【发布时间】:2014-05-24 08:34:43
【问题描述】:
“数据”String 编码为Base64(URL 安全版本),然后加密为byte array。这个byte array 被转换成String 并发送到一个REST Web 服务。当它到达 Web 服务端时,String 的长度发生了变化。我不是专家,我做错了什么?
代码:
//CLIENT SIDE
import org.apache.commons.codec.binary.Base64;
String data = "My message to be encrypted";
PublicKey pubKey = readPublicKeyFromFile();
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] encryptedData = cipher.doFinal(Base64.encodeBase64URLSafe(data.getBytes()));
System.out.println("length of original data string: " + data.length());
System.out.println("length of original data string turned into byte array: " + data.getBytes().length);
System.out.println("length of data string encrypted into byte array: " + encryptedData.length);
String encryptedDataToString = new String(encrypedData,"UTF-8");
System.out.println("length encrypted String into byte array, converted back to String for url: " + encryptedDataToString.length);
httpclient = new DefaultHttpClient();
builder = new URIBuilder();
builder.setScheme("http").setHost(xxx + "webresources/GetData/" + path)
.setParameter("data", encryptedDataToString);
uri = builder.build();
//SERVER SIDE
import org.apache.commons.codec.binary.Base64;
@GET
@Path("path")
@Produces("text/plain")
public String getToken(@QueryParam("data") String data) {
System.out.println("length of data: " + data.length());
System.out.println("length of data to byte array wthout decoding: " + data.getBytes().length);
System.out.println("length of data to byte decoded: " + Base64.decodeBase64(data).length);
//CONSOLE
//CLIENT SIDE
length of original data string: 37
length of original data string turned into byte array: 37
length of data string encrypted into byte array: 256
length encrypted String into byte array, converted back to String for url: 256
//SERVER SIDE
INFO: length of data: 237
INFO: length of data to byte wthout decoding: 444
INFO: length of data to byte decoded: 4
显示在 URL 中的数据 String,客户端:
T%23%EF%BF%BD%0C%EF%BF%BD%EF%BF%BD7%EF%BF%BD%EF%BF%BDk%EF%BF%BDA%EF%BF%BD%10L% EF%BF%BD%EF%BF%BD%EF%BF%BD%14%EF%BF%BD%EF%BF%BD%5E%22%15B%1Ae%01%EF%BF%BDgmE%0C% EF%BF%BD%EF%BF%BDn%EF%BF%BD%3D%EF%BF%BD%EF%BF%BD%DC%80%EF%BF%BD%EF%BF%BDIM%EF% BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BDeM%EF%BF%BD5%EF%BF%BD%EF%BF%BD%26%EF%BF%BD%1E% 7D%EF%BF%BDNAQ%EF%BF%BDlT%EF%BF%BD%EF%BF%BDVXR%EF%BF%BDi%0E%EF%BF%BD%EF%BF%BD%EF%BF% BD3U%0C%EF%BF%BD%EF%BF%BD%1E%EF%BF%BD%EF%BF%BD%0Fep%EF%BF%BD%C3%A1b6%EF%BF%BD%CE% B5y9x%EF%BF%BD%EF%BF%BD%0D%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%18%7C%06%21%EF% BF%BD0%EF%BF%BD%EF%BF%BD%EF%BF%BD%03%EF%BF%BD%17%CB%8F%7D%EF%BF%BD%26A%EF%BF% BD%12%EF%BF%BD%EF%BF%BD%EF%BF%BD-%DE%8D%EF%BF%BD%EF%BF%BD%EF%BF%BDt%EF%BF%BD %EF%BF%BD%EF%BF%BDTezs%EF%BF%BD%0C%EF%BF%BD%2C%EF%BF%BD%EF%BF%BD%EF%BF%BD%DD%94 %EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%19%EF%BF%BD%25%EF%BF %BDt%EF%BF%BDQ%EF%BF%BD%7D%EF%BF%BDF%EF%BF%BD%EF%BF%BD%EF%BF%BD%1An%EF%BF%BD+%EF %BF%BD%CF%86R%EF%BF%BDW%EF%BF%BDU%EF%BF%BDxo%EF%BF%BDd%E F%BF%BD%08-%3F%EF%BF%BD%2F%EF%BF%BD%5Bg%EF%BF%BD2%EF%BF%BD%EF%BF%BDk%5E%EF%BF %BDm%EF%BF%BD%EF%BF%BD%25%EF%BF%BD%EF%BF%BD*%07%5E%EF%BF%BD%EF%BF%BD%EF%BF% BD%EF%BF%BDU%EF%BF%BD%7F%EF%BF%BDP%EF%BF%BD%EF%BF%BD%EF%BF%BD%7B%07%EF%BF%BDO% EF%BF%BD%EF%BF%BD%11%CB%9C%EF%BF%BD%1Dk%EF%BF%BDkL8%EF%BF%BD*%EF%BF%BD%1D%EF%BF %BDl%EF%BF%BD%EF%BF%BD%EF%BF%BD%02%EF%BF%BD
接收到的数据String,服务器端:
T#����7��k�A�L������^“Be�gmE��n�=��������IM����eM�5��&�}�NAQ�lT ��VXR�i���3U����ep�áb6�εy9x������|!�0����ˏ}�&A����-ލ����t�Tezs ��,������������%�t�Q�}�F���n�φR�W�U�xo�d-?�/�[g�2��k ^�m��%��^����U��P���{�O��~�k�kL8���l���
(不确定这些是实际收到的字符,还是只是在控制台上打印不好?)
【问题讨论】:
-
您认为“客户端”的这行代码在做什么:
byte[] encryptedData = cipher.doFinal(Base64.encodeBase64URLSafe(data.getBytes()));?最起码,如果你坚持这个代码,在服务器端正确地反转操作顺序。 -
是的,这确实很愚蠢,但无论我做什么都会出错,我“尝试”了这一点。 cyph3r 和您的评论让我回到了简单的解决方案。
标签: java encryption base64 urlencode