在没有无限强度 JCE 文件的情况下,Java 中是否可以进行 AES256 加密解密?
我正在进行的项目有一个需要 AES 加密和解密的部分.从我可以查找的所有可能的 Internet 资源中,很难找到任何对 AES256 加密的引用,而无需从 Sun(现在是 Oracle 的网站)下载和安装 Unlimited Strength JCE 文件.除了相同的分发存在的任何法律问题之外,当要求最终用户访问特定网站并下载一些文件,将它们放在目录中然后将内容添加到类路径时,它对我们没有多大帮助在 Windows 等上!
The project I am working on has a segment which requires AES encryption and decryption. From all the possible internet source that I could look up, it was hard to find any reference to AES256 encryption without having to download and install the Unlimited Strength JCE files from Sun's (now Oracle's website). Besides whatever legal issues that exist with the distribution of the same, it is not helping us very practically when it comes to asking an end user to visit a particular website and download some files, put them in a directory and then add things to classpath if on Windows etc!
互联网上有一些关于 BountyCastle 的轻量级 API 的参考,可能不需要 JCE 文件,但我找不到非常相关的参考或示例来演示它.
There were some references on the internet to BountyCastle's lightweight API which possibly didn't require the JCE files, but I couldn't look up a very relevant reference or example which demonstrated it.
不确定,但这是所有其他编程语言的问题吗?
Not sure, but is this a problem with every other programming language?
如果不安装那些特定的 JCE 文件就无法进行 AES 256 位加密,那么 JNI 方法可以提供帮助吗?
If it is not possible to have AES 256 bit encryption without those having those particular JCE files installed, then can the JNI approach help?
详细说明一下,可以在 C/C++ 中完成 AES 256 加密,然后我可以调用那些使用 JNI 来获得所需的结果吗?将软件打包(作为 jar 文件)是否会引起关注,还是会有其他问题?
To elaborate a bit, can AES 256 encryption be done in C/C++ and then can I call those using JNI to have the desired results? Would packaging the software (as a jar file) be a cause of concern, or can there be other issues?
另一个重要的因素是该项目将在 Mac 和 Windows 上运行,因此使用 C/C++(特定的编译器/解释器版本或任何东西)可能会受到限制吗?
Another important factor that comes into play is that the project would be run both of Mac and Windows, so can be be limitations using C/C++ (specific compiler/interpreter versions or anything)?
有没有不同的方法来处理这个问题?还有其他方法吗?
Is there a different way to handle this? Any other approach(es)?
推荐答案
密钥大小限制在Java的Cipher
类中实现.可以使用任何实现 AES 的 other 类来获得 AES-256 功能.例如,可以使用 Bouncy Castle 的轻量级"API 来使用任何力量.在这种情况下,您可以例如使用 org.bouncycastle.crypto.engines.AESFastEngine
直接(和 模式 和 填充您的选择.仍然可以为 Bouncy Castle 使用普通 .jar
,但您不会使用 BouncyCastle 提供程序的 JCA 功能.
The key size restrictions are implemented in the Cipher
class of Java. It is possible to use any other class that implements AES to get AES-256 functionality. For instance, it is possible to use the "lightweight" API of Bouncy Castle to use key sizes of any strength. In that case you can e.g. use org.bouncycastle.crypto.engines.AESFastEngine
directly (and a mode and a padding of your choice. It is still possible to use the normal .jar
for Bouncy Castle, but you won't be using the JCA functionality of the BouncyCastle provider.
这有一些缺点和优点.与 "BC"
提供者添加到 Sun 类的 JCA 功能相比,轻量级 Bouncy Castle API 的级别稍低.此外,许多组件(例如 Java 中的 SSL 层、JSSE 或 XML 加密库)使用 JCA 来提供所需的加密功能.需要 JCA 功能的库仍将受限于密钥大小.
This has some disadvantages and advantages. The lightweight Bouncy Castle API is somewhat lower level to the JCA functionality added to the Sun classes by the "BC"
provider. Furthermore, a lot of components (such as the SSL layer within Java, JSSE, or the XML encryption libraries) use the JCA to supply the required cryptographic functionality. The libraries that require JCA functionality will still be limited to restricted key sizes.
请注意,使用其他 providers 将不起作用,因为 Cipher
类本身会检查密钥大小.可能包含在 JCA 提供程序中的 CipherSpi
实现类不能(积极地)影响允许的密钥大小.只能直接使用实现类.
Note that using other providers won't work, as the Cipher
class itself checks for the key size. The CipherSpi
implementation classes that may be contained within a JCA provider cannot (positively) influence the allowed key sizes. You can only directly use the implementation classes.
相关文章