关于安全性:PBKDF2,C#的Java实现


PBKDF2, Java Implementation from C#

为了获得PBKDF2的Java实现,我将其用作C#版本:https://github.com/shawnmclean/SimpleCrypto.net

我的代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;

import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

public class PBKDF2 {

    public static void main(String[] args) {
        try {
            SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
            KeySpec ks = new PBEKeySpec("iamtwentycharacterss".toCharArray(),"50.eGIYr3ZpxpWw67utH17s/A==".getBytes(),50,64);
            SecretKey s = f.generateSecret(ks);
            Key k = new SecretKeySpec(s.getEncoded(),"HmacSHA1");
            System.out.println(new String(k.getEncoded()));
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (InvalidKeySpecException e) {
            e.printStackTrace();
        }      
    }

}

我已经尝试过关于stackoverflow的各种答案:

Java SimpleCrypto类,用于加密/解密,在Coldfusion 9和Java(Android)中产生不同的结果

Java-使用HMACSHA256作为PRF的PBKDF2

用Java中的PBKDF2进行密码验证

不幸的是,结果不匹配,结果应该是:
mOs/Mw7ZRM99i/BTJ+xnmj5Pm6QlqP1vuPqrf/Qa3WwassxI1QJ447OqdoBzunbJjvrx7+bHAO1Dnj8ltS4TKA==

相关讨论

如果以下代码对Rfc2898DeriveBytes类有帮助,我已解决了以下问题:http://pastebin.com/iReZJ3Vq

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
import java.nio.charset.Charset;

import org.bouncycastle.util.encoders.Base64;

public class PBKDF2 {

    public static void main(String[] args) {
        try {
            String password ="iamtwentycharacterss";
            String salt ="50.eGIYr3ZpxpWw67utH17s/A==";
            int iterations = Integer.parseInt(salt.substring(0, salt.indexOf('.')));
            byte[] saltBytes = salt.getBytes(Charset.forName("UTF-8"));

            Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, saltBytes, iterations);
            byte[] key = rfc2898.getBytes(64);
            String hash = new String(Base64.encode(key));
            System.out.println(hash);
        } catch (Exception ex) {
            System.out.println("ERROR:" + ex);
        }
    }

}

我怎么错过这一点...。

程序中所需的密钥长度为64,但您期望的结果密钥长度为512。将pbekeyspec中的所需密钥长度更改为512

1
KeySpec ks = new PBEKeySpec("iamtwentycharacterss".toCharArray(),"50.eGIYr3ZpxpWw67utH17s/A==".getBytes(),50,512);