed to create a symmetric key", e)
} catch (e: InvalidAlgorithmParameterException) {
throw RuntimeException("Failed to create a symmetric key", e)
}
}
fun encrypt(data: String, initVector: ByteArray) : ByteArray{
val iv = GCMParameterSpec(128, initVector)
val cipher = Cipher.getInstance(AES_NOPAD_TRANS)
cipher.init(Cipher.ENCRYPT_MODE, getSymmetricKey(), iv)
val encrypted = cipher.doFinal(data.toByteArray())
return encrypted
}
fun decrypt(data: ByteArray, initVector: ByteArray) : String{
val iv = GCMParameterSpec(128, initVector)
val cipher = Cipher.getInstance(AES_NOPAD_TRANS)
cipher.init(Cipher.DECRYPT_MODE, getSymmetricKey(), iv)
val decrypted = cipher.doFinal(data)
return decrypted.fromBytetoString()
}
@SuppressLint("NewApi")
fun getSymmetricKey(): SecretKey {
/*val keysore = keyStore.getEntry(KEY_ALIAS, null) as KeyStore.SecretKeyEntry
return keysore.secretKey*/
val keyStore = createKeyStore()
if(!isKeyExists(keyStore)){
createSymmetricKey()
}
return keyStore.getKey(KEY_ALIAS,null) as SecretKey
}
fun isKeyExists(keyStore : KeyStore): Boolean {
val aliases = keyStore.aliases()
while (aliases.hasMoreElements()) {
return (KEY_ALIAS == aliases.nextElement())
}
return false
}
}
更新,LOGCAT:
E/AndroidRuntime: FATAL EXCEPTION: main
Process: io.github.andre00nogueira.myapplication, PID: 10135
java.lang.RuntimeException: Unable to start activity ComponentInfo{io.github.andre00nogueira.myapplication/io.github.andre00nogueira.myapplication.MainActivity}: javax.crypto.AEADBadTagException
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3270)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3409)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:83)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2016)
at android.os.Handler.dispatchMessage(Handler.java:107)
at android.os.Looper.loop(Looper.java:214)
at android.app.ActivityThread.main(ActivityThread.java:7356)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:930)
Caused by: javax.crypto.AEADBadTagException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
at javax.crypto.Cipher.doFinal(Cipher.java:2055)
at io.github.andre00nogueira.myapplication.WRAPPER.decrypt(WRAPPER.kt:73)
at io.github.andre00nogueira.myapplication.MainActivity.onCreate(MainActivity.kt:29)
at android.app.Activity.performCreate(Activity.java:7802)
at android.app.Activity.performCreate(Activity.java:7791)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1299)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:3245)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3409)
at android.app.servertransaction.LaunchActivityItem.execute(LaunchActivityItem.java:83)
at android.app.servertransaction.TransactionExecutor.executeCallbacks(TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2016)
at android.os.Handler.dispatchMessage(Handler.java:107)
at android.os.Looper.loop(Looper.java:214)
at android.app.ActivityThread.main(ActivityThread.java:7356)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:930)
Caused by: android.security.KeyStoreException: Signature/MAC verification failed
at android.security.KeyStore.getKeyStoreException(KeyStore.java:1292)
at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224)
at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
【问题讨论】:
-
我无法重现该问题。未经修改的代码在我的机器上执行没有任何问题,尤其是解密工作(Android P,API Level 28以及Android O,API Level 27)。
-
真的吗?这是我的 logcat,在 API 29 上运行,请查看更新版本
-
您确定没有具有给定别名但具有不同属性的旧密钥吗? (旁注:有一个
containsAlias方法,因此您不必遍历所有别名)。 -
isKeyExists中的逻辑只有在商店中只有一个别名时才能可靠地工作。如果还有更多,则在第一次迭代后中止,结果由第一个别名确定。而不是第一个return语句应该有类似if (KEY_ALIAS == aliases.nextElement()) return true的东西。应该是这样,因为这样会产生不同的加解密密钥对吧? -
如果使用Michael的建议,即
isKeyExists(keyStore)替换为keyStore.containsAlias(KEY_ALIAS),问题就自行解决了。
标签: android kotlin encryption aes